Eli koneeni alkoi tökkiä. Ensiksi F-seccure(soneran kautta)alkoi herjaamaan että "virustunnisteet ovat todella vanhoja" vaikka se päivittää niitä. Sit äsken kone alkoi käynnistyä itsekseen uudelleen ja käynnistyi siihen asti että sai taustakuvan ladattua ja sen jälkeen sama homma. Ajoin äsken tuon Hijacthis ohjelman läpi (do the system scan only, mutta kun en ihan varmasti ymmärrä mitä siinä on niin laitan sen tänne liitteeksi jottei tule tehtyä kämmiä! Eli kertokaahan viisaammat mitä siitä käy ilmi ! Logfile of HijackThis v1.99.1 Scan saved at 20:29:06, on 2.12.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE C:\Program Files\Sonera Tietoturva\Anti-Virus\FSGK32.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Sonera Tietoturva\Common\FSMB32.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Sonera Tietoturva\Common\FCH32.EXE C:\Program Files\Sonera Tietoturva\Common\FAMEH32.EXE C:\Program Files\Sonera Tietoturva\Anti-Virus\fsqh.exe C:\Program Files\Sonera Tietoturva\FSAUA\program\fsaua.exe C:\Program Files\Sonera Tietoturva\Anti-Virus\fssm32.exe C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Sonera Tietoturva\FSAUA\program\fsus.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\hphmon06.exe C:\HP\KBD\KBD.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Sonera Tietoturva\FSGUI\fsguidll.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Sonera Tietoturva\Anti-Virus\fsav32.exe C:\PROGRA~1\Grisoft\AVG7\avgwb.dat C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe C:\Documents and Settings\HP_Omistaja\Työpöytä\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q305&bd=pavilion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q305&bd=pavilion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q305&bd=pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q305&bd=pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q305&bd=pavilion&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Sonera Tietoturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O10 - Unknown file in Winsock LSP: c:\program files\sonera tietoturva\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\sonera tietoturva\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\sonera tietoturva\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\sonera tietoturva\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\sonera tietoturva\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\sonera tietoturva\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\sonera tietoturva\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\sonera tietoturva\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\sonera tietoturva\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\sonera tietoturva\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\sonera tietoturva\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\sonera tietoturva\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\sonera tietoturva\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\sonera tietoturva\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\sonera tietoturva\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\sonera tietoturva\fsps\program\fslsp.dll O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0F2F3121-75E2-4C60-9977-C1ADC3D5F3DC} (IFIUploader Control) - http://web1.ifi.fi/WebUpload/ActiveX/IfiUploader.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
Moron! ========= Avaa hijackthis merkkaa seuraavat rivi(t) ja paina fix checked, sulje muut ohjelmat siksi aikaa. O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - Tässä ohje miten merkataan: ========== Skannaa koneesi Ewido Online Scannerilla * Lataa Ewido_micro.exe tästä. * Tallenna tiedosto esimerkiksi työpöydälle. * Tuplaklikkaa Ewido_micro.exeä työpöydälläsi. * Ewido alkaa samantien päivittämään tunnisteitaan. Tässä voi mennä hetki. * Kun päivitykset on ladattu, varmista että kaikki kohdat ovat rastitettuja ikkunan vasemmassa laidassa. * Klikkaa vasemmalla alhaalla olevaa Start Scan -nappia. * Scannaus alkaa. Tässä voi kestää jonkun aikaa, riippuen tiedostojen määrästä. * Kun skannaus on valmis ja löytyneitä kohteita on, niin varmista, että kaikkien kohteiden vasemmalla puolella olevissa kohdissa on rastit. * Klikkaa Save report -nappia ja tallenna raportti vaikka työpöydälle. * Klikkaa Remove Infections -nappia. * Kun vastaat aukeavaan ilmoitukseen ok, niin kaikki saastuneet tiedostot poistetaan. * Poiston jälkeen voit sammuttaa Ewido Online Scannerin painamalla yläkulmassa olevaa punaista rastia. * Käynnistä kone nyt uudelleen ja postita tallentamasi raportti viestiketjuusi ========== Loistava ohje tietokoneeen nopeuttamiseksi http://neko.1g.fi/ohje/hidastelua.html ========== Jos sinulla ei ole tätä java versiota (6.2): Vanha java saastuttaa helposti koneesi! Javan päivitys ja välimuistin tyhjennys: 1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa. 2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... ) Niissä pitäisi olla seuraava kuva vieressä: 3. Valitse kaikki entiset Java versiosi ja valitse Poista. 