apuva

123454321

"järjestelmänvalvoja on poistanut tehtävienhallinnan käytöstä"

Logfile of HijackThis v1.99.1
Scan saved at 19:23:54, on 5.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\Logi_MwX.Exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DNA\btdna.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hjt\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1035
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Program Files\TeleWell\ADSL USB Router\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197622660640
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.42 85.255.112.86
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe

15

269

    Vastaukset

    Anonyymi (Kirjaudu / Rekisteröidy)
    5000
    • FixFix
      • 123454321

        Täältä tulee.


        Username "Omistaja" - 06.06.2008 14:27:09 [Fixwareout edited 9/01/2007]

        ~~~~~ Prerun check

        DNS-tulkintatoiminnon välimuistin tyhjentäminen onnistui.


        System was rebooted successfully.

        ~~~~~ Postrun check
        HKLM\SOFTWARE\~\Winlogon\ "System"=""
        ....
        ....
        ~~~~~ Misc files.
        ....
        ~~~~~ Checking for older varients.
        ....

        ~~~~~ Current runs (hklm hkcu "run" Keys Only)
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
        "HPHUPD05"="c:\\Program Files\\HP\\{45B6180B-DCAB-4093-8EE8-6164457517F0}\\hphupd05.exe"
        "HPHmon05"="C:\\WINDOWS\\System32\\hphmon05.exe"
        "KBD"="C:\\HP\\KBD\\KBD.EXE"
        "UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
        "Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
        "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
        "nwiz"="nwiz.exe /installquiet /keeploaded /nodetect"
        "Sunkist2k"="C:\\Program Files\\Multimedia Card Reader\\shwicon2k.exe"
        "Reminder"="\"C:\\Windows\\Creator\\Remind_XP.exe\""
        "CnxTrApp"="rundll32.exe \"C:\\Program Files\\TeleWell\\ADSL USB Router\\CnxTrApp.dll\",AppEntry -REG \"Conexant\\Conexant USB Network\""
        "Easy-PrintToolBox"="C:\\Program Files\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon"
        "MessengerPlus3"="\"C:\\Program Files\\Messenger Plus! 3\\MsgPlus.exe\""
        "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
        "Logitech Utility"="Logi_MwX.Exe"
        "PS2"="C:\\WINDOWS\\system32\\ps2.exe"
        "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
        "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\jusched.exe\""
        "PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
        "GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
        "MessengerPlus3"="\"C:\\Program Files\\Messenger Plus! 3\\MsgPlus.exe\" /WinStart"
        "Acme.PCHButton"="C:\\PROGRA~1\\HPPAVI~1\\Pavilion\\XPHWWBP4\\plugin\\bin\\PCHButton.exe"
        "BackupNotify"="c:\\Program Files\\HP\\Digital Imaging\\bin\\backupnotify.exe"
        "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
        "BitTorrent DNA"="\"C:\\Program Files\\DNA\\btdna.exe\""
        ....
        Hosts file was reset, If you use a custom hosts file please replace it...
        ~~~~~ End report ~~~~~


        Logfile of HijackThis v1.99.1
        Scan saved at 14:33:53, on 6.6.2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\System32\nvsvc32.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\UAService7.exe
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\wuauclt.exe
        C:\windows\system\hpsysdrv.exe
        C:\WINDOWS\System32\hphmon05.exe
        C:\HP\KBD\KBD.EXE
        C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
        C:\Program Files\Multimedia Card Reader\shwicon2k.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\Program Files\Messenger Plus! 3\MsgPlus.exe
        C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
        C:\WINDOWS\Logi_MwX.Exe
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
        C:\Program Files\PowerISO\PWRISOVM.EXE
        C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\Program Files\DNA\btdna.exe
        C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Hjt\HijackThis.exe

        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
        R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1035
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
        O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
        O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
        O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
        O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
        O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
        O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
        O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
        O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
        O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
        O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Program Files\TeleWell\ADSL USB Router\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network"
        O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
        O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
        O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
        O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
        O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
        O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
        O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
        O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
        O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
        O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
        O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
        O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
        O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
        O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
        O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197622660640
        O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.42 85.255.112.86
        O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
        O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
        O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
        O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
        O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
        O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
        O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
        O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
        O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
        O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
        O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
        O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe


      • FixFix
        123454321 kirjoitti:

        Täältä tulee.


        Username "Omistaja" - 06.06.2008 14:27:09 [Fixwareout edited 9/01/2007]

        ~~~~~ Prerun check

        DNS-tulkintatoiminnon välimuistin tyhjentäminen onnistui.


        System was rebooted successfully.

        ~~~~~ Postrun check
        HKLM\SOFTWARE\~\Winlogon\ "System"=""
        ....
        ....
        ~~~~~ Misc files.
        ....
        ~~~~~ Checking for older varients.
        ....

        ~~~~~ Current runs (hklm hkcu "run" Keys Only)
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
        "HPHUPD05"="c:\\Program Files\\HP\\{45B6180B-DCAB-4093-8EE8-6164457517F0}\\hphupd05.exe"
        "HPHmon05"="C:\\WINDOWS\\System32\\hphmon05.exe"
        "KBD"="C:\\HP\\KBD\\KBD.EXE"
        "UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
        "Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
        "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
        "nwiz"="nwiz.exe /installquiet /keeploaded /nodetect"
        "Sunkist2k"="C:\\Program Files\\Multimedia Card Reader\\shwicon2k.exe"
        "Reminder"="\"C:\\Windows\\Creator\\Remind_XP.exe\""
        "CnxTrApp"="rundll32.exe \"C:\\Program Files\\TeleWell\\ADSL USB Router\\CnxTrApp.dll\",AppEntry -REG \"Conexant\\Conexant USB Network\""
        "Easy-PrintToolBox"="C:\\Program Files\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon"
        "MessengerPlus3"="\"C:\\Program Files\\Messenger Plus! 3\\MsgPlus.exe\""
        "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
        "Logitech Utility"="Logi_MwX.Exe"
        "PS2"="C:\\WINDOWS\\system32\\ps2.exe"
        "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
        "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\jusched.exe\""
        "PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
        "GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
        "MessengerPlus3"="\"C:\\Program Files\\Messenger Plus! 3\\MsgPlus.exe\" /WinStart"
        "Acme.PCHButton"="C:\\PROGRA~1\\HPPAVI~1\\Pavilion\\XPHWWBP4\\plugin\\bin\\PCHButton.exe"
        "BackupNotify"="c:\\Program Files\\HP\\Digital Imaging\\bin\\backupnotify.exe"
        "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
        "BitTorrent DNA"="\"C:\\Program Files\\DNA\\btdna.exe\""
        ....
        Hosts file was reset, If you use a custom hosts file please replace it...
        ~~~~~ End report ~~~~~


