CiD-pop uppeja Explorerissa

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by Marzie, Aug 4, 2007.

  1. Marzie

    Marzie Member

    Joined:
    Aug 4, 2007
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    11
    Kun konetta käyttää, näytölle pomppaa vähän väliä CiD-mainosikkunoita Explorerilla (oletusselaimena on Firefox). Millä ohjelmalla/ohjelmilla ongelman saisi korjattua ja miten? Kiitos etukäteen.

    HjT-loki näyttää tältä:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:29:23, on 4.8.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Norman\Npm\bin\ELOGSVC.EXE
    C:\Norman\Npm\Bin\Zanda.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Norman\Npm\bin\ZLH.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Norman\Nvc\BIN\NIP.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\Norman\Npm\bin\NJEEVES.EXE
    C:\Norman\Nvc\BIN\NVCSCHED.EXE
    C:\Norman\Nvc\bin\nvcoas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\alg.exe
    C:\Norman\Nvc\bin\cclaw.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\HjT\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Documents and Settings\Mikko\omat tiedostot\mikon kansio\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TypeRemote] C:\DOCUME~1\Mikko\APPLIC~1\CREATI~1\amendraw.exe
    O4 - HKCU\..\Run: [BitDownload] "C:\Documents and Settings\Mikko\omat tiedostot\mikon kansio\Return to Castle Wolfenstein\koodit\BitDownload\BitDownload.exe" /minimized
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?4c8e0a08c4974ce899d04c5dca5a44d6
    O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?4c8e0a08c4974ce899d04c5dca5a44d6
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://onecare.live.com
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
    O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
    O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

    --
    End of file - 8338 bytes
     
    Marzie, Aug 4, 2007
    #1
  2. Auttaja

    Auttaja Guest

    Sull on koneella kaks antivirus ohjelmaa.. norman ja avg7 poista toinen..

    Poista myös wildtanget.. '

    ==========

    Hijackthissillä muut ohjelmat suljettuna!
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
    O4 - HKCU\..\Run: [TypeRemote] C:\DOCUME~1\Mikko\APPLIC~1\CREATI~1\amendraw.exe


    Merkkaa nuo rivit ja paina FIX CHECKED


    =========

    Lataa ATF Cleaner
    http://www.atribune.org/ccount/click.php?id=1

    Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman. Main:n alla valitse: Select All
    Klikkaa Empty Selected valintaa.
    Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
    Klikkaa Empty Selected valintaa.
    HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
    Jos käytät Operaa selaimenasi Klikkaa Opera yläpuolelta ja valitse: Select All
    Klikkaa Empty Selected valintaa taas.
    HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
    Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
    Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)

    ==========

    Lataa NoLop työpöydällesi yhdestä seuraavista linkeistä...
    http://www.spywareedge.net/nolop/NoLop.exe1
    http://www.spywaretimes.com/Tools/Download/Anti-malwareToolsLinkki
    http://www.thespykiller.co.uk/index.php?action=tpmod;dl=get16

    * Sulje kaikki ohjelmat, koska tämä vaihe vaatii uudelleenkäynnistyksen
    * Tuplaklikkaa NoLop.exe ajaaksesi sen

    * Klikkaa nappulaa "Search and Destroy"
    <<Tietokoneesi skannataan saastuneiden tiedostojen osalta>>
    * Kun skannaus on valmis, sinua pyydetään käynnistämään kone uudestaan, jos infektio löytyy. Klikkaa OK
    * Klikkaa "REBOOT"-painiketta.
    * NoLopin pitäisi antaa viesti. Jos ei, tuplaklikkaa ohjelmaa ja se valmistuu. Lähetä C:\NoLop.log-tiedoston sisältö uuden HijackThis-lokin kera.

    -- Jos saat seuraavan virheen, "mscomctl.ocx or one of its dependencies are not correctly registered," lataa mscomctl.ocx http://www.boletrice.com/downloads/mscomctl.ocx ja tallenna se system32-hakemistoosi (yleensä c:\Windows\system32). Tämän jälkeen aja ohjelma uudestaan. --

    =========


    Laita piilotiedostot näkyviin ja poiston jälkeen piiloon takaisin


    Poista nämä kansiot/tiedostot

    C:\Program Files\WildTangent\
    C:\DOCUME~1\Mikko\APPLIC~1\CREATI~1\ (lyhennetty nimi)

    =========
    '
    Tarkista koneesi F-Securen online skannerilla

    Huom, skanneri toimii vain Internet Explorer selaimella

    * Lue sivun ohjeet huolella läpi
    * Klikkaa Start scanning
    * Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
    * Klikkaa Accept
    * Klikkaa Custom Scan
    * Säädä asetukset seuraavasti

    o "Virus Scan Option" kohdasta valitse Scan whole system
    o "Other Scan Option" kohdasta valitse Scan All Files
    o Valitse Scan whole system for rootkits
    o Valitse Scan whole system for spyware
    o Laita ruksi kohtaan Scan inside archives
    o Varmista että Use advanced heuristics on valittuna

    * Klikkaa Start
    * Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
    * Odota kärsivällisesti
    * Kun sakannaus on suoritettu, klikkaa Automatic cleaning
    * Klikkaa Show Report
    * Raportti aukeaa selaimessa, kopioi teksti kokonaan
    * Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
    * Voit sulkea skannerin
    * Lähetä raportti viestiketjuusi

    Myös uusi HIJACKTHISlogi
     
    Auttaja, Aug 4, 2007
    #2
  3. Marzie

    Marzie Member

    Joined:
    Aug 4, 2007
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    11
    Tässä NoLop!in loki:
    NoLop! Log by Skate_Punk_21

    Fix running from: C:\Documents and Settings\Mikko\Desktop
    [5.8.2007]
    [12:06:51]

    ---Infection Files Found/Removed---
    C:\WINDOWS\tasks\A417F05F918462F3.job

    Beginning Removal...
    Rebooting...
    Removing Lop's Leftover Files/Folders...
    Editing Registry...
    **Fix Complete!**