4. Asenna uusin Java päivitys seuraavasta linkistä.. 5. Käynnistä kone uudelleen asennuksen jälkeen: http://java.sun.com/javase/downloads/index.jsp tai http://www.filehippo.com/download_java_runtime/ Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u2 Paina Download Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se. 6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi). 7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia. (Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa. Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle). 8. Varmista että kaikki kaksi valintaa ovat rastitettuja: *Applications and Applets *Trace and Log Files Ja paina OK -nappia 9. Klikkaa OK "Temporary Files Settings" -ikkunassasi. 10. Klikkaa OK jättääksesi Java asetusikkunasi. ========== Lataa Deckard's System Scanner Työpöydällesi. Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman. [*]Sulje kaikki avoimet ikkunat ja ohjelmat. [*]Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita. [*]Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt [*]Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V ) [*]kopioi ja liitä Extra.txt & Main.txt sisältö seuraavaan vastaukseesi. ja ewido online skannerin raportti
Tässä tulee ewidon loki: __________________________________________________ ewido anti-spyware online scanner http://www.ewido.net __________________________________________________ Name: TrackingCookie.2o7 Path: C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@CA52NB8R.txt Risk: Medium Name: TrackingCookie.Statistik-gallup Path: C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@CA7KSD2F.txt Risk: Medium Name: TrackingCookie.2o7 Path: C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@CABHN1IF.txt Risk: Medium Name: TrackingCookie.Adbrite Path: :mozilla.6:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\g38q55cn.default\cookies.txt Risk: Medium Name: TrackingCookie.Adbrite Path: :mozilla.7:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\g38q55cn.default\cookies.txt Risk: Medium Name: TrackingCookie.Adbrite Path: :mozilla.26:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\g38q55cn.default\cookies.txt Risk: Medium Name: TrackingCookie.Adbrite Path: :mozilla.27:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\g38q55cn.default\cookies.txt Risk: Medium Name: TrackingCookie.Adbrite Path: :mozilla.28:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\g38q55cn.default\cookies.txt Risk: Medium Name: Adware.Altnet Path: C:\Documents and Settings\HP_Omistaja\Local Settings\Temp\asmfiles.cab/asm.exe Risk: Medium Name: Adware.Altnet Path: C:\Documents and Settings\HP_Omistaja\Local Settings\Temp\asmfiles.cab/asmps.dll Risk: Medium Ja tässä tulee Deckard's System loki main: Deckard's System Scanner v20070804.61 Run by HP_Omistaja on 2007-08-06 at 20:40:36 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 12: 2007-08-06 17:40:41 UTC - RP451 - Deckard's System Scanner Restore Point 11: 2007-08-06 16:20:54 UTC - RP450 - Installed Java(TM) 6 Update 2 10: 2007-08-06 16:16:47 UTC - RP449 - Removed J2SE Runtime Environment 5.0 Update 6 9: 2007-08-06 16:15:22 UTC - RP448 - Removed J2SE Runtime Environment 5.0 8: 2007-08-06 15:38:42 UTC - RP447 - Järjestelmän tarkistuspiste -- First Restore Point -- 1: 2007-11-30 14:49:57 UTC - RP440 - Järjestelmän tarkistuspiste Backed up registry hives. Performed disk cleanup. -- HijackThis (run as HP_Omistaja.exe) ----------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 20:42:45, on 6.8.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\hphmon06.exe C:\WINDOWS\system32\rundll32.exe C:\HP\KBD\KBD.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE C:\Program Files\Sonera Tietoturva\Anti-Virus\FSGK32.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Sonera Tietoturva\Common\FSMB32.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Sonera Tietoturva\Common\FCH32.EXE C:\Program Files\Sonera Tietoturva\Common\FAMEH32.EXE C:\Program Files\Sonera Tietoturva\Anti-Virus\fsqh.exe C:\Program Files\Sonera Tietoturva\FSGUI\fsguidll.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Sonera Tietoturva\FSAUA\program\fsaua.exe C:\Program Files\Sonera Tietoturva\Anti-Virus\fssm32.exe C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe C:\Program Files\Sonera Tietoturva\FSAUA\program\fsus.exe C:\Program Files\Sonera Tietoturva\Anti-Virus\fsav32.