        Logfile of HijackThis v1.99.1
        Scan saved at 14:33:53, on 6.6.2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\System32\nvsvc32.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\UAService7.exe
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\wuauclt.exe
        C:\windows\system\hpsysdrv.exe
        C:\WINDOWS\System32\hphmon05.exe
        C:\HP\KBD\KBD.EXE
        C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
        C:\Program Files\Multimedia Card Reader\shwicon2k.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\Program Files\Messenger Plus! 3\MsgPlus.exe
        C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
        C:\WINDOWS\Logi_MwX.Exe
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
        C:\Program Files\PowerISO\PWRISOVM.EXE
        C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\Program Files\DNA\btdna.exe
        C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Hjt\HijackThis.exe

        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
        R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1035
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
        O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
        O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
        O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
        O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
        O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
        O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
        O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
        O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
        O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
        O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Program Files\TeleWell\ADSL USB Router\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network"
        O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
        O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
        O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
        O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
        O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
        O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
        O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
        O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
        O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
        O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
        O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
        O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
        O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
        O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
        O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197622660640
        O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.42 85.255.112.86
        O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
        O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
        O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
        O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
        O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
        O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
        O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
        O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
        O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
        O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
        O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
        O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe

        scannaa hjt:llä merkkaa paina Fix checked

        O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.42 85.255.112.86

        =====

        scannaa uusi hjt;n loki


      • 123454321
        FixFix kirjoitti:

        scannaa hjt:llä merkkaa paina Fix checked

        O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.42 85.255.112.86

        =====

        scannaa uusi hjt;n loki

        Logfile of HijackThis v1.99.1
        Scan saved at 14:47:19, on 6.6.2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\System32\nvsvc32.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\UAService7.exe
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\WINDOWS\Explorer.EXE
        C:\windows\system\hpsysdrv.exe
        C:\WINDOWS\System32\hphmon05.exe
        C:\HP\KBD\KBD.EXE
        C:\Program Files\Multimedia Card Reader\shwicon2k.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\Program Files\Messenger Plus! 3\MsgPlus.exe
        C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
        C:\WINDOWS\Logi_MwX.Exe
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
        C:\Program Files\PowerISO\PWRISOVM.EXE
        C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\Program Files\DNA\btdna.exe
        C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Hjt\HijackThis.exe

        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
        R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1035
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
        O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
        O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
        O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
        O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
        O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
        O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
        O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
        O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
        O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
        O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Program Files\TeleWell\ADSL USB Router\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network"
        O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
        O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
        O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
        O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
        O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
        O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
        O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
        O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
        O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
        O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
        O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
        O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
        O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
        O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
        O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197622660640
        O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
        O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
        O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
        O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
        O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
        O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
        O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
        O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
        O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
        O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
        O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
        O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe


      • FixFix
        123454321 kirjoitti:

        Logfile of HijackThis v1.99.1
        Scan saved at 14:47:19, on 6.6.2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\System32\nvsvc32.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\UAService7.exe
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\WINDOWS\Explorer.EXE
        C:\windows\system\hpsysdrv.exe
        C:\WINDOWS\System32\hphmon05.exe
        C:\HP\KBD\KBD.EXE
        C:\Program Files\Multimedia Card Reader\shwicon2k.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\Program Files\Messenger Plus! 3\MsgPlus.exe
        C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
        C:\WINDOWS\Logi_MwX.Exe
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
        C:\Program Files\PowerISO\PWRISOVM.EXE
        C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\Program Files\DNA\btdna.exe
        C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Hjt\HijackThis.exe

        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
        R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1035
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
        O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
        O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
        O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
        O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
        O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
        O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
        O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
        O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
        O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
        O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Program Files\TeleWell\ADSL USB Router\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network"
        O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
        O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
        O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
        O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
        O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
        O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
        O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
        O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
        O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
        O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
        O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
        O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
        O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
        O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
        O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197622660640
        O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
        O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
        O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
        O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
        O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
        O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
        O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
        O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
        O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
        O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
        O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
        O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe

        siinä koneessa

        Lataa SmitfraudFix (c) S!Ri http://siri.urz.free.fr/Fix/SmitfraudFix.zip
        Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:

        Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
        Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
        Postita tämän tekstitiedoston sisältö viestiketjuusi.

        Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää.

        ********

        Lataa SDFix by AndyManchesta
        http://downloads.andymanchesta.com/RemovalTools/SDFix.zip
        ja tallenna se työpöydällesi.

        Käynnistä koneesi vikasietotilaan:
        sammuta ja käynnistä
        käynnistyksen yhteydessä hakkaa F8 nappia
        valitse nuolinäppäimellä vikasietotila
        paina enter ja enter
        valitse käyttäjätilisi
        paina kyllä

        Jossakin koneissa hakataan F8:sin sijasta F5:tä
        •   Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
        •   Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
        •   Paina Y käynnistääksesi skriptin.
        •   Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
        •   Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
        •   Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
        •   Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
        •   Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
        •   Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis lokin kera.

        ********

        Lataa Malwarebytes' Anti-Malware työpöydällesi.
        http://www.besttechie.net/tools/mbam-setup.exe
        •   Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
        •   Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
        •   Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
        •   Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
        •   Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
        •   Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
        •   Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
        •   Lähetä lokin sisältö seuraavassa viestissäsi.


      • 123454321
        FixFix kirjoitti:

        siinä koneessa

        Lataa SmitfraudFix (c) S!Ri http://siri.urz.free.fr/Fix/SmitfraudFix.zip
        Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:

        Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
        Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
        Postita tämän tekstitiedoston sisältö viestiketjuusi.

        Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää.

        ********

        Lataa SDFix by AndyManchesta
        http://downloads.andymanchesta.com/RemovalTools/SDFix.zip
        ja tallenna se työpöydällesi.

        Käynnistä koneesi vikasietotilaan:
        sammuta ja käynnistä
        käynnistyksen yhteydessä hakkaa F8 nappia
        valitse nuolinäppäimellä vikasietotila
        paina enter ja enter
        valitse käyttäjätilisi
        paina kyllä

        Jossakin koneissa hakataan F8:sin sijasta F5:tä
        •   Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
        •   Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
        •   Paina Y käynnistääksesi skriptin.
        •   Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
        •   Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
        •   Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
        •   Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
        •   Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
        •   Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis lokin kera.

        ********

        Lataa Malwarebytes' Anti-Malware työpöydällesi.
        http://www.besttechie.net/tools/mbam-setup.exe
        •   Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
        •   Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
        •   Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
        •   Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
        •   Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
        •   Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
        •   Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
        •   Lähetä lokin sisältö seuraavassa viestissäsi.

        Tässä tää ensimmäinen, laitan loput tulemaan vähän myöhemmin.