    ---Listing AppData sub directories---

    C:\Documents and Settings\Administrator\Application Data\Adobe
    C:\Documents and Settings\Administrator\Application Data\Identities
    C:\Documents and Settings\Administrator\Application Data\Microsoft
    C:\Documents and Settings\All Users\Application Data\Adobe
    C:\Documents and Settings\All Users\Application Data\Ahead
    C:\Documents and Settings\All Users\Application Data\Apple Computer
    C:\Documents and Settings\All Users\Application Data\Avg7 -- EMPTY Directory
    C:\Documents and Settings\All Users\Application Data\Book Slow Axis Web -- EMPTY Directory
    C:\Documents and Settings\All Users\Application Data\Hp
    C:\Documents and Settings\All Users\Application Data\Ifi
    C:\Documents and Settings\All Users\Application Data\Microsoft
    C:\Documents and Settings\All Users\Application Data\Nvidia
    C:\Documents and Settings\All Users\Application Data\Nview_profiles -- EMPTY Directory
    C:\Documents and Settings\All Users\Application Data\Skype
    C:\Documents and Settings\All Users\Application Data\Sonic
    C:\Documents and Settings\All Users\Application Data\Ubisoft
    C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
    C:\Documents and Settings\Default User\Application Data\Adobe
    C:\Documents and Settings\Default User\Application Data\Identities
    C:\Documents and Settings\Default User\Application Data\Microsoft
    C:\Documents and Settings\Localservice\Application Data\Microsoft
    C:\Documents and Settings\Mikko\Application Data\Adobe
    C:\Documents and Settings\Mikko\Application Data\Adobeum
    C:\Documents and Settings\Mikko\Application Data\Ahead
    C:\Documents and Settings\Mikko\Application Data\Apple Computer
    C:\Documents and Settings\Mikko\Application Data\Bitdownload
    C:\Documents and Settings\Mikko\Application Data\Creative Ping Burn
    C:\Documents and Settings\Mikko\Application Data\Help
    C:\Documents and Settings\Mikko\Application Data\Hp
    C:\Documents and Settings\Mikko\Application Data\Identities
    C:\Documents and Settings\Mikko\Application Data\Ifi
    C:\Documents and Settings\Mikko\Application Data\Intervideo
    C:\Documents and Settings\Mikko\Application Data\Lavasoft
    C:\Documents and Settings\Mikko\Application Data\Limewire
    C:\Documents and Settings\Mikko\Application Data\Macromedia
    C:\Documents and Settings\Mikko\Application Data\Microsoft
    C:\Documents and Settings\Mikko\Application Data\Mozilla
    C:\Documents and Settings\Mikko\Application Data\Real
    C:\Documents and Settings\Mikko\Application Data\Sierra
    C:\Documents and Settings\Mikko\Application Data\Skype
    C:\Documents and Settings\Mikko\Application Data\Sun
    C:\Documents and Settings\Mikko\Application Data\Talkback
    C:\Documents and Settings\Mikko\Application Data\Template
    C:\Documents and Settings\Networkservice\Application Data\Microsoft



    ... ja tässä HjT loki tiedostojen & ohjelmien poistojen, ATF Cleanerin ja NoLopin jälkeen. F-Securen Online skannausta en saanut toimimaan. Kun Custom Scanningin asetukset oli tehty ja klikkasin "Start", ohjelma ilmoitti "Unable to download necessary Online Scanner components! Please try again."

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:36:09, on 5.8.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Norman\Npm\bin\ELOGSVC.EXE
    C:\Norman\Npm\Bin\Zanda.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\Norman\Npm\bin\NJEEVES.EXE
    C:\Norman\Nvc\bin\nvcoas.exe
    C:\Norman\Nvc\BIN\NVCSCHED.EXE
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Documents and Settings\Mikko\omat tiedostot\mikon kansio\DAEMON Tools\daemon.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Norman\Npm\bin\ZLH.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Norman\Nvc\BIN\NIP.EXE
    C:\Norman\Nvc\bin\cclaw.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\HjT\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Documents and Settings\Mikko\omat tiedostot\mikon kansio\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BitDownload] "C:\Documents and Settings\Mikko\omat tiedostot\mikon kansio\Return to Castle Wolfenstein\koodit\BitDownload\BitDownload.exe" /minimized
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?4c8e0a08c4974ce899d04c5dca5a44d6
    O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?4c8e0a08c4974ce899d04c5dca5a44d6
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://onecare.live.com
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
    O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
    O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

    --
    End of file - 7074 bytes
     
    Marzie, Aug 5, 2007
    #3
  4. Auttaja

    Auttaja Guest

    Jos käytät vain Windowsin omaa palomuuria, niin se ei ole riittävä suoja. Lataa vaikka näistä kolmesta Yksi palomuuri koneellesi ja asenna se. Poista sitten myös windowsin palomuuri käytöstä. Nämä 3 ovat aika suosittuja ja ilmaisia palomuureja:

    Comodo
    Kerio
    Zonealarm

    ========

    C:\Documents and Settings\All Users\Application Data\Book Slow Axis Web -- EMPTY Directory

    Poistaa tää kansio

    Laita piilotiedostot näkyviin ja poiston jälkeen piiloon takaisin

    =======

    Lataa Deckard's System Scanner Työpöydällesi.

    Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman.

    [*]Sulje kaikki avoimet ikkunat ja ohjelmat.
    [*]Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita.
    [*]Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt
    [*]Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V )
    [*]kopioi ja liitä Extra.txt & Main.txt sisältö seuraavaan vastaukseesi.

     
    Auttaja, Aug 5, 2007
    #4
  5. Marzie

    Marzie Member

    Joined:
    Aug 4, 2007
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    11
    Tässä Deckard's System Scannerin logit.

    Main:

    Deckard's System Scanner v20070804.61
    Run by Mikko on 2007-08-05 at 20:12:02
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    75: 2007-08-05 17:12:10 UTC - RP286 - Deckard's System Scanner Restore Point
    74: 2007-08-05 08:46:58 UTC - RP285 - Installed AVG 7.5
    73: 2007-08-05 08:46:15 UTC - RP284 - Removed AVG 7.5
    72: 2007-08-04 08:17:14 UTC - RP283 - Installed AVG 7.5
    71: 2007-08-03 16:55:22 UTC - RP282 - Configured EA Link


    -- First Restore Point --
    1: 2007-05-08 16:21:26 UTC - RP212 - Järjestelmän tarkistuspiste


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis (run as Mikko.exe) -----------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:13:11, on 5.8.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Norman\Npm\bin\ELOGSVC.EXE
    C:\Norman\Npm\Bin\Zanda.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Norman\Npm\bin\ZLH.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\Comodo\Firewall\CPF.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Norman\Nvc\BIN\NIP.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\Comodo\Firewall\cmdagent.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\Norman\Npm\bin\NJEEVES.EXE
    C:\Norman\Nvc\BIN\NVCSCHED.EXE
    C:\Norman\Nvc\bin\nvcoas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\alg.exe
    C:\Norman\Nvc\bin\cclaw.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Documents and Settings\Mikko\omat tiedostot\Vastaanotetut tiedostot\dss.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\HjT\HIJACK~2\Mikko.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BitDownload] "C:\Documents and Settings\Mikko\omat tiedostot\mikon kansio\Return to Castle Wolfenstein\koodit\BitDownload\BitDownload.exe" /minimized
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?4c8e0a08c4974ce899d04c5dca5a44d6
    O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?4c8e0a08c4974ce899d04c5dca5a44d6
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://onecare.live.com
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
    O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
    O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
    O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

    --
    End of file - 7225 bytes

    -- HijackThis Fixed Entries (C:\HjT\HIJACK~2\backups\) -------------------------

    backup-20070805-115315-428 O4 - HKCU\..\Run: [TypeRemote] C:\DOCUME~1\Mikko\APPLIC~1\CREATI~1\amendraw.exe
    backup-20070805-115315-607 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    backup-20070805-115315-649 O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    All drivers whitelisted.