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\svchost.exe C:\Documents and Settings\HP_Omistaja\Työpöytä\dss.exe C:\DOCUME~1\HP_OMI~1\TYPYT~1\HP_Omistaja.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q305&bd=pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q305&bd=pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Sonera Tietoturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O10 - Unknown file in Winsock LSP: c:\program files\sonera tietoturva\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\sonera tietoturva\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\sonera tietoturva\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\sonera tietoturva\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\sonera tietoturva\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\sonera tietoturva\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\sonera tietoturva\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\sonera tietoturva\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\sonera tietoturva\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\sonera tietoturva\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\sonera tietoturva\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\sonera tietoturva\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\sonera tietoturva\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\sonera tietoturva\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\sonera tietoturva\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\sonera tietoturva\fsps\program\fslsp.dll O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0F2F3121-75E2-4C60-9977-C1ADC3D5F3DC} (IFIUploader Control) - http://web1.ifi.fi/WebUpload/ActiveX/IfiUploader.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- HijackThis Fixed Entries (C:\DOCUME~1\HP_OMI~1\TYPYT~1\backups\) ------------ backup-20070806-191037-561 O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- S1 intelppm (Intel-suoritinohjain) - c:\windows\system32\drivers\intelppm.sys (file missing) S2 MEUHFOYN - c:\windows\system32\meuhfoyn.qar (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Wireless LAN PCI 802.11 a/b/g adapter WN5401A Device ID: PCI\VEN_168C&DEV_001B&SUBSYS_500011AD&REV_01\4&1C88B56&0&00A4 Manufacturer: Liteon Name: Wireless LAN PCI 802.11 a/b/g adapter WN5401A PNP Device ID: PCI\VEN_168C&DEV_001B&SUBSYS_500011AD&REV_01\4&1C88B56&0&00A4 Service: WN5401 Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A} Description: Nokia Windows Portable Device Driver Device ID: ROOT\WPD\0000 Manufacturer: Nokia Name: Nokia N70 PNP Device ID: ROOT\WPD\0000 Service: WUDFRd Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A} Description: Nokia N70 Device ID: ROOT\WPD\0001 Manufacturer: Nokia Name: Nokia N70 PNP Device ID: ROOT\WPD\0001 Service: WUDFRd -- Scheduled Tasks ------------------------------------------------------------- 2007-08-06 19:43:09 266 --a------ C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job 2006-04-16 23:45:20 304 --a------ C:\WINDOWS\Tasks\WebReg psc 1600 series.job -- Files created between 2007-07-06 and 2007-08-06 ----------------------------- 2007-12-02 22:01:41 0 d-------- C:\Program Files\RegCleaner 2007-12-02 19:14:44 0 d-------- C:\Documents and Settings\HP_Omistaja\.housecall6.6 2007-11-30 21:28:10 0 d-------- C:\Documents and Settings\All Users\Application Data\F-Secure 2007-11-30 21:27:32 0 d-------- C:\Program Files\Sonera Tietoturva 2007-11-30 21:27:19 0 d-------- C:\Documents and Settings\All Users\Application Data\fssg 2007-08-06 19:20:57 0 d-------- C:\Program Files\Java 2007-08-06 19:20:55 0 d-------- C:\Program Files\Common Files\Java 2007-08-02 21:31:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2007-07-08 20:05:32 32768 --a------ C:\WINDOWS\system32\FrogASPI.DLL <Not Verified; Frog ASPI / Millenod; frogaspi.dll> 2007-07-08 20:05:30 86016 --a------ C:\WINDOWS\system32\WNASPINT.DLL <Not Verified; NexiTech, Inc.; NexiTech ASPI for Win32> -- Find3M Report --------------------------------------------------------------- 2007-12-01 22:15:33 0 d-------- C:\Program Files\Windows Live Safety Center 2007-08-06 19:20:55 0 d-------- C:\Program Files\Common Files 2007-08-02 21:35:26 365666 --a------ C:\WINDOWS\system32\perfh00B.dat 2007-08-02 21:35:26 70106 --a------ C:\WINDOWS\system32\perfc00B.dat 2007-07-24 08:31:41 0 d-------- C:\Program Files\DC++ 2007-06-29 21:44:20 0 d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Skype 2007-06-27 20:23:21 0 