        SmitFraudFix v2.323

        Scan done at 15:36:12,09, pe 06.06.2008
        Run from C:\Documents and Settings\Omistaja\Ty”p”yt„\SmitfraudFix
        OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
        The filesystem type is NTFS
        Fix run in normal mode

        »»»»»»»»»»»»»»»»»»»»»»»» Process

        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\System32\nvsvc32.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\UAService7.exe
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\WINDOWS\Explorer.EXE
        C:\windows\system\hpsysdrv.exe
        C:\WINDOWS\System32\hphmon05.exe
        C:\HP\KBD\KBD.EXE
        C:\Program Files\Multimedia Card Reader\shwicon2k.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\Program Files\Messenger Plus! 3\MsgPlus.exe
        C:\WINDOWS\Logi_MwX.Exe
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
        C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\Program Files\DNA\btdna.exe
        C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\WINDOWS\system32\cmd.exe

        »»»»»»»»»»»»»»»»»»»»»»»» hosts


        »»»»»»»»»»»»»»»»»»»»»»»» C:\


        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


        »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Omistaja


        »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Omistaja\Application Data


        »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


        »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Omistaja\Suosikit


        »»»»»»»»»»»»»»»»»»»»»»»» Desktop


        »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


        »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


        »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

        [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
        "Source"="file:///C:/DOCUME~1/Omistaja/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg"
        "SubscribedURL"="file:///C:/DOCUME~1/Omistaja/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg"
        "FriendlyName"=""

        [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
        "Source"="About:Home"
        "SubscribedURL"="About:Home"
        "FriendlyName"="Nykyinen kotisivu"

        »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
        !!!Attention, following keys are not inevitably infected!!!

        IEDFix
        Credits: Malware Analysis & Diagnostic
        Code: S!Ri


        »»»»»»»»»»»»»»»»»»»»»»»» VACFix
        !!!Attention, following keys are not inevitably infected!!!

        VACFix
        Credits: Malware Analysis & Diagnostic
        Code: S!Ri


        »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
        !!!Attention, following keys are not inevitably infected!!!

        404Fix
        Credits: Malware Analysis & Diagnostic
        Code: S!Ri


        »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
        !!!Attention, following keys are not inevitably infected!!!

        SrchSTS.exe by S!Ri
        Search SharedTaskScheduler's .dll


        »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
        !!!Attention, following keys are not inevitably infected!!!

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
        "AppInit_DLLs"=""


        »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
        !!!Attention, following keys are not inevitably infected!!!

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
        "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
        "System"=""


        »»»»»»»»»»»»»»»»»»»»»»»» Rustock



        »»»»»»»»»»»»»»»»»»»»»»»» DNS

        Description: MAC Bridge Miniport - Paketinajoituksen miniportti
        DNS Server Search Order: 192.168.1.2

        HKLM\SYSTEM\CCS\Services\Tcpip\..\{4935EF7B-703D-4DC8-8C25-8F06ACC8B7A3}: DhcpNameServer=192.168.1.2
        HKLM\SYSTEM\CS1\Services\Tcpip\..\{4935EF7B-703D-4DC8-8C25-8F06ACC8B7A3}: DhcpNameServer=192.168.1.2
        HKLM\SYSTEM\CS2\Services\Tcpip\..\{4935EF7B-703D-4DC8-8C25-8F06ACC8B7A3}: DhcpNameServer=192.168.1.2
        HKLM\SYSTEM\CS3\Services\Tcpip\..\{4935EF7B-703D-4DC8-8C25-8F06ACC8B7A3}: DhcpNameServer=192.168.1.2
        HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.2
        HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.2
        HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.2
        HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.2


        »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


        »»»»»»»»»»»»»»»»»»»»»»»» End


      • FixFix
        123454321 kirjoitti:

        Tässä tää ensimmäinen, laitan loput tulemaan vähän myöhemmin.


        SmitFraudFix v2.323

        Scan done at 15:36:12,09, pe 06.06.2008
        Run from C:\Documents and Settings\Omistaja\Ty”p”yt„\SmitfraudFix
        OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
        The filesystem type is NTFS
        Fix run in normal mode

        »»»»»»»»»»»»»»»»»»»»»»»» Process

        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\System32\nvsvc32.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\UAService7.exe
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\WINDOWS\Explorer.EXE
        C:\windows\system\hpsysdrv.exe
        C:\WINDOWS\System32\hphmon05.exe
        C:\HP\KBD\KBD.EXE
        C:\Program Files\Multimedia Card Reader\shwicon2k.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\Program Files\Messenger Plus! 3\MsgPlus.exe
        C:\WINDOWS\Logi_MwX.Exe
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
        C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\Program Files\DNA\btdna.exe
        C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\WINDOWS\system32\cmd.exe

        »»»»»»»»»»»»»»»»»»»»»»»» hosts


        »»»»»»»»»»»»»»»»»»»»»»»» C:\


        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


        »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Omistaja


        »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Omistaja\Application Data


        »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


        »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Omistaja\Suosikit


        »»»»»»»»»»»»»»»»»»»»»»»» Desktop


        »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


        »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


        »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

        [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
        "Source"="file:///C:/DOCUME~1/Omistaja/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg"
        "SubscribedURL"="file:///C:/DOCUME~1/Omistaja/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg"
        "FriendlyName"=""

        [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
        "Source"="About:Home"
        "SubscribedURL"="About:Home"
        "FriendlyName"="Nykyinen kotisivu"

        »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
        !!!Attention, following keys are not inevitably infected!!!

        IEDFix
        Credits: Malware Analysis & Diagnostic
        Code: S!Ri


        »»»»»»»»»»»»»»»»»»»»»»»» VACFix
        !!!Attention, following keys are not inevitably infected!!!

        VACFix
        Credits: Malware Analysis & Diagnostic
        Code: S!Ri


        »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
        !!!Attention, following keys are not inevitably infected!!!

        404Fix
        Credits: Malware Analysis & Diagnostic
        Code: S!Ri


        »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
        !!!Attention, following keys are not inevitably infected!!!

        SrchSTS.exe by S!Ri
        Search SharedTaskScheduler's .dll


        »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
        !!!Attention, following keys are not inevitably infected!!!

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
        "AppInit_DLLs"=""


        »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
        !!!Attention, following keys are not inevitably infected!!!

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
        "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
        "System"=""


        »»»»»»»»»»»»»»»»»»»»»»»» Rustock



        »»»»»»»»»»»»»»»»»»»»»»»» DNS

        Description: MAC Bridge Miniport - Paketinajoituksen miniportti
        DNS Server Search Order: 192.168.1.2

        HKLM\SYSTEM\CCS\Services\Tcpip\..\{4935EF7B-703D-4DC8-8C25-8F06ACC8B7A3}: DhcpNameServer=192.168.1.2
        HKLM\SYSTEM\CS1\Services\Tcpip\..\{4935EF7B-703D-4DC8-8C25-8F06ACC8B7A3}: DhcpNameServer=192.168.1.2
        HKLM\SYSTEM\CS2\Services\Tcpip\..\{4935EF7B-703D-4DC8-8C25-8F06ACC8B7A3}: DhcpNameServer=192.168.1.2
        HKLM\SYSTEM\CS3\Services\Tcpip\..\{4935EF7B-703D-4DC8-8C25-8F06ACC8B7A3}: DhcpNameServer=192.168.1.2
        HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.2
        HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.2
        HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.2
        HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.2


        »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


        »»»»»»»»»»»»»»»»»»»»»»»» End

        seuraava peliin


      • 123454321
        FixFix kirjoitti:

        seuraava peliin

        [b]SDFix: Version 1.188 [/b]
        Run by Omistaja on pe 06.06.2008 at 18:25

        Microsoft Windows XP [versio 5.1.2600]
        Running From: C:\DOCUME~1\Omistaja\TYPYT~1\SDFix\SDFix

        [b]Checking Services [/b]:


        Restoring Windows Registry Values
        Restoring Windows Default Hosts File

        Rebooting


        [b]Checking Files [/b]:

        No Trojan Files Found






        Removing Temp Files

        [b]ADS Check [/b]:



        [b]Final Check [/b]:

        catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2008-06-06 18:41:56
        Windows 5.1.2600 Service Pack 2 NTFS

        scanning hidden processes ...

        scanning hidden services & system hive ...