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    All services whitelisted.


    -- Device Manager: Disabled ----------------------------------------------------

    No disabled devices found.


    -- Scheduled Tasks -------------------------------------------------------------

    2007-08-05 20:06:00 254 --a------ C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job
    2007-07-30 14:18:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


    -- Files created between 2007-07-05 and 2007-08-05 -----------------------------

    2007-08-05 20:04:41 0 d-------- C:\Documents and Settings\Mikko\Application Data\Comodo
    2007-08-05 20:04:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
    2007-08-05 20:01:51 0 d-------- C:\Program Files\Comodo
    2007-08-05 12:09:04 0 d-------- C:\NoLopBackups
    2007-08-05 11:46:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
    2007-08-03 21:28:30 0 d-------- C:\Documents and Settings\Mikko\Application Data\Lavasoft
    2007-07-21 12:49:15 0 d-------- C:\Program Files\EA GAMES


    -- Find3M Report ---------------------------------------------------------------

    2007-08-05 12:41:34 4356 --a------ C:\Documents and Settings\Mikko\Application Data\wklnhst.dat
    2007-08-03 19:56:10 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-08-02 17:47:01 0 d-------- C:\Documents and Settings\Mikko\Application Data\LimeWire
    2007-07-24 18:15:55 0 d-------- C:\Documents and Settings\Mikko\Application Data\Template
    2007-07-06 22:22:19 2067 --a------ C:\Documents and Settings\Mikko\Application Data\HPSU_48BitScanUpdate.log
    2007-07-06 22:10:07 348 --a------ C:\Documents and Settings\Mikko\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
    2007-07-06 22:10:03 0 --a------ C:\Documents and Settings\Mikko\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log
    2007-07-06 22:09:52 2797 --a------ C:\Documents and Settings\Mikko\Application Data\PatchUpdate_InstantShareJPG.log
    2007-07-06 22:09:43 3558 --a------ C:\Documents and Settings\Mikko\Application Data\PatchUpdate_IZClosingDiscError.log
    2007-07-06 22:05:11 46566 --a------ C:\Documents and Settings\Mikko\Application Data\Update_HP_RedboxHprblog_HPSU.log
    2007-07-06 22:03:12 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll <Not Verified; Hewlett Packard; Hewlett Packard Rediscovery Library>
    2007-07-06 21:59:09 0 d-------- C:\Documents and Settings\Mikko\Application Data\Skype
    2007-07-02 13:45:12 0 d-------- C:\Documents and Settings\Mikko\Application Data\BitDownload
    2007-06-12 15:50:29 796672 --a------ C:\WINDOWS\GPInstall.exe <Not Verified; Qsc; GP-Install>
    2007-05-14 18:40:19 720 --a------ C:\WINDOWS\mozver.dat


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [05.08.2005 14:56]
    "RTHDCPL"="RTHDCPL.EXE" [28.06.2006 15:54 C:\WINDOWS\RTHDCPL.EXE]
    "SkyTel"="SkyTel.EXE" [16.05.2006 19:04 C:\WINDOWS\SkyTel.exe]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09.07.2001 12:50]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [22.10.2006 13:22]
    "nwiz"="nwiz.exe" [22.10.2006 12:22 C:\WINDOWS\system32\nwiz.exe]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [11.05.2005 23:12]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [14.03.2007 03:43]
    "Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [27.04.2007 13:58]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [25.10.2006 19:58]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30.10.2006 10:36]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [14.05.2007 18:39]
    "NvMediaCenter"="NvMCTray.dll" [22.10.2006 13:22 C:\WINDOWS\system32\nvmctray.dll]
    "COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [05.08.2007 20:01]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [10.08.2004 15:00]
    "Steam"="" []
    "BitDownload"="C:\Documents and Settings\Mikko\omat tiedostot\mikon kansio\Return to Castle Wolfenstein\koodit\BitDownload\BitDownload.exe" []

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "RunNarrator"=Narrator.exe

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23.9.2005 23:05:26]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11.5.2005 23:23:26]
    HP Image Zone -pikak„ynnistys.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [12.5.2005 0:49:24]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    *Newly Created Service* - CMDAGENT
    *Newly Created Service* - CMDMON
    *Newly Created Service* - INSPECT



    -- Hosts -----------------------------------------------------------------------

    127.0.0.1 bin.errorprotector.com ## added by CiD
    127.0.0.1 br.errorsafe.com ## added by CiD
    127.0.0.1 br.winantivirus.com ## added by CiD
    127.0.0.1 br.winfixer.com ## added by CiD
    127.0.0.1 cdn.drivecleaner.com ## added by CiD
    127.0.0.1 cdn.errorsafe.com ## added by CiD
    127.0.0.1 cdn.winsoftware.com ## added by CiD
    127.0.0.1 de.errorsafe.com ## added by CiD
    127.0.0.1 de.winantivirus.com ## added by CiD
    127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

    60 more entries in hosts file.


    -- End of Deckard's System Scanner: finished at 2007-08-05 at 20:13:46 ---------

    Extra:

    Deckard's System Scanner v20070804.61
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------

    -- System Information ----------------------------------------------------------

    Microsoft Windows XP Professional (build 2600) SP 2.0
    Architecture: X86; Language: English

    CPU 0: AMD Athlon(tm) 64 Processor 3500+
    Percentage of Memory in Use: 46%
    Physical Memory (total/avail): 1022.48 MiB / 541.98 MiB
    Pagefile Memory (total/avail): 2458.24 MiB / 2029.43 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1965.78 MiB

    C: is Fixed (NTFS) - 232.88 GiB total, 80.91 GiB free.
    D: is CDROM (No Media)
    E: is Removable (No Media)
    F: is Removable (No Media)
    G: is Removable (No Media)
    H: is Removable (No Media)
    I: is Removable (No Media)
    J: is CDROM (No Media)
    K: is CDROM (No Media)
    L: is CDROM (No Media)
    M: is CDROM (No Media)


    -- Security Center -------------------------------------------------------------

    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is disabled.

    FirstRunDisabled is set.
    FirewallOverride is set.