d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Ahead 2007-05-29 18:48:47 66992 --a------ C:\Documents and Settings\HP_Omistaja\Application Data\NMM-MetaData.db 2007-05-27 16:56:07 10 --a------ C:\WINDOWS\smdat32m.sys -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [07.05.1998 19:04] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [24.02.2005 17:32] "nwiz"="nwiz.exe" [24.02.2005 17:32 C:\WINDOWS\system32\nwiz.exe] "AGRSMMSG"="AGRSMMSG.exe" [29.06.2004 20:06 C:\WINDOWS\AGRSMMSG.exe] "HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [07.06.2004 22:34] "HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [07.06.2004 22:29] "KBD"="C:\HP\KBD\KBD.EXE" [03.02.2005 01:44] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [14.10.2004 00:04] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [14.04.2004 23:43] "PS2"="C:\WINDOWS\system32\ps2.exe" [26.10.2004 00:17] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [14.10.2004 23:54] "Reminder"="C:\Windows\Creator\Remind_XP.exe" [14.12.2004 02:23] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [08.10.2004 12:52] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [18.01.2005 18:47] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [18.01.2005 18:37] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09.07.2001 12:50] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01.01.2005 23:46] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [23.03.2007 13:20] "F-Secure Manager"="C:\Program Files\Sonera Tietoturva\Common\FSM32.exe" [26.04.2007 20:12] "F-Secure TNB"="C:\Program Files\Sonera Tietoturva\FSGUI\TNBUtil.exe" [26.04.2007 20:10] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12.07.2007 04:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [16.06.2006 14:38] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [18.01.2005 18:07] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [15.09.2004 15:00] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30.03.2006 17:45] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [22.4.2007 15:13:06] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23.9.2005 23:05:26] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5.11.2004 3:28:24] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [14.2.2006 19:51:53] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [17.2.1999 21:05:56] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Usnsvc usnsvc -- End of Deckard's System Scanner: finished at 2007-08-06 at 20:44:11 --------- ja toinen extra Deckard's System Scanner v20070804.61 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: Other (040B) - see http://preview.tinyurl.com/mhhp6 CPU 0: AMD Athlon(tm) 64 Processor 3200+ Percentage of Memory in Use: 43% Physical Memory (total/avail): 1022.48 MiB / 577.81 MiB Pagefile Memory (total/avail): 2458.92 MiB / 2051.77 MiB Virtual Memory (total/avail): 2047.88 MiB / 1950.71 MiB C: is Fixed (NTFS) - 180.3 GiB total, 132.19 GiB free. D: is Fixed (FAT32) - 5.99 GiB total, 2.43 GiB free. E: is CDROM (No Media) F: is CDROM (No Media) G: is Removable (No Media) H: is Removable (No Media) I: is Removable (No Media) J: is Removable (No Media) -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. FirstRunDisabled is set. FW: Sonera Tietoturva 7.00 v7.00 (F-Secure Corporation) AV: Sonera Tietoturva 7.00 v7.00 (F-Secure Corporation) [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000" [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Suorita DLL sovelluksena" "C:\\Kaspersky\\kavupd.exe"="C:\\Kaspersky\\kavupd.exe:*:Enabled:kavupd" "C:\\Program Files\\Namo\\WebEditor 5\\bin\\WebEditor.exe"="C:\\Program Files\\Namo\\WebEditor 5\\bin\\WebEditor.exe:*:Enabled:Namo WebEditor 5" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000" "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus" "C:\\Program Files\\Kazaa Lite\\KazaaLite.kpp"="C:\\Program Files\\Kazaa Lite\\KazaaLite.kpp:*:Enabled:Kazaa Lite" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe"="C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe:*isabled2P Networking" "C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:EnabledC++" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\HP_Omistaja\Application Data CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=YOUR-B62381BA23 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\HP_Omistaja LOGONSERVER=\\YOUR-B62381BA23 NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\PROGRA~1\MICROS~2\Office PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 2, AuthenticAMD PROCESSOR_LEVEL=15 PROCESSOR_REVISION=2f02 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\ SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\HP_OMI~1\LOCALS~1\Temp TMP=C:\DOCUME~1\HP_OMI~1\LOCALS~1\Temp USERDOMAIN=YOUR-B62381BA23 USERNAME=HP_Omistaja USERPROFILE=C:\Documents and Settings\HP_Omistaja windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- HP_Omistaja (admin) -- Add/Remove Programs --------------------------------------------------------- --> "C:\Program Files\Sonera Tietoturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner" --> "C:\Program Files\Sonera Tietoturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware" --> "C:\Program Files\Sonera Tietoturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer" --> "C:\Program Files\Sonera Tietoturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus" --> "C:\Program Files\Sonera Tietoturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent" --> "C:\Program Files\Sonera Tietoturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS" --> "C:\Program Files\Sonera Tietoturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics" --> "C:\Program Files\Sonera Tietoturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning" --> "C:\Program Files\Sonera Tietoturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES" --> "C:\Program Files\Sonera Tietoturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface" --> "C:\Program Files\Sonera Tietoturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini" --> "C:\Program Files\Sonera Tietoturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI" --> "C:\Program Files\Sonera Tietoturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help" --> "C:\Program Files\Sonera Tietoturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS" --> "C:\Program Files\Sonera Tietoturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield" --> "C:\Program Files\Sonera Tietoturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API" --> "C:\Program Files\Sonera Tietoturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent" --> "C:\Program Files\Sonera Tietoturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine" --> "C:\Program Files\Sonera Tietoturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner" --> "C:\Program Files\Sonera Tietoturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB" --> "C:\Program Files\Sonera Tietoturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall" --> c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205} --> c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382} --> c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629} --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll" Adobe Reader 7.0.8 - Suomi --> MsiExec.exe /I{AC76BA86-7AD7-1035-7B44-A70500000002} Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log Agere Systems PCI Soft Modem --> agrsmdel Automaattiset valikot (Windows Live Toolbar) --> MsiExec.exe /X{AD211425-49BE-48D4-889C-C614DA6AC4AD} Canon Camera Support Core Library --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{5662C158-CA24-4228-BF6C-596FADA08682} /l1033 Canon Camera Window DS for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{7B847C9D-6758-45E6-B598-3BD8F43EAE9E} Canon Camera Window DVC for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A70D14C6-FF2C-4B8E-A643-7E74EC607614} Canon Camera Window for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E73534D5-CC93-4C63-9072-5A9734255C74} Canon Internet Library for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{954BF446-BBC9-42CC-87A6-EBF0D55CA19A} Canon MovieEdit Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{DEB416DB-4FA9-42B6-84D3-1E0081300C9E} Canon PhotoRecord --> MsiExec.exe /X{862983D7-FA08-493E-A9ED-6B7859E069D3} Canon RAW Image Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A0F34E4E-25F0-4B68-AE8F-EF0C15CB1FED} Canon RemoteCapture Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{28291BD5-92D2-4685-82DC-CCA925C53CCA} Canon Utilities PhotoStitch 3.1 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{218BBBE3-FE63-4BB2-81A8-7435575A84FA} Canon ZoomBrowser EX --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2} Data Access Objects (DAO) 3.5 --> C:\Program Files\Common Files\Microsoft Shared\DAO\Remove.EXE C:\WINDOWS\UNINST.EXE -fC:\PROGRA~1\COMMON~1\MICROS~1\DAO\DeIsL1.isu DC++ 0.674 --> "C:\Program Files\DC++\uninstall.exe" DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe" HijackThis 1.99.1 --> C:\Documents and Settings\HP_Omistaja\Työpöytä\HijackThis.exe /uninstall Hotfix-päivitys Windows XP:lle (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe" Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" HP Deskjet Printer Preload --> MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0} HP