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
        "khjeh"=hex:20,02,00,00,3f,1a,9f,d5,bc,96,d3,ee,a3,c3,93,2e,87,36,24,34,8f,..
        "hj34z0"=hex:8b,f6,b6,9a,0c,9e,85,5a,ba,7b,33,40,1b,8a,d0,67,69,2a,f4,e8,73,..
        "hj34z1"=hex:3d,f6,b6,9a,74,9e,85,5a,bb,7b,32,40,1a,8a,d0,67,69,2a,f4,e8,30,..
        "hj34z2"=hex:3d,f6,b6,9a,74,9e,85,5a,bb,7b,32,40,1a,8a,d0,67,69,2a,f4,e8,30,..
        "hj34z3"=hex:3d,f6,b6,9a,74,9e,85,5a,bb,7b,32,40,1a,8a,d0,67,69,2a,f4,e8,30,..
        "hj34z4"=hex:3d,f6,b6,9a,74,9e,85,5a,bb,7b,32,40,1a,8a,d0,67,69,2a,f4,e8,30,..
        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41]
        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf42]
        "khjeh"=hex:20,02,00,00,3f,1a,9f,d5,57,ee,80,1c,a3,c3,93,2e,a8,27,24,34,8f,..
        "hj34z0"=hex:f8,f7,b6,9a,1c,9f,85,5a,ba,7b,33,40,1b,8a,d0,67,69,2a,f4,e8,45,..
        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf43]
        "khjeh"=hex:20,02,00,00,3f,1a,9f,d5,6a,0b,b0,ce,a3,c3,93,2e,9e,27,24,34,8f,..
        "hj34z0"=hex:ce,f7,b6,9a,1c,9f,85,5a,ba,7b,33,40,1b,8a,d0,67,69,2a,f4,e8,92,..
        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
        "s0"=dword:22a7da32
        "s1"=dword:30d9a823
        "s2"=dword:ff3a06c7
        "h0"=dword:00000001

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
        "h0"=dword:00000000
        "ujdew"=hex:75,12,10,87,d7,b5,8f,1f,55,a9,dc,de,d9,c3,1d,d0,87,07,32,32,38,..
        [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
        "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
        "h0"=dword:00000000
        "ujdew"=hex:10,43,24,71,ae,71,e1,3f,2c,12,fd,2c,10,22,e9,9d,d7,7e,76,9c,04,..
        [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
        "h0"=dword:00000000
        "ujdew"=hex:75,12,10,87,d7,b5,8f,1f,55,a9,dc,de,d9,c3,1d,d0,87,07,32,32,38,..

        scanning hidden registry entries ...

        scanning hidden files ...

        scan completed successfully
        hidden processes: 0
        hidden services: 0
        hidden files: 0


        [b]Remaining Services [/b]:




        Authorized Application Key Export:

        [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
        "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
        "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
        "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
        "C:\\Program Files\\BitTorrent\\btdownloadgui.exe"="C:\\Program Files\\BitTorrent\\btdownloadgui.exe:*:Enabled:btdownloadgui"
        "C:\\Program Files\\Opera\\Opera.exe"="C:\\Program Files\\Opera\\Opera.exe:*:Disabled:Opera Internet Browser"
        "C:\\Program Files\\CRG\\FormulaRacing\\client.exe"="C:\\Program Files\\CRG\\FormulaRacing\\client.exe:*:Enabled:client"
        "C:\\Documents and Settings\\All Users\\Application Data\\Chat Republic Games\\ChatRepublicPlayer.exe"="C:\\Documents and Settings\\All Users\\Application Data\\Chat Republic Games\\ChatRepublicPlayer.exe:*:Enabled:ChatRepublicPlayer"
        "C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
        "C:\\Program Files\\DC \\DCPlusPlus.exe"="C:\\Program Files\\DC \\DCPlusPlus.exe:*:Disabled:DC "
        "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Disabled:eMule"
        "C:\\Documents and Settings\\Omistaja\\Omat tiedostot\\Omat albumit\\eMule\\emule.exe"="C:\\Documents and Settings\\Omistaja\\Omat tiedostot\\Omat albumit\\eMule\\emule.exe:*:Disabled:eMule"
        "C:\\Program Files\\Soulseek-Test\\slsk.exe"="C:\\Program Files\\Soulseek-Test\\slsk.exe:*:Disabled:SoulSeek"
        "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
        "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
        "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
        "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
        "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
        "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

        [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
        "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
        "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
        "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
        "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

        [b]Remaining Files [/b]:



        [b]Files with Hidden Attributes [/b]:

        Tue 13 Jul 2004 196 A.SHR --- "C:\BOOT.BAK"
        Thu 6 Sep 2001 1,700,352 A..H. --- "C:\gdiplus.dll"
        Wed 13 Sep 2006 4,789,792 ...H. --- "C:\Program Files\Picasa2\setup.exe"
        Wed 14 Jul 2004 51,712 ..SHR --- "C:\Program Files\Ski Jump International\Setup.exe"
        Mon 17 Dec 2007 104 ..SHR --- "C:\WINDOWS\system32\3288114704.sys"
        Mon 17 Dec 2007 4,184 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
        Mon 4 Oct 2004 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
        Sun 8 Feb 2004 5,294,080 A..H. --- "C:\hp\patches\42WW1REC\src\App00153.exe"
        Sun 8 Feb 2004 452,096 A..H. --- "C:\hp\patches\42WW1REC\src\App00292.exe"
        Sun 8 Feb 2004 444,416 A..H. --- "C:\hp\patches\42WW1REC\src\App00491.exe"
        Sun 8 Feb 2004 1,838,592 A..H. --- "C:\hp\patches\42WW1REC\src\App02995.exe"
        Sun 8 Feb 2004 492,544 A..H. --- "C:\hp\patches\42WW1REC\src\App04827.exe"
        Sun 8 Feb 2004 1,401,856 A..H. --- "C:\hp\patches\42WW1REC\src\App05447.exe"
        Sun 8 Feb 2004 440,320 A..H. --- "C:\hp\patches\42WW1REC\src\App05705.exe"
        Sun 8 Feb 2004 462,848 A..H. --- "C:\hp\patches\42WW1REC\src\App09961.exe"
        Sun 8 Feb 2004 15,596,032 A..H. --- "C:\hp\patches\42WW1REC\src\App14604.exe"
        Sun 8 Feb 2004 5,256,704 A..H. --- "C:\hp\patches\42WW1REC\src\App16827.exe"
        Sun 8 Feb 2004 3,668,992 A..H. --- "C:\hp\patches\42WW1REC\src\App17421.exe"
        Wed 11 Feb 2004 696,832 A..H. --- "C:\hp\patches\42WW1REC\src\App18716.exe"
        Sun 8 Feb 2004 423,936 A..H. --- "C:\hp\patches\42WW1REC\src\App19169.exe"
        Sun 8 Feb 2004 1,157,632 A..H. --- "C:\hp\patches\42WW1REC\src\App19718.exe"
        Wed 11 Feb 2004 995,328 A..H. --- "C:\hp\patches\42WW1REC\src\App19895.exe"
        Sun 8 Feb 2004 453,632 A..H. --- "C:\hp\patches\42WW1REC\src\App23281.exe"
        Sun 8 Feb 2004 453,632 A..H. --- "C:\hp\patches\42WW1REC\src\App24464.exe"
        Sun 8 Feb 2004 2,251,776 A..H. --- "C:\hp\patches\42WW1REC\src\App26962.exe"
        Sun 8 Feb 2004 481,792 A..H. --- "C:\hp\patches\42WW1REC\src\App29358.exe"
        Sun 8 Feb 2004 12,426,752 A..H. --- "C:\hp\patches\42WW1REC\src\App32391.exe"
        Sun 8 Feb 2004 12,426,752 A..H. --- "C:\hp\patches\42WW1REC\src\App99990.exe"
        Sun 8 Feb 2004 15,596,032 A..H. --- "C:\hp\patches\42WW1REC\src\App99992.exe"
        Sun 8 Feb 2004 5,256,704 A..H. --- "C:\hp\patches\42WW1REC\src\App99993.exe"
        Sun 8 Feb 2004 5,256,704 A..H. --- "C:\hp\patches\42WW1REC\src\xApp14604.exe"
        Sat 13 Nov 2004 37,376 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"
        Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0045d90d3c637c74f834c75fe192b558\BIT3.tmp"
        Tue 22 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT6.tmp"
        Tue 22 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT4.tmp"
        Tue 22 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT9.tmp"
        Wed 19 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6076fdc0f7a945970dfd94a53b6d39ee\BIT8.tmp"
        Tue 22 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b69c46c5109d0f8b0dee9fab84906813\BIT7.tmp"
        Tue 22 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BITA.tmp"
        Tue 22 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa6c916bb150f8a929e7a4ffdfbc120f\BIT5.tmp"
        Mon 4 Oct 2004 4,348 A..H. --- "C:\Documents and Settings\All Users\Tiedostot\Omat musiikkitiedostot\K„ytt”oikeuden varmuuskopio\drmv1key.bak"
        Fri 7 Jan 2005 20 A..H. --- "C:\Documents and Settings\All Users\Tiedostot\Omat musiikkitiedostot\K„ytt”oikeuden varmuuskopio\drmv1lic.bak"
        Mon 4 Oct 2004 400 A.SH. --- "C:\Documents and Settings\All Users\Tiedostot\Omat musiikkitiedostot\K„ytt”oikeuden varmuuskopio\drmv2key.bak"
        Wed 14 Jul 2004 51,712 A.SHR --- "C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\Pelit\Ski Jump International\Setup.exe"
        Wed 4 Apr 2001 28,738 A..HR --- "C:\Documents and Settings\Omistaja\Local Settings\Temp\ZGTemp\ZGS_7104515\MSDE2000\SQLRESLD.DLL"

        [b]Finished![/b]








        Logfile of HijackThis v1.99.1
        Scan saved at 18:55:21, on 6.6.2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\System32\nvsvc32.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\UAService7.exe
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\notepad.exe
        C:\windows\system\hpsysdrv.exe
        C:\WINDOWS\System32\hphmon05.exe
        C:\HP\KBD\KBD.EXE
        C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\Program Files\Multimedia Card Reader\shwicon2k.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\Program Files\Messenger Plus! 3\MsgPlus.exe
        C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
        C:\WINDOWS\Logi_MwX.Exe
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
        C:\Program Files\PowerISO\PWRISOVM.EXE
        C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\Program Files\DNA\btdna.exe
        C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Hjt\HijackThis.exe

        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
        R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1035
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
        O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
        O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
        O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
        O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
        O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
        O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
        O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
        O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
        O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
        O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Program Files\TeleWell\ADSL USB Router\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network"
        O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
        O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
        O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
        O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
        O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
        O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
        O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
        O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
        O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
        O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
        O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
        O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
        O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
        O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
        O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197622660640
        O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
        O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
        O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
        O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
        O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
        O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
        O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
        O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
        O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
        O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
        O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
        O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe


      • FixFix
        123454321 kirjoitti:

        [b]SDFix: Version 1.188 [/b]
        Run by Omistaja on pe 06.06.2008 at 18:25

        Microsoft Windows XP [versio 5.1.2600]
        Running From: C:\DOCUME~1\Omistaja\TYPYT~1\SDFix\SDFix

        [b]Checking Services [/b]:


        Restoring Windows Registry Values
        Restoring Windows Default Hosts File

        Rebooting


        [b]Checking Files [/b]:

        No Trojan Files Found






        Removing Temp Files

        [b]ADS Check [/b]:



        [b]Final Check [/b]:

        catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2008-06-06 18:41:56
        Windows 5.1.2600 Service Pack 2 NTFS

        scanning hidden processes ...

        scanning hidden services & system hive ...

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
        "khjeh"=hex:20,02,00,00,3f,1a,9f,d5,bc,96,d3,ee,a3,c3,93,2e,87,36,24,34,8f,..
        "hj34z0"=hex:8b,f6,b6,9a,0c,9e,85,5a,ba,7b,33,40,1b,8a,d0,67,69,2a,f4,e8,73,..
        "hj34z1"=hex:3d,f6,b6,9a,74,9e,85,5a,bb,7b,32,40,1a,8a,d0,67,69,2a,f4,e8,30,..
        "hj34z2"=hex:3d,f6,b6,9a,74,9e,85,5a,bb,7b,32,40,1a,8a,d0,67,69,2a,f4,e8,30,..
        "hj34z3"=hex:3d,f6,b6,9a,74,9e,85,5a,bb,7b,32,40,1a,8a,d0,67,69,2a,f4,e8,30,..
        "hj34z4"=hex:3d,f6,b6,9a,74,9e,85,5a,bb,7b,32,40,1a,8a,d0,67,69,2a,f4,e8,30,..
        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41]
        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf42]
        "khjeh"=hex:20,02,00,00,3f,1a,9f,d5,57,ee,80,1c,a3,c3,93,2e,a8,27,24,34,8f,..
        "hj34z0"=hex:f8,f7,b6,9a,1c,9f,85,5a,ba,7b,33,40,1b,8a,d0,67,69,2a,f4,e8,45,..
        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf43]
        "khjeh"=hex:20,02,00,00,3f,1a,9f,d5,6a,0b,b0,ce,a3,c3,93,2e,9e,27,24,34,8f,..
        "hj34z0"=hex:ce,f7,b6,9a,1c,9f,85,5a,ba,7b,33,40,1b,8a,d0,67,69,2a,f4,e8,92,..
        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
        "s0"=dword:22a7da32
        "s1"=dword:30d9a823
        "s2"=dword:ff3a06c7
        "h0"=dword:00000001