    FW: COMODO Firewall Pro v2.3.035 (COMODO)
    AV: Norman Virus Control ver. 5.90 v5.90 (Norman ASA)

    [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
    "C:\\Documents and Settings\\Mikko\\omat tiedostot\\mikon kansio\\steam\\SteamApps\\makko90\\counter-strike source\\hl2.exe"="C:\\Documents and Settings\\Mikko\\omat tiedostot\\mikon kansio\\steam\\SteamApps\\makko90\\counter-strike source\\hl2.exe:*:Enabled:hl2"
    "C:\\Documents and Settings\\Mikko\\omat tiedostot\\mikon kansio\\eye\\The All-Seeing Eye\\eye.exe"="C:\\Documents and Settings\\Mikko\\omat tiedostot\\mikon kansio\\eye\\The All-Seeing Eye\\eye.exe:*:Disabled:Yahoo! All-Seeing Eye"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Disabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Disabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\Messenger\\Msmsgs.exe"="C:\\Program Files\\Messenger\\Msmsgs.exe:*:Disabled:Windows Messenger"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Documents and Settings\\Mikko\\omat tiedostot\\mikon kansio\\the allsing eye\\The All-Seeing Eye\\eye.exe"="C:\\Documents and Settings\\Mikko\\omat tiedostot\\mikon kansio\\the allsing eye\\The All-Seeing Eye\\eye.exe:*:Disabled:Yahoo! All-Seeing Eye"
    "C:\\Pihlajakumpu\\Viljele\\Viljele.exe"="C:\\Pihlajakumpu\\Viljele\\Viljele.exe:*:Disabled:Viljele"
    "C:\\Documents and Settings\\Mikko\\omat tiedostot\\mikon kansio\\NHL 2001\\NHL2001.ICD"="C:\\Documents and Settings\\Mikko\\omat tiedostot\\mikon kansio\\NHL 2001\\NHL2001.ICD:*:Disabled:NHL2001"
    "C:\\Documents and Settings\\Mikko\\omat tiedostot\\mikon kansio\\Skype\\Skype.exe"="C:\\Documents and Settings\\Mikko\\omat tiedostot\\mikon kansio\\Skype\\Skype.exe:*:Enabled:Skype"
    "C:\\Documents and Settings\\Mikko\\omat tiedostot\\mikon kansio\\steam\\SteamApps\\makko90\\source sdk base\\hl2.exe"="C:\\Documents and Settings\\Mikko\\omat tiedostot\\mikon kansio\\steam\\SteamApps\\makko90\\source sdk base\\hl2.exe:*:Enabled:hl2"
    "C:\\Documents and Settings\\Mikko\\omat tiedostot\\mikon kansio\\limevire\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\Mikko\\omat tiedostot\\mikon kansio\\limevire\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Documents and Settings\\Mikko\\omat tiedostot\\mikon kansio\\Return to Castle Wolfenstein\\BitDownload\\BitDownload.exe"="C:\\Documents and Settings\\Mikko\\omat tiedostot\\mikon kansio\\Return to Castle Wolfenstein\\BitDownload\\BitDownload.exe:*:Enabled:Warez3"
    "C:\\Documents and Settings\\Mikko\\My Documents\\mikon kansio\\Phone\\Skype.exe"="C:\\Documents and Settings\\Mikko\\My Documents\\mikon kansio\\Phone\\Skype.exe:*:Enabled:Skype"
    "C:\\Documents and Settings\\Mikko\\omat tiedostot\\mikon kansio\\Return to Castle Wolfenstein\\koodit\\BitDownload\\BitDownload.exe"="C:\\Documents and Settings\\Mikko\\omat tiedostot\\mikon kansio\\Return to Castle Wolfenstein\\koodit\\BitDownload\\BitDownload.exe:*:Enabled:Warez3"
    "C:\\Documents and Settings\\Mikko\\omat tiedostot\\mikon kansio\\steam\\SteamApps\\makko90\\day of defeat source\\hl2.exe"="C:\\Documents and Settings\\Mikko\\omat tiedostot\\mikon kansio\\steam\\SteamApps\\makko90\\day of defeat source\\hl2.exe:*:Enabled:hl2"
    "C:\\Documents and Settings\\Mikko\\omat tiedostot\\mikon kansio\\amerikan's army\\System\\ArmyOps.exe"="C:\\Documents and Settings\\Mikko\\omat tiedostot\\mikon kansio\\amerikan's army\\System\\ArmyOps.exe:*:Enabled:ArmyOps"
    "C:\\Documents and Settings\\Mikko\\omat tiedostot\\mikon kansio\\BATTLEFIELD 2\\BF2.exe"="C:\\Documents and Settings\\Mikko\\omat tiedostot\\mikon kansio\\BATTLEFIELD 2\\BF2.exe:*:Enabled:Battlefield 2"
    "C:\\Documents and Settings\\Mikko\\omat tiedostot\\mikon kansio\\BATTLEFIELD 2\\BF2VoipServer.exe"="C:\\Documents and Settings\\Mikko\\omat tiedostot\\mikon kansio\\BATTLEFIELD 2\\BF2VoipServer.exe:*:Enabled:BF2VoipServer"
    "C:\\Documents and Settings\\Mikko\\omat tiedostot\\mikon kansio\\BATTLEFIELD 2\\BF2VoipServer_w32ded.exe"="C:\\Documents and Settings\\Mikko\\omat tiedostot\\mikon kansio\\BATTLEFIELD 2\\BF2VoipServer_w32ded.exe:*:Enabled:BF2VoipServer_w32ded"
    "C:\\Documents and Settings\\Mikko\\omat tiedostot\\mikon kansio\\outbreak\\Outbreak Demo\\OutBreak.exe"="C:\\Documents and Settings\\Mikko\\omat tiedostot\\mikon kansio\\outbreak\\Outbreak Demo\\OutBreak.exe:*:Enabled:Codename: Outbrake"
    "C:\\Documents and Settings\\Mikko\\omat tiedostot\\mikon kansio\\Return to Castle Wolfenstein\\ET.exe"="C:\\Documents and Settings\\Mikko\\omat tiedostot\\mikon kansio\\Return to Castle Wolfenstein\\ET.exe:*:Enabled:ET"
    "C:\\Documents and Settings\\Mikko\\omat tiedostot\\mikon kansio\\GRAW_PC_demo\\GRAW_demo.exe"="C:\\Documents and Settings\\Mikko\\omat tiedostot\\mikon kansio\\GRAW_PC_demo\\GRAW_demo.exe:*:Enabled:GRAW_demo"
    "C:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"="C:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe:*:Enabled:Halo"
    "C:\\Documents and Settings\\Mikko\\omat tiedostot\\mikon kansio\\steam\\SteamApps\\makko90\\half-life 2 deathmatch\\hl2.exe"="C:\\Documents and Settings\\Mikko\\omat tiedostot\\mikon kansio\\steam\\SteamApps\\makko90\\half-life 2 deathmatch\\hl2.exe:*:Enabled:hl2"
    "C:\\Documents and Settings\\Mikko\\omat tiedostot\\mikon kansio\\amerikan's army\\System\\Server.exe"="C:\\Documents and Settings\\Mikko\\omat tiedostot\\mikon kansio\\amerikan's army\\System\\Server.exe:*:Enabled:Server"
    "C:\\Documents and Settings\\Mikko\\omat tiedostot\\mikon kansio\\Soldat\\Soldat.exe"="C:\\Documents and Settings\\Mikko\\omat tiedostot\\mikon kansio\\Soldat\\Soldat.exe:*:Enabled:Soldat"
    "C:\\Documents and Settings\\Mikko\\omat tiedostot\\mikon kansio\\SCDA-Offline\\System\\SplinterCell4.exe"="C:\\Documents and Settings\\Mikko\\omat tiedostot\\mikon kansio\\SCDA-Offline\\System\\SplinterCell4.exe:*:Enabled:SplinterCell4"
    "C:\\Documents and Settings\\Mikko\\omat tiedostot\\mikon kansio\\steam\\SteamApps\\makko90\\source dedicated server\\srcds.exe"="C:\\Documents and Settings\\Mikko\\omat tiedostot\\mikon kansio\\steam\\SteamApps\\makko90\\source dedicated server\\srcds.exe:*:Enabled:srcds"