Image Zone 4.8.6 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat HP Image Zone Plus 4.8.6 --> C:\Program Files\HP\Digital Imaging\{32498B7B-E1F3-4ad5-A23B-F26414E94BE0}\setup\hpzscr01.exe -datfile hpdscr01.dat HP Photosmart -kamerat 4.5 --> C:\Program Files\HP\Digital Imaging\{ABA2B37F-AB88-486e-870A-52454A23FEE0}\setup\hpzscr01.exe -datfile hpiscr01.dat HP PSC & OfficeJet 4.7 --> "C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat HP Software Update --> MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1} HPIZplus450 --> MsiExec.exe /X{0E484A60-A429-49A8-982C-D6475F1E80A9} IFI OnlineFoto --> C:\PROGRA~1\IFI\ONLINE~1\UNWISE.EXE C:\PROGRA~1\IFI\ONLINE~1\INSTALL.LOG InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL Ipswitch WS_FTP Home 2006 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11DE2361-9F73-47B3-B638-2F267927E307}\setup.exe" -l0x9 iTunes --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE20E2F5-1903-4AAE-B1AF-2046E586C925} Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} KBD --> C:\HP\KBD\KBD.EXE uninstalled Lisäohjeet ja -tuki --> WScript.exe C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\eHelpSetup.jse eHelpUninstall Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0xb UNINSTALL Logitech Print Service --> C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG Logitech QuickCam Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x9 Logitech® Camera -ohjain --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Office 2000 Professional --> MsiExec.exe /I{0001040B-78E1-11D2-B60F-006097C998E7} Microsoft Publisher 98 --> C:\Program Files\Microsoft Office\Office\Asennus\Asenna.exe /m Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe" Namo WebEditor 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0696CA8-CD01-4E27-BB5E-702CA0A9ED29}\setup.exe" Nero Media Player --> C:\WINDOWS\UNNMP.exe /UNINSTALL Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL NeroVision Express 2 --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL NeroVision Express Content --> C:\WINDOWS\UNNVEContent.exe /UNINSTALL Nokia Connectivity Cable Driver --> MsiExec.exe /X{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1} Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Nokia_PC_Suite_683_rel_14_1_fin_web[1].exe /LANG="1035" Nokia PC Suite --> MsiExec.exe /I{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2} NVIDIA Drivers --> C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{E9B3A621-DCC5-4649-940C-6456CF0AF9DA} Outlook-työkalurivi (Windows Live Toolbar) --> MsiExec.exe /X{EB36F61F-53CD-4813-BB7F-75B16AAC1713} PC Connectivity Solution --> MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E} Photosmart 320,370,7400,8100,8400 Series (fin) --> C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe -datfile hphscr01.dat Päivitys Windows XP:lle (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe" Ponnahdusikkunoiden esto (Windows Live Toolbar) --> MsiExec.exe /X{7A888168-7E7D-477C-9490-24CEB079435B} PS2 --> C:\WINDOWS\system32\ps2.exe uninstall Python 2.2 pywin32 extensions (build 203) --> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log" Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log Samsung CamCorder Driver --> C:\WINDOWS\Uninstall.exe Samsung Video Codec 1.1 Uninstall --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_SMP4 132 C:\WINDOWS\INF\install.inf Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Skype 3.1 --> "C:\Program Files\Skype\Phone\unins000.exe" Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03} Sonera Tietoturva --> "C:\Program Files\Sonera Tietoturva\FSGUI\PostInstall.exe" /tUnInstall Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29} Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382} Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629} Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205} Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" Suojauspäivitys ohjelmistolle Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB893066) --> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB905915) --> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe" Syötteen tunnistus (Windows Live Toolbar) --> MsiExec.exe /X{71A52B94-5BF1-4B0A-8098-37A9D495D5D8} The Coke Caps --> "C:\Program Files\TheCokeCaps\Uninstall.exe" "C:\Program Files\TheCokeCaps\install.log" Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33E\pccswpddriver.inf Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf Windows Live Messenger --> MsiExec.exe /I{82EE6040-0E3E-492C-AE37-7490B8A4DC45} Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT Windows Live Sign-in Assistant --> MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2} Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {E3D3E095-750A-4A43-91A0-7285DC5C79BF} Windows Live Toolbar --> MsiExec.exe /X{E3D3E095-750A-4A43-91A0-7285DC5C79BF} Windows Live Toolbarin laajennus (Windows Live Toolbar) --> MsiExec.exe /X{2C4BFAFE-F698-421B-8687-4CBF9A5FD5E0} Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windowsin ohjainpaketti - Nokia Modem (11/03/2006 6.82.