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
        "h0"=dword:00000000
        "ujdew"=hex:75,12,10,87,d7,b5,8f,1f,55,a9,dc,de,d9,c3,1d,d0,87,07,32,32,38,..
        [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
        "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
        "h0"=dword:00000000
        "ujdew"=hex:10,43,24,71,ae,71,e1,3f,2c,12,fd,2c,10,22,e9,9d,d7,7e,76,9c,04,..
        [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
        "h0"=dword:00000000
        "ujdew"=hex:75,12,10,87,d7,b5,8f,1f,55,a9,dc,de,d9,c3,1d,d0,87,07,32,32,38,..

        scanning hidden registry entries ...

        scanning hidden files ...

        scan completed successfully
        hidden processes: 0
        hidden services: 0
        hidden files: 0


        [b]Remaining Services [/b]:




        Authorized Application Key Export:

        [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
        "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
        "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
        "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
        "C:\\Program Files\\BitTorrent\\btdownloadgui.exe"="C:\\Program Files\\BitTorrent\\btdownloadgui.exe:*:Enabled:btdownloadgui"
        "C:\\Program Files\\Opera\\Opera.exe"="C:\\Program Files\\Opera\\Opera.exe:*:Disabled:Opera Internet Browser"
        "C:\\Program Files\\CRG\\FormulaRacing\\client.exe"="C:\\Program Files\\CRG\\FormulaRacing\\client.exe:*:Enabled:client"
        "C:\\Documents and Settings\\All Users\\Application Data\\Chat Republic Games\\ChatRepublicPlayer.exe"="C:\\Documents and Settings\\All Users\\Application Data\\Chat Republic Games\\ChatRepublicPlayer.exe:*:Enabled:ChatRepublicPlayer"
        "C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
        "C:\\Program Files\\DC \\DCPlusPlus.exe"="C:\\Program Files\\DC \\DCPlusPlus.exe:*:Disabled:DC "
        "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Disabled:eMule"
        "C:\\Documents and Settings\\Omistaja\\Omat tiedostot\\Omat albumit\\eMule\\emule.exe"="C:\\Documents and Settings\\Omistaja\\Omat tiedostot\\Omat albumit\\eMule\\emule.exe:*:Disabled:eMule"
        "C:\\Program Files\\Soulseek-Test\\slsk.exe"="C:\\Program Files\\Soulseek-Test\\slsk.exe:*:Disabled:SoulSeek"
        "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
        "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
        "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
        "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
        "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
        "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

        [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
        "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
        "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
        "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
        "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

        [b]Remaining Files [/b]:



        [b]Files with Hidden Attributes [/b]:

        Tue 13 Jul 2004 196 A.SHR --- "C:\BOOT.BAK"
        Thu 6 Sep 2001 1,700,352 A..H. --- "C:\gdiplus.dll"
        Wed 13 Sep 2006 4,789,792 ...H. --- "C:\Program Files\Picasa2\setup.exe"
        Wed 14 Jul 2004 51,712 ..SHR --- "C:\Program Files\Ski Jump International\Setup.exe"
        Mon 17 Dec 2007 104 ..SHR --- "C:\WINDOWS\system32\3288114704.sys"
        Mon 17 Dec 2007 4,184 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
        Mon 4 Oct 2004 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
        Sun 8 Feb 2004 5,294,080 A..H. --- "C:\hp\patches\42WW1REC\src\App00153.exe"
        Sun 8 Feb 2004 452,096 A..H. --- "C:\hp\patches\42WW1REC\src\App00292.exe"
        Sun 8 Feb 2004 444,416 A..H. --- "C:\hp\patches\42WW1REC\src\App00491.exe"
        Sun 8 Feb 2004 1,838,592 A..H. --- "C:\hp\patches\42WW1REC\src\App02995.exe"
        Sun 8 Feb 2004 492,544 A..H. --- "C:\hp\patches\42WW1REC\src\App04827.exe"
        Sun 8 Feb 2004 1,401,856 A..H. --- "C:\hp\patches\42WW1REC\src\App05447.exe"
        Sun 8 Feb 2004 440,320 A..H. --- "C:\hp\patches\42WW1REC\src\App05705.exe"
        Sun 8 Feb 2004 462,848 A..H. --- "C:\hp\patches\42WW1REC\src\App09961.exe"
        Sun 8 Feb 2004 15,596,032 A..H. --- "C:\hp\patches\42WW1REC\src\App14604.exe"
        Sun 8 Feb 2004 5,256,704 A..H. --- "C:\hp\patches\42WW1REC\src\App16827.exe"
        Sun 8 Feb 2004 3,668,992 A..H. --- "C:\hp\patches\42WW1REC\src\App17421.exe"
        Wed 11 Feb 2004 696,832 A..H. --- "C:\hp\patches\42WW1REC\src\App18716.exe"
        Sun 8 Feb 2004 423,936 A..H. --- "C:\hp\patches\42WW1REC\src\App19169.exe"
        Sun 8 Feb 2004 1,157,632 A..H. --- "C:\hp\patches\42WW1REC\src\App19718.exe"
        Wed 11 Feb 2004 995,328 A..H. --- "C:\hp\patches\42WW1REC\src\App19895.exe"
        Sun 8 Feb 2004 453,632 A..H. --- "C:\hp\patches\42WW1REC\src\App23281.exe"
        Sun 8 Feb 2004 453,632 A..H. --- "C:\hp\patches\42WW1REC\src\App24464.exe"
        Sun 8 Feb 2004 2,251,776 A..H. --- "C:\hp\patches\42WW1REC\src\App26962.exe"
        Sun 8 Feb 2004 481,792 A..H. --- "C:\hp\patches\42WW1REC\src\App29358.exe"
        Sun 8 Feb 2004 12,426,752 A..H. --- "C:\hp\patches\42WW1REC\src\App32391.exe"
        Sun 8 Feb 2004 12,426,752 A..H. --- "C:\hp\patches\42WW1REC\src\App99990.exe"
        Sun 8 Feb 2004 15,596,032 A..H. --- "C:\hp\patches\42WW1REC\src\App99992.exe"
        Sun 8 Feb 2004 5,256,704 A..H. --- "C:\hp\patches\42WW1REC\src\App99993.exe"
        Sun 8 Feb 2004 5,256,704 A..H. --- "C:\hp\patches\42WW1REC\src\xApp14604.exe"
        Sat 13 Nov 2004 37,376 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"
        Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0045d90d3c637c74f834c75fe192b558\BIT3.tmp"
        Tue 22 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT6.tmp"
        Tue 22 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT4.tmp"
        Tue 22 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT9.tmp"
        Wed 19 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6076fdc0f7a945970dfd94a53b6d39ee\BIT8.tmp"
        Tue 22 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b69c46c5109d0f8b0dee9fab84906813\BIT7.tmp"
        Tue 22 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BITA.tmp"
        Tue 22 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa6c916bb150f8a929e7a4ffdfbc120f\BIT5.tmp"
        Mon 4 Oct 2004 4,348 A..H. --- "C:\Documents and Settings\All Users\Tiedostot\Omat musiikkitiedostot\K„ytt”oikeuden varmuuskopio\drmv1key.bak"
        Fri 7 Jan 2005 20 A..H. --- "C:\Documents and Settings\All Users\Tiedostot\Omat musiikkitiedostot\K„ytt”oikeuden varmuuskopio\drmv1lic.bak"
        Mon 4 Oct 2004 400 A.SH. --- "C:\Documents and Settings\All Users\Tiedostot\Omat musiikkitiedostot\K„ytt”oikeuden varmuuskopio\drmv2key.bak"
        Wed 14 Jul 2004 51,712 A.SHR --- "C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\Pelit\Ski Jump International\Setup.exe"
        Wed 4 Apr 2001 28,738 A..HR --- "C:\Documents and Settings\Omistaja\Local Settings\Temp\ZGTemp\ZGS_7104515\MSDE2000\SQLRESLD.DLL"