    -- Environment Variables -------------------------------------------------------

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\Mikko\Application Data
    CLASSPATH=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=FUJITSU
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\Mikko
    LOGONSERVER=\\FUJITSU
    NpmLib=C:\Norman\Npm\Bin
    NUMBER_OF_PROCESSORS=1
    OS=Windows_NT
    Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Norman\Npm\Bin
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 79 Stepping 2, AuthenticAMD
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=4f02
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    QTJAVA=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
    SESSIONNAME=Console
    sourcesdk=c:\documents and settings\mikko\omat tiedostot\mikon kansio\steam\steamapps\makko90\sourcesdk
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\Mikko\LOCALS~1\Temp
    TMP=C:\DOCUME~1\Mikko\LOCALS~1\Temp
    USERDOMAIN=FUJITSU
    USERNAME=Mikko
    USERPROFILE=C:\Documents and Settings\Mikko
    VProject=c:\documents and settings\mikko\omat tiedostot\mikon kansio\steam\steamapps\SourceMods\aa
    windir=C:\WINDOWS
    __COMPAT_LAYER=EnableNXShowUI


    -- User Profiles ---------------------------------------------------------------

    Mikko (admin)
    Administrator (admin)


    -- Add/Remove Programs ---------------------------------------------------------

    --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Ad-Aware SE Personal --> C:\DOCUME~1\Mikko\OMATTI~1\ad_aware\AD-AWA~1\UNWISE.EXE C:\DOCUME~1\Mikko\OMATTI~1\ad_aware\AD-AWA~1\INSTALL.LOG
    Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
    Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}
    Adobe Reader 7.0.9 - Suomi --> MsiExec.exe /I{AC76BA86-7AD7-1035-7B44-A70900000002}
    AGEIA PhysX v2.3.3 --> "C:\Program Files\AGEIA Technologies\uninstall.exe"
    Aliens versus Predator 2 Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45EFEFDC-0007-4D31-A69E-8125F0229ACA}\Setup.exe"
    America's Army --> MsiExec.exe /I{EF434C52-D882-43DB-8777-EC7B10D8943C}
    Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
    Automaattiset valikot (Windows Live Toolbar) --> MsiExec.exe /X{AD211425-49BE-48D4-889C-C614DA6AC4AD}
    Battlefield 2: Deluxe Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
    BitDownload 1.5.4 --> C:\Documents and Settings\Mikko\omat tiedostot\mikon kansio\Return to Castle Wolfenstein\koodit\BitDownload\Uninstall.exe
    CiD Help --> C:\DOCUME~1\Mikko\APPLIC~1\CREATI~1\amendraw.exe -uninstall
    Codename : Outbreak Demo --> C:\DOCUME~1\Mikko\OMATTI~1\MIKONK~1\outbreak\OUTBRE~1\UNWISE.EXE C:\DOCUME~1\Mikko\OMATTI~1\MIKONK~1\outbreak\OUTBRE~1\INSTALL.LOG
    Colin McRae Rally --> C:\WINDOWS\IsUninst.exe -f"c:\documents and settings\mikko\omat tiedostot\mikon kansio\colin mcrae\Uninst.isu"
    COMODO Firewall Pro --> C:\Program Files\Comodo\Firewall\fwconfig.exe -uninstalln
    Counter-Strike: Source --> MsiExec.exe /I{9580813D-94B1-4C28-9426-A441E2BB29A5}
    EA.com Matchup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F173C40-563E-11D4-89C5-0010ADDAAC33}\setup.exe" -l0xb
    EA.com Update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB97F52-512B-43EF-AAEC-4825C17B32ED}\setup.exe" -l0xb
    Empire Earth II SP Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15B4652F-38E8-4252-8374-EFE88AA2FDA7}\setup.exe" -l0x9 -removeonly
    Ford Supercar Challenge from Ford (remove only) --> "C:\Documents and Settings\Mikko\omat tiedostot\mikon kansio\ford\Ford Supercar Challenge\Uninstall.exe"
    Game Maker 4 --> C:\WINDOWS\GPInstall.exe "/UNINST=C:\Documents and Settings\Mikko\omat tiedostot\mikon kansio\UnInst.log" "/APPNAME=Game Maker 4"
    GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
    Ghost Recon Advanced Warfighter Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED48E5CA-34D8-4339-8276-5E95C261A94A}\setup.exe" -l0x9
    GTA San Andreas --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly
    Half-Life Dedicated Server Update Tool --> C:\DOCUME~1\Mikko\OMATTI~1\MIKONK~1\steam\UNWISE.EXE C:\DOCUME~1\Mikko\OMATTI~1\MIKONK~1\steam\INSTALL.LOG
    High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
    HijackThis 2.0.2 --> "C:\HjT\HijackThis\HijackThis.exe" /uninstall
    Hitman: Blood Money Demo --> "C:\Documents and Settings\Mikko\omat tiedostot\mikon kansio\steam\steam.exe" steam://uninstall/6950
    HP Document Viewer 5.3 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
    HP Image Zone 5.3 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
    HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
    HP PSC & OfficeJet 5.3.B --> "C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
    HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
    HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
    Ifi Tilausohjelma 3.5 --> C:\Program Files\Ifi\OrderClient35\Uninstall.exe
    InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
    iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
    J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
    Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
    LimeWire 4.12.11 --> "C:\Documents and Settings\Mikko\omat tiedostot\mikon kansio\limevire\LimeWire\uninstall.exe"
    Localization Pack for Microsoft Windows XP Media Center Edition --> MsiExec.exe /I{9E667C7C-F80C-4B91-BCBA-01CBA164A5E9}
    MAGIX music maker 11 silver (FL) --> C:\Documents and Settings\Mikko\omat tiedostot\mikon kansio\music maker\instslct.exe
    Microsoft Age of Empires II --> "C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
    Microsoft Halo Trial --> "C:\Program Files\Microsoft Games\Halo Trial\UNINSTAL.EXE" /runtemp /addremove