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf WinRAR-pakkausohjelma --> C:\Program Files\WinRAR\uninstall.exe -- Application Event Log ------------------------------------------------------- Event ID #7667: Success Event Submitted/Written: 08/06/2007 08:26:19 PM Event Source: usnsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. Event ID #7666: Error Event Submitted/Written: 08/06/2007 07:46:59 PM Event Source: F-Secure Anti-Virus Event Description: 1 2007-08-06 19:46:58+03:00 your-b62381ba23 YOUR-B62381BA23\HP_Omistaja F-Secure Anti-Virus Spyware detected: Type: riskware Family: Name: RiskTool.Win32.PsKill Object: C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP441\A0049706.exe Event ID #7663: Warning Event Submitted/Written: 08/06/2007 07:24:16 PM Event Source: Userenv Event Description: Windows tallensi käyttäjän YOUR-B62381BA23\HP_Omistaja rekisterin, kun jokin sovellus tai palvelu käytti yhä rekisteriä uloskirjautumisen aikana. Käyttäjän rekisterin varaamaa muistia ei ole vapautettu. Rekisterin lataus poistetaan, kun rekisteri ei ole enää käytössä. Tähän on usein syynä käyttäjän tilin avulla suoritettavat palvelut. Määritä palvelut LocalService- tai NetworkService-tilin avulla suoritettaviksi. Event ID #7654: Success Event Submitted/Written: 08/06/2007 07:00:10 PM Event Source: usnsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. Event ID #7651: Warning Event Submitted/Written: 08/06/2007 09:42:42 AM Event Source: Userenv Event Description: Windows tallensi käyttäjän YOUR-B62381BA23\HP_Omistaja rekisterin, kun jokin sovellus tai palvelu käytti yhä rekisteriä uloskirjautumisen aikana. Käyttäjän rekisterin varaamaa muistia ei ole vapautettu. Rekisterin lataus poistetaan, kun rekisteri ei ole enää käytössä. Tähän on usein syynä käyttäjän tilin avulla suoritettavat palvelut. Määritä palvelut LocalService- tai NetworkService-tilin avulla suoritettaviksi. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event ID #31960: Error Event Submitted/Written: 08/06/2007 07:17:17 PM Event Source: Service Control Manager Event Description: Palvelu Sovellusten hallinta lopetettiin virheen takia. Virhe: %%126 Event ID #31957: Error Event Submitted/Written: 08/06/2007 07:17:17 PM Event Source: Service Control Manager Event Description: Palvelu Sovellusten hallinta lopetettiin virheen takia. Virhe: %%126 Event ID #31954: Error Event Submitted/Written: 08/06/2007 07:17:17 PM Event Source: Service Control Manager Event Description: Palvelu Sovellusten hallinta lopetettiin virheen takia. Virhe: %%126 Event ID #31951: Error Event Submitted/Written: 08/06/2007 07:17:17 PM Event Source: Service Control Manager Event Description: Palvelu Sovellusten hallinta lopetettiin virheen takia. Virhe: %%126 Event ID #31948: Error Event Submitted/Written: 08/06/2007 07:17:17 PM Event Source: Service Control Manager Event Description: Palvelu Sovellusten hallinta lopetettiin virheen takia. Virhe: %%126 -- End of Deckard's System Scanner: finished at 2007-08-06 at 20:44:11 --------- Tällaisiako pyysit ?
kyll Lataa LSPFix.exe http://www.cexx.org/lspfix.htm sopivaan kansioon. Vaikkapa työpöytä tai Program Files. ÄLÄ aja tätä ohjelmaa vielä; tätä tulee käyttää VAIN jos Kazaan poistamisen jälkeen katoaa nettiyhteys. Seuraavaksi lataa KazaaBegone.zip http://www.spywareinfo.com/~merijn/files/kazaabegone.zip , ja unzippaa se sopivaan kansioon, esim Program Fileseihin omaan kansioon (esim C:\Program Filea\KazaaBegone) Nyt käynnistä KazaaBegone; * Tupla-klikkaa KazaaBegone kansiosta johon sen purit. * Valitse Search & destroy all installed components * Klikkaa Go * Sulje KazaaBegone JOS menetät nettiyhteytesi kun olet Kazaan poistanut, tupla-klikkaa LSPFix.exe jonka latasit aiemmin. Rastita "I know what I'm doing" valinta. Näet kaksi paneelia; Jos on jotain listattu "Remove" paneeliin oikealla puolella, anna sen olla ja klikkaa "Finish>>". Seuraavaksi käynnistä uudelleen ja netin pitäisi toimia hyvin. Jos mitään ei ole listattu "Remove" paneeliin, ÄLÄ tee MITÄÄN - sulje LSPFix. Tule joltain toiselta koneelta hakemaan lisää neuvoa. (Tämä on vain varotoimenpide, useimmiten netti pysyy ihan kunnossa) ======== Kaspersky online-skanneri