        [b]Finished![/b]








        Logfile of HijackThis v1.99.1
        Scan saved at 18:55:21, on 6.6.2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\System32\nvsvc32.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\UAService7.exe
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\notepad.exe
        C:\windows\system\hpsysdrv.exe
        C:\WINDOWS\System32\hphmon05.exe
        C:\HP\KBD\KBD.EXE
        C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\Program Files\Multimedia Card Reader\shwicon2k.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\Program Files\Messenger Plus! 3\MsgPlus.exe
        C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
        C:\WINDOWS\Logi_MwX.Exe
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
        C:\Program Files\PowerISO\PWRISOVM.EXE
        C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\Program Files\DNA\btdna.exe
        C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Hjt\HijackThis.exe

        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
        R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1035
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
        O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
        O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
        O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
        O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
        O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
        O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
        O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
        O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
        O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
        O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Program Files\TeleWell\ADSL USB Router\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network"
        O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
        O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
        O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
        O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
        O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
        O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
        O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
        O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
        O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
        O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
        O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
        O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
        O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
        O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
        O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197622660640
        O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
        O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
        O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
        O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
        O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
        O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
        O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
        O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
        O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
        O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
        O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
        O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe

        Malwarebytes' Anti-Malware


      • 123454321
        FixFix kirjoitti:

        Malwarebytes' Anti-Malware

        Malwarebytes' Anti-Malware 1.14
        Tietokantaversio: 814

        20:59:04 6.6.2008
        mbam-log-6-6-2008 (20-59-04).txt

        Tarkistustyyppi: Täysi tarkistus (C:\|)
        Tarkistetut kohteet: 206251
        Kulunut aika: 1 hour(s), 54 minute(s), 56 second(s)

        Saastuneita muistiprosesseja: 0
        Saastuneita muistimoduuleja: 0
        Saastuneita rekisteriavaimia: 0
        Saastuneita rekisteriarvoja: 0
        Saastuneita rekisterikohteita: 0
        Saastuneita hakemistoja: 0
        Saastuneita tiedostoja: 0

        Saastuneita muistiprosesseja:
        (Haitallisia kohteita ei löydetty)

        Saastuneita muistimoduuleja:
        (Haitallisia kohteita ei löydetty)

        Saastuneita rekisteriavaimia:
        (Haitallisia kohteita ei löydetty)

        Saastuneita rekisteriarvoja:
        (Haitallisia kohteita ei löydetty)

        Saastuneita rekisterikohteita:
        (Haitallisia kohteita ei löydetty)

        Saastuneita hakemistoja:
        (Haitallisia kohteita ei löydetty)

        Saastuneita tiedostoja:
        (Haitallisia kohteita ei löydetty)


      • FixFix
        123454321 kirjoitti:

        Malwarebytes' Anti-Malware 1.14
        Tietokantaversio: 814

        20:59:04 6.6.2008
        mbam-log-6-6-2008 (20-59-04).txt

        Tarkistustyyppi: Täysi tarkistus (C:\|)
        Tarkistetut kohteet: 206251
        Kulunut aika: 1 hour(s), 54 minute(s), 56 second(s)

        Saastuneita muistiprosesseja: 0
        Saastuneita muistimoduuleja: 0
        Saastuneita rekisteriavaimia: 0
        Saastuneita rekisteriarvoja: 0
        Saastuneita rekisterikohteita: 0
        Saastuneita hakemistoja: 0
        Saastuneita tiedostoja: 0

        Saastuneita muistiprosesseja:
        (Haitallisia kohteita ei löydetty)

        Saastuneita muistimoduuleja:
        (Haitallisia kohteita ei löydetty)

        Saastuneita rekisteriavaimia:
        (Haitallisia kohteita ei löydetty)

        Saastuneita rekisteriarvoja:
        (Haitallisia kohteita ei löydetty)

        Saastuneita rekisterikohteita:
        (Haitallisia kohteita ei löydetty)

        Saastuneita hakemistoja:
        (Haitallisia kohteita ei löydetty)

        Saastuneita tiedostoja:
        (Haitallisia kohteita ei löydetty)

        katotaan se vielä

        kuinkas kone tökkiii


      • 1234543431
        FixFix kirjoitti:

        katotaan se vielä

        kuinkas kone tökkiii

        Nyt on kyllä kone pelittänyt ihan hyvin.

        Logfile of HijackThis v1.99.1
        Scan saved at 21:22:58, on 6.6.2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\System32\nvsvc32.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\UAService7.exe
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\WINDOWS\Explorer.EXE
        C:\windows\system\hpsysdrv.exe
        C:\WINDOWS\System32\hphmon05.exe
        C:\HP\KBD\KBD.EXE
        C:\WINDOWS\system32\wuauclt.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\Program Files\Multimedia Card Reader\shwicon2k.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\Program Files\Messenger Plus! 3\MsgPlus.exe
        C:\WINDOWS\Logi_MwX.Exe
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
        C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\Program Files\DNA\btdna.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Hjt\HijackThis.exe

        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
        R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1035
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
        O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
        O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
        O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
        O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
        O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
        O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
        O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
        O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
        O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
        O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Program Files\TeleWell\ADSL USB Router\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network"
        O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
        O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
        O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
        O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
        O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
        O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
        O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
        O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
        O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
        O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
        O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
        O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
        O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
        O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
        O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197622660640
        O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
        O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
        O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
        O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
        O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
        O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
        O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
        O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
        O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
        O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
        O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
        O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe


      • FixFix
        1234543431 kirjoitti:

        Nyt on kyllä kone pelittänyt ihan hyvin.