    Microsoft Works --> MsiExec.exe /I{6495D83E-3A5B-4674-A17F-3A6DDCDC0F89}
    Mozilla Firefox (2.0.0.6) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    Need for Speed™ Carbon --> C:\Program Files\Electronic Arts\Need for Speed Carbon\EAUninstall.exe
    Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
    Nero Digital --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
    NeroVision Express Content --> C:\WINDOWS\UNNVEContent.exe /UNINSTALL
    NHL 2001 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBA471C0-5EF2-11D4-0091-A500A0245DC0}\setup.exe" -l0xb Uninstall
    Norman Virus Control --> C:\Norman\NVC\BIN\DelNVC5.exe
    NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
    OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{6B44B1E0-D79F-402E-B803-F44572071E4A}
    Outlook-työkalurivi (Windows Live Toolbar) --> MsiExec.exe /X{EB36F61F-53CD-4813-BB7F-75B16AAC1713}
    Ponnahdusikkunoiden esto (Windows Live Toolbar) --> MsiExec.exe /X{7A888168-7E7D-477C-9490-24CEB079435B}
    PowerArchiver --> C:\Documents and Settings\Mikko\omat tiedostot\mikon kansio\PowerArchiver\UNINST.EXE
    Prince of Persia The Sands of Time (Demo) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DCB4319C-D746-475B-B604-3D42C5564383}\Setup.exe" -l0x9
    Prince of Persia Warrior Within --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6B7E731-A9E1-4AEC-A1E7-2E63646647FE}\setup.exe" -l0x9
    QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
    RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
    RPG Maker 2000 1.07b --> C:\WINDOWS\UnGins.exe "C:\Documents and Settings\Mikko\omat tiedostot\mikon kansio\rpg maker\install.log"
    RTP for RM2K (Png, Wav, Midi, Fonts) --> C:\WINDOWS\UnGins.exe "C:\Documents and Settings\Mikko\omat tiedostot\mikon kansio\rpg maker\RTP\install.log"
    S.W.I.N.E. demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BF7A3AC-C530-4BE0-B939-3E4385CAB456}\Setup.exe"
    Selaus välilehtiä käyttäen (Windows Live Toolbar) --> MsiExec.exe /X{E14FC354-9ED8-4D79-A7DA-356D66BF5F54}
    Skype 3.0 --> "C:\Documents and Settings\Mikko\My Documents\mikon kansio\Phone\unins000.exe"
    Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
    Steam(TM) --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
    Suomen linnut --> C:\WINDOWS\unin040b.exe -f"C:\Program Files\Suomen linnut\DeIsL1.isu" -c"C:\Program Files\Suomen linnut\_ISREG32.DLL"
    Syötteen tunnistus (Windows Live Toolbar) --> MsiExec.exe /X{71A52B94-5BF1-4B0A-8098-37A9D495D5D8}
    Text-To-Speech-Runtime --> MsiExec.exe /X{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}
    The Sims Keräilykokoelma --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F2527115-B8BF-4FDB-B5DA-5AADFB7C13E1}\setup.exe" -l0xb -l000b
    Tom Clancy's Splinter Cell 3 - Chaos Theory --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{41188D27-E354-40A2-9C38-E361E830A9C1}\setup.exe" -l0x9 -removeonly
    Tom Clancy's Splinter Cell Double Agent Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{501BB464-E875-4E1E-9CF4-8C445DDAE01E}\setup.exe" -l0x9 -removeonly
    Tomb Raider: Legend Demo --> "C:\Documents and Settings\Mikko\omat tiedostot\mikon kansio\steam\steam.exe" steam://uninstall/7030
    Trophy Hunter 2003 - Rocky Mountain Adventures --> "C:\Documents and Settings\Mikko\omat tiedostot\mikon kansio\Trophy hunter\Trophy Hunter 2003\unins000.exe"
    Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
    Viljele --> C:\WINDOWS\uninst.exe -fC:\Pihlajakumpu\Viljele\DeIsL1.isu -cC:\Pihlajakumpu\Viljele\_ISREG32.DLL
    Windows Live Messenger --> MsiExec.exe /I{DF6FEB75-A0D1-44E5-A754-0072D4967734}
    Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
    Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {E33C2495-B60D-4073-80CD-90DC2E66966B}
    Windows Live Toolbar --> MsiExec.exe /X{E33C2495-B60D-4073-80CD-90DC2E66966B}
    Windows Live Toolbarin laajennus (Windows Live Toolbar) --> MsiExec.exe /X{2C4BFAFE-F698-421B-8687-4CBF9A5FD5E0}
    Windows Messenger 5.1 --> MsiExec.exe /I{9D1C26BD-E792-4159-9D16-07EA222D8EF0}
    Windows Messenger 5.1 MUI Pack --> MsiExec.exe /I{F3CBA4E6-436E-4B51-9651-93830EE38616}
    Windows XP Media Center Edition 2005 KB914548 --> "C:\WINDOWS\$NtUninstallKB914548$\spuninst\spuninst.exe"
    WinRAR archiver --> C:\Documents and Settings\Mikko\omat tiedostot\winrar\uninstall.exe
    WinZip --> "C:\Documents and Settings\Mikko\omat tiedostot\mikon kansio\WinZip\WINZIP32.EXE" /uninstall
    Wolfenstein - Enemy Territory --> C:\DOCUME~1\Mikko\OMATTI~1\MIKONK~1\RETURN~1\Uninstall\Unwise.exe /u C:\DOCUME~1\Mikko\OMATTI~1\MIKONK~1\RETURN~1\Uninstall\Install.log


    -- Application Event Log -------------------------------------------------------

    Event ID #3556: Warning
    Event Submitted/Written: 08/05/2007 08:03:42 PM
    Event Source: Userenv
    Event Description:
    Windows tallensi käyttäjän FUJITSU\Mikko rekisterin, kun jokin sovellus tai palvelu käytti yhä rekisteriä uloskirjautumisen aikana. Käyttäjän rekisterin varaamaa muistia ei ole vapautettu. Rekisterin lataus poistetaan, kun rekisteri ei ole enää käytössä.


    Tähän on usein syynä käyttäjän tilin avulla suoritettavat palvelut. Määritä palvelut LocalService- tai NetworkService-tilin avulla suoritettaviksi.

    Event ID #3555: Error
    Event Submitted/Written: 08/05/2007 06:17:33 PM
    Event Source: Application Error
    Event Description:
    Virhesovellus hl2.exe, versio 0.0.0.0, moduuli studiorender.dll, versio 0.0.0.0, osoite 0x0003197a.
    Käsitellään mediakohtaista tapahtumaa: [hl2.exe!ws!]

    Event ID #3546: Success
    Event Submitted/Written: 08/05/2007 03:41:17 PM
    Event Source: usnjsvc
    Event Description:
    The Messenger Sharing USN Journal Reader service started successfully.