        Logfile of HijackThis v1.99.1
        Scan saved at 21:22:58, on 6.6.2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\System32\nvsvc32.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\UAService7.exe
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\WINDOWS\Explorer.EXE
        C:\windows\system\hpsysdrv.exe
        C:\WINDOWS\System32\hphmon05.exe
        C:\HP\KBD\KBD.EXE
        C:\WINDOWS\system32\wuauclt.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\Program Files\Multimedia Card Reader\shwicon2k.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\Program Files\Messenger Plus! 3\MsgPlus.exe
        C:\WINDOWS\Logi_MwX.Exe
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
        C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\Program Files\DNA\btdna.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Hjt\HijackThis.exe

        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
        R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1035
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
        O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
        O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
        O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
        O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
        O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
        O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
        O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
        O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
        O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
        O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Program Files\TeleWell\ADSL USB Router\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network"
        O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
        O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
        O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
        O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
        O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
        O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
        O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
        O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
        O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
        O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
        O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
        O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
        O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
        O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
        O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197622660640
        O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
        O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
        O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
        O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
        O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
        O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
        O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
        O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
        O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
        O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
        O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
        O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe

        scannaa hjt:llä merkkaa paina Fix checked

        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
        O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
        O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

        ****

        Kopioi / liitä seuraava teksti alapuolella tyhjään muistioFiluun
        Varmista että tiedoston tyyppi on ”all Files” ja tallenna se Poisto.bat. nimisenä
        työpöydällesi.

        @echo off
        sc stop SNDSrvc
        sc delete SNDSrvc

        Tupla-klikkaa Poisto.bat. filua työpöydälläsi , ikkuna avautuu ja Sulkeutuu tämä on normaalia.


        Poista vikasiedossa kansio

        C:\Program Files\Common Files\==> Symantec Shared


      • 123454321
        FixFix kirjoitti:

        scannaa hjt:llä merkkaa paina Fix checked

        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
        O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
        O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

        ****

        Kopioi / liitä seuraava teksti alapuolella tyhjään muistioFiluun
        Varmista että tiedoston tyyppi on ”all Files” ja tallenna se Poisto.bat. nimisenä
        työpöydällesi.

        @echo off
        sc stop SNDSrvc
        sc delete SNDSrvc

        Tupla-klikkaa Poisto.bat. filua työpöydälläsi , ikkuna avautuu ja Sulkeutuu tämä on normaalia.


        Poista vikasiedossa kansio

        C:\Program Files\Common Files\==> Symantec Shared

        Done ja Hjt-logi vielä


        Logfile of HijackThis v1.99.1
        Scan saved at 10:44:54, on 7.6.2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\System32\nvsvc32.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\System32\UAService7.exe
        C:\windows\system\hpsysdrv.exe
        C:\WINDOWS\System32\hphmon05.exe
        C:\HP\KBD\KBD.EXE
        C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
        C:\Program Files\Multimedia Card Reader\shwicon2k.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\Program Files\Messenger Plus! 3\MsgPlus.exe
        C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
        C:\WINDOWS\Logi_MwX.Exe
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
        C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\Program Files\DNA\btdna.exe
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\Hjt\HijackThis.exe
        C:\WINDOWS\system32\wuauclt.exe

        R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1035
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
        O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
        O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
        O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
        O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
        O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
        O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
        O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
        O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
        O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Program Files\TeleWell\ADSL USB Router\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network"
        O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
        O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
        O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
        O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
        O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
        O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
        O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
        O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
        O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
        O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
        O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
        O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
        O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
        O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
        O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197622660640
        O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
        O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
        O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
        O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
        O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
        O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
        O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
        O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
        O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
        O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
        O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe


      • FixFix
        123454321 kirjoitti:

        Done ja Hjt-logi vielä


        Logfile of HijackThis v1.99.1
        Scan saved at 10:44:54, on 7.6.2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\System32\nvsvc32.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\System32\UAService7.exe
        C:\windows\system\hpsysdrv.exe
        C:\WINDOWS\System32\hphmon05.exe
        C:\HP\KBD\KBD.EXE
        C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
        C:\Program Files\Multimedia Card Reader\shwicon2k.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\Program Files\Messenger Plus! 3\MsgPlus.exe
        C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
        C:\WINDOWS\Logi_MwX.Exe
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
        C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\Program Files\DNA\btdna.exe
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\Hjt\HijackThis.exe
        C:\WINDOWS\system32\wuauclt.exe

        R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1035
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
        O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
        O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
        O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
        O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
        O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
        O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
        O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
        O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
        O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Program Files\TeleWell\ADSL USB Router\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network"
        O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
        O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
        O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
        O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
        O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
        O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
        O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
        O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
        O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
        O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
        O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
        O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
        O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
        O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
        O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197622660640
        O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
        O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
        O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
        O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
        O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
        O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
        O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
        O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
        O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
        O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
        O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe

        loki kunnossa


    Ketjusta on poistettu 0 sääntöjenvastaista viestiä.

    Luetuimmat keskustelut

    1. Ensitreffit Jenni laukoo viinilasin ääressä suorat sanat Jyrkin aikeista: "Mä sanoin, että älä"

      Voi ei… Mitä luulet: kestääkö Jennin ja Jyrkin avioliitto vai päättyykö eroon? Lue lisää: https://www.suomi24.fi/viihde
      Ensitreffit alttarilla
      27
      2990
    2. Ymmärrän paremmin kuin koskaan

      Roikut kädessäni ja vedät puoleesi. Näen kuitenkin tämän kaiken lävitse ja kaikkien takia minun on tehtävä tämä. Päästän
      Tunteet
      34
      2682
    3. 150
      2308
    4. Hullu liikenteessä?

      Mikä hullu pyörii kylillä jos jahti päällä? Näitä tosin kyllä riittää tällä kylällä.
      Kiuruvesi
      54
      2269
    5. Niina Lahtinen uudessa elämäntilanteessa - Kotiolot ovat muuttuneet merkittävästi: "Nyt on...!"

      Niina, tanssejasi on riemukasta seurata, iso kiitos! Lue Niinan haastattelu: https://www.suomi24.fi/viihde/niina-lahti
      Suomalaiset julkkikset
      24
      1910
    6. Kun Venäjä on tasannut tilit Ukrainan kanssa, onko Suomi seuraava?

      Mitä mieltä olette, onko Suomi seuraava, jonka kanssa Venäjä tasaa tilit? Ja voisiko sitä mitenkään estää? Esimerkiks
      NATO
      392
      1727
    7. Ano Turtiainen saa syytteet kansankiihoituksesta

      Syytteitä on kolme ja niissä on kyse kirjoituksista, jotka hän on kansanedustaja-aikanaan julkaissut Twitter-tilillään
      Maailman menoa
      108
      1689
    8. Pyhäinpäivän aamua

      Oikein hyvää huomenta ja rauhallista päivää. ❄️😊🥱☕❤️
      Ikävä
      316
      1584
    9. Kunta ostaa kivitipun

      Kunnanjohtajan tuleva uusi ostokohde
      Lappajärvi
      135
      1479
    10. Varokaa! Lunta voi sataa kohta!

      Vakava säävaroitus Lumisadevaroitus Satakunta, Uusimaa, Etelä-Karjala, Keski-Suomi, Etelä-Savo, Etelä-Pohjanmaa, Pohjanm
      Maailman menoa
      15
      1472
    Aihe