    Event ID #3531: Warning
    Event Submitted/Written: 08/05/2007 11:48:03 AM
    Event Source: Userenv
    Event Description:
    Windows tallensi käyttäjän FUJITSU\Mikko rekisterin, kun jokin sovellus tai palvelu käytti yhä rekisteriä uloskirjautumisen aikana. Käyttäjän rekisterin varaamaa muistia ei ole vapautettu. Rekisterin lataus poistetaan, kun rekisteri ei ole enää käytössä.


    Tähän on usein syynä käyttäjän tilin avulla suoritettavat palvelut. Määritä palvelut LocalService- tai NetworkService-tilin avulla suoritettaviksi.

    Event ID #3509: Success
    Event Submitted/Written: 08/04/2007 00:56:28 PM
    Event Source: usnjsvc
    Event Description:
    The Messenger Sharing USN Journal Reader service started successfully.



    -- Security Event Log ----------------------------------------------------------

    No Errors/Warnings found.


    -- System Event Log ------------------------------------------------------------

    Event ID #16007: Error
    Event Submitted/Written: 08/05/2007 08:04:36 PM
    Event Source: Dhcp
    Event Description:
    DHCP-palvelin 192.168.0.1 eväsi IP-osoitteen 81.209.49.187 verkkokortilta, jonka verkko-osoite on 001731FA22C5
    (DHCP-palvelin lähetti DHCPNACK-sanoman).

    Event ID #15966: Error
    Event Submitted/Written: 08/05/2007 00:10:43 PM
    Event Source: Dhcp
    Event Description:
    DHCP-palvelin 192.168.0.1 eväsi IP-osoitteen 81.209.49.187 verkkokortilta, jonka verkko-osoite on 001731FA22C5
    (DHCP-palvelin lähetti DHCPNACK-sanoman).

    Event ID #15935: Error
    Event Submitted/Written: 08/05/2007 11:48:59 AM
    Event Source: Dhcp
    Event Description:
    DHCP-palvelin 192.168.0.1 eväsi IP-osoitteen 81.209.49.187 verkkokortilta, jonka verkko-osoite on 001731FA22C5
    (DHCP-palvelin lähetti DHCPNACK-sanoman).

    Event ID #15892: Warning
    Event Submitted/Written: 08/04/2007 11:54:10 PM
    Event Source: W32Time
    Event Description:
    Aikapalvelu ei ole voinut synkronoida järjestelmän kelloa 49152 sekuntiin, koska
    aikatoimittaja ei ole voinut toimittaa käytettävää aikaleimaa. Järjestelmän kelloa
    ei ole synkronoitu.

    Event ID #15840: Error
    Event Submitted/Written: 08/04/2007 10:14:35 AM
    Event Source: W32Time
    Event Description:
    Aikatoimittajan NTP-asiakas on määritetty hakemaan aika vähintään yhdestä
    aikalähteestä, mutta yksikään lähde ei ole käytettävissä. Aikalähteeseen ei yritetä
    muodostaa yhteyttä 15 minuuttiin.
    NTP-asiakkaan käytettävissä ei ole tarkkaa aikalähdettä.



    -- End of Deckard's System Scanner: finished at 2007-08-05 at 20:13:46 ---------

    Ja lopuksi vielä HjT-logi:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:18:10, on 5.8.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Norman\Npm\bin\ELOGSVC.EXE
    C:\Norman\Npm\Bin\Zanda.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Norman\Npm\bin\ZLH.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\Comodo\Firewall\CPF.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Norman\Nvc\BIN\NIP.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\Comodo\Firewall\cmdagent.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\Norman\Npm\bin\NJEEVES.EXE
    C:\Norman\Nvc\BIN\NVCSCHED.EXE
    C:\Norman\Nvc\bin\nvcoas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\alg.exe
    C:\Norman\Nvc\bin\cclaw.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\HjT\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BitDownload] "C:\Documents and Settings\Mikko\omat tiedostot\mikon kansio\Return to Castle Wolfenstein\koodit\BitDownload\BitDownload.exe" /minimized
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?4c8e0a08c4974ce899d04c5dca5a44d6
    O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?4c8e0a08c4974ce899d04c5dca5a44d6
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://onecare.live.com
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
    O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
    O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
    O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

    --
    End of file - 7152 bytes
     
    Marzie, Aug 5, 2007
    #5
  6. Auttaja

    Auttaja Guest

    Poista nämä ohjausapaneelin lisää/poista sovelluksen kautta

    BitDownload 1.5.4 --> C:\Documents and Settings\Mikko\omat tiedostot\mikon kansio\Return to Castle Wolfenstein\koodit\BitDownload\Uninstall.exe
    CiD Help --> C:\DOCUME~1\Mikko\APPLIC~1\CREATI~1\amendraw.exe -uninstall

    nää kansiot

    C:\Documents and Settings\Mikko\omat tiedostot\mikon kansio\Return to Castle Wolfenstein\koodit\BitDownload
    C:\DOCUME~1\Mikko\APPLIC~1\CREATI~1

    =======

    Lataa HostsXpert.zip:
    [*]Pura HostsXpert sopivaan kansioon, kuten C:\Hoster
    [*]Aja HostsXpert.exe sen uudesta kansiosta
    [*]Klikkaa "Make Hosts Writable?" oikeassa yläkulmassa (jos toiminnassa)
    [*]Klikkaa "Restore Microsoft's Hosts File" ja sitten OK
    [*]Sulje ohjelma.a
    Huomaa: JOS käytit mukautettuja Hosts-filuja, sinun täytyy laitta
    a yksikin niistä riveistä itse takaisin.

    ======

    Lataa Deckard's System Scanner Työpöydällesi.

    Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman.

    [*]Sulje kaikki avoimet ikkunat ja ohjelmat.
    [*]Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita.
    [*]Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt
    [*]Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V )
    [*]kopioi ja liitä Main.txt sisältö seuraavaan vastaukseesi.
     
    Last edited by a moderator: Aug 5, 2007
    Auttaja, Aug 5, 2007
    #6
  7. Marzie

    Marzie Member

    Joined:
    Aug 4, 2007
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    11
    Deckard's System Scanner v20070804.61
    Run by Mikko on 2007-08-06 at 11:40:22
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as Mikko.exe) -----------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:40:30, on 6.8.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Norman\Npm\bin\ELOGSVC.EXE
    C:\Norman\Npm\Bin\Zanda.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Comodo\Firewall\cmdagent.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\Norman\Nvc\BIN\NVCSCHED.EXE
    C:\Norman\Npm\bin\NJEEVES.EXE
    C:\Norman\Nvc\bin\nvcoas.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Norman\Npm\bin\ZLH.EXE
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\Comodo\Firewall\CPF.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Norman\Nvc\BIN\NIP.EXE
    C:\Norman\Nvc\bin\cclaw.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\documents and settings\mikko\omat tiedostot\mikon kansio\steam\steamapps\makko90\counter-strike source\hl2.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Documents and Settings\Mikko\omat tiedostot\Vastaanotetut tiedostot\dss.exe
    C:\HjT\HIJACK~2\Mikko.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BitDownload] "C:\Documents and Settings\Mikko\omat tiedostot\mikon kansio\Return to Castle Wolfenstein\koodit\BitDownload\BitDownload.exe" /minimized
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?4c8e0a08c4974ce899d04c5dca5a44d6
    O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?4c8e0a08c4974ce899d04c5dca5a44d6
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://onecare.live.com
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
    O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
    O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
    O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

    --
    End of file - 7374 bytes

    -- Files created between 2007-07-06 and 2007-08-06 -----------------------------

    2007-08-06 11:32:10 0 d-------- C:\hoster
    2007-08-05 20:04:41 0 d-------- C:\Documents and Settings\Mikko\Application Data\Comodo
    2007-08-05 20:04:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
    2007-08-05 20:01:51 0 d-------- C:\Program Files\Comodo
    2007-08-05 12:09:04 0 d-------- C:\NoLopBackups
    2007-08-05 11:46:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
    2007-08-03 21:28:30 0 d-------- C:\Documents and Settings\Mikko\Application Data\Lavasoft
    2007-07-21 12:49:15 0 d-------- C:\Program Files\EA GAMES


    -- Find3M Report ---------------------------------------------------------------

    2007-08-05 12:41:34 4356 --a------ C:\Documents and Settings\Mikko\Application Data\wklnhst.dat
    2007-08-03 19:56:10 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-08-02 17:47:01 0 d-------- C:\Documents and Settings\Mikko\Application Data\LimeWire
    2007-07-24 18:15:55 0 d-------- C:\Documents and Settings\Mikko\Application Data\Template
    2007-07-06 22:22:19 2067 --a------ C:\Documents and Settings\Mikko\Application Data\HPSU_48BitScanUpdate.log
    2007-07-06 22:10:07 348 --a------ C:\Documents and Settings\Mikko\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
    2007-07-06 22:10:03 0 --a------ C:\Documents and Settings\Mikko\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log
    2007-07-06 22:09:52 2797 --a------ C:\Documents and Settings\Mikko\Application Data\PatchUpdate_InstantShareJPG.log
    2007-07-06 22:09:43 3558 --a------ C:\Documents and Settings\Mikko\Application Data\PatchUpdate_IZClosingDiscError.log
    2007-07-06 22:05:11 46566 --a------ C:\Documents and Settings\Mikko\Application Data\Update_HP_RedboxHprblog_HPSU.log
    2007-07-06 22:03:12 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll <Not Verified; Hewlett Packard; Hewlett Packard Rediscovery Library>
    2007-07-06 21:59:09 0 d-------- C:\Documents and Settings\Mikko\Application Data\Skype
    2007-06-12 15:50:29 796672 --a------ C:\WINDOWS\GPInstall.exe <Not Verified; Qsc; GP-Install>
    2007-05-14 18:40:19 720 --a------ C:\WINDOWS\mozver.dat


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [05.08.2005 14:56]
    "RTHDCPL"="RTHDCPL.EXE" [28.06.2006 15:54 C:\WINDOWS\RTHDCPL.EXE]
    "SkyTel"="SkyTel.EXE" [16.05.2006 19:04 C:\WINDOWS\SkyTel.exe]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09.07.2001 12:50]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [22.10.2006 13:22]
    "nwiz"="nwiz.exe" [22.10.2006 12:22 C:\WINDOWS\system32\nwiz.exe]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [11.05.2005 23:12]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [14.03.2007 03:43]
    "Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [27.04.2007 13:58]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [25.10.2006 19:58]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30.10.2006 10:36]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [14.05.2007 18:39]
    "NvMediaCenter"="NvMCTray.dll" [22.10.2006 13:22 C:\WINDOWS\system32\nvmctray.dll]
    "COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [05.08.2007 20:01]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [10.08.2004 15:00]
    "Steam"="" []
    "BitDownload"="C:\Documents and Settings\Mikko\omat tiedostot\mikon kansio\Return to Castle Wolfenstein\koodit\BitDownload\BitDownload.exe" []

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "RunNarrator"=Narrator.exe

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23.9.2005 23:05:26]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11.5.2005 23:23:26]
    HP Image Zone -pikak„ynnistys.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [12.5.2005 0:49:24]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    AutoRun\command- D:\AUTORUN.EXE




    -- End of Deckard's System Scanner: finished at 2007-08-06 at 11:40:48 ---------
     
    Marzie, Aug 6, 2007
    #7
  8. Auttaja

    Auttaja Guest

    O4 - HKCU\..\Run: [BitDownload] "C:\Documents and Settings\Mikko\omat tiedostot\mikon kansio\Return to Castle Wolfenstein\koodit\BitDownload\BitDownload.exe" /minimized

    fixaa tää hjtllä (avaa hjt, merkkaa ja paina fix checked)

    ======

    Pysy puhtaana

    -> Tyhjennä järjestelmänpalautus Ohjeet
    Tyhjennä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä.

    -> Käytä CCleaneria -> CCleaner
    Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.

    -> Asenna SpywareBlaster -> SpywareBlaster
    SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia!
    Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas

    -> Asenna MVPS Hosts tiedosto -> MVPS Hosts
    Estää koneesi yhteyden haitallisiin sivustoihin.
    Opas saatavilla suomeksi! Nimimerkki Axelin opas

    -> Vaihda selaimesi Firefoxiin -> Firefox
    Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer.

    -> Pidä järjestelmäsi ajantasalla. -> Windows Update
    Vieraile Windows Updatessa säännöllisesti.

    -> Pidä palomuuri ja virustorjunta ajantasalla
    Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi.
    ja hyvä myös escan http://koti.mbnet.fi/pattaya1/escanmwav.htm

    ->Pidä ohjelmistosi ajantasalla. -> Secunia Software Inspector
    Secunia Software Inspector tutkii sinun järjestälmäsi ja ohjelmistosi puuttuvien turvallisuuspäivityksien osalta. Tavallinen tutkinta kestää normaalisti 5-40 sekuntia, kun läpikotainen (thorough system inspection) voi kestää useita minuutteja.

    ->Seuraa säännöllisesti viestintäviraston tietoja uusista haavoittuvuuksista -> CERT-FI

    Jos tulevaisuudessa tulee haittaohjelmien kanssa ongelmia, älä epäröi laittaa Hijackthis-logia tarkistettavaksi!
     
    Auttaja, Aug 7, 2007
    #8
  9. smake

    smake Member

    Joined:
    Aug 7, 2007
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    11

     
    Last edited: Aug 7, 2007
    smake, Aug 7, 2007
    #9
  10. Auttaja

    Auttaja Guest

    Avaappa oma ketju aiheellesi ja editoi viesti pois tästä ketjusta.. kiitos.. smake..
     
    Auttaja, Aug 7, 2007
    #10

Share This Page