Skannaa koneesi Kaspersky Online Skannerilla Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä. [*] Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen. [*] Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next. [*] Klikkaa nyt asetuksia, Scan Settings [*] Tarkista asetuksista, että seuraavat ovat valittuina: o Scan using the following Anti-Virus database: + Extended (Jos valittavissa, muuten valitse Standard) o Scan Options: + Scan Archives + Scan Mail Bases [*] Klikkaa OK [*] Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer [*] Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut. [*] Klikkaa nyt Save as Text-painiketta. [*] Tallenna tiedosto työpöydällesi. [*] Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi.
Taas olisi tehty kuten edellä käskit. alla on kasperskyn raportti. Miltä näyttää ?! Wednesday, August 08, 2007 11:00:50 AM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.93.0 Kaspersky Anti-Virus database last update: 8/08/2007 Kaspersky Anti-Virus database records: 377012 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ Scan Statistics Total number of scanned objects 96274 Number of viruses found 0 Number of infected objects 0 Number of suspicious objects 0 Duration of the scan process 01:32:18 Infected Object Name Virus Name Last Action C:\Documents and Settings\All Users\Application Data\F-Secure\logs\FSMA\fsma.log Object is locked skipped C:\Documents and Settings\HP_Omistaja\Cookies\index.dat Object is locked skipped C:\Documents and Settings\HP_Omistaja\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\HP_Omistaja\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\HP_Omistaja\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\HP_Omistaja\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\HP_Omistaja\Local Settings\Sivuhistoria\History.IE5\MSHist012007080820070809\index.dat Object is locked skipped C:\Documents and Settings\HP_Omistaja\Local Settings\Temp\hpodvd09.log Object is locked skipped C:\Documents and Settings\HP_Omistaja\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\HP_Omistaja\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\HP_Omistaja\NTUSER.DAT Object is locked skipped C:\Documents and Settings\HP_Omistaja\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Sonera Tietoturva\Anti-Virus\dbupdate.log Object is locked skipped C:\Program Files\Sonera Tietoturva\Anti-Virus\deleteme_msg.log Object is locked skipped C:\Program Files\Sonera Tietoturva\Anti-Virus\fsqh.exe.Qrt.log Object is locked skipped C:\Program Files\Sonera Tietoturva\Anti-Virus\perf.dat Object is locked skipped C:\Program Files\Sonera Tietoturva\Anti-Virus\power.dat Object is locked skipped C:\Program Files\Sonera Tietoturva\Common\policy.bpf Object is locked skipped C:\Program Files\Sonera Tietoturva\Common\policy.ipf Object is locked skipped C:\Program Files\Sonera Tietoturva\FSAUA\fsbwupst.log Object is locked skipped C:\Program Files\Sonera Tietoturva\FSAUA\program\fsaua.dbg Object is locked skipped C:\Program Files\Sonera Tietoturva\FSAUA\program\fsaua.log Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP452\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{112D356F-6D41-4B6F-AE89-656A7468A9CE}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\AVP840C.tmp Object is locked skipped C:\WINDOWS\Temp\AVP840D.tmp Object is locked skipped C:\WINDOWS\Temp\AVP8410.tmp Object is locked skipped C:\WINDOWS\Temp\AVP8411.tmp Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.
C:\WINDOWS\system32\meuhfoyn.qar Laita piilotiedostot näkyviin ja tarkistuksen jälkeen piiloon takaisin http://www.virustotal.com/ Mene tuonne sivulle ja lataa tiedosto käyttämällä "selaa" toimintoa. Jos palvelu on ruuhkautunut käytä http://virusscan.jotti.org/ Laita tulos seuraavaan vastaukseen... jos ei löydy ======== Pysy puhtaana -> Tyhjennä järjestelmänpalautus Ohjeet Tyhjennä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä. -> Käytä CCleaneria -> CCleaner Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti. -> Asenna SpywareBlaster -> SpywareBlaster SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia! Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas -> Asenna MVPS Hosts tiedosto -> MVPS Hosts Estää koneesi yhteyden haitallisiin sivustoihin. Opas saatavilla suomeksi! Nimimerkki Axelin opas -> Vaihda selaimesi Firefoxiin -> Firefox Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer. -> Pidä järjestelmäsi ajantasalla. -> Windows Update Vieraile Windows Updatessa säännöllisesti. -> Pidä palomuuri ja virustorjunta ajantasalla Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi. ja hyvä myös escan http://koti.mbnet.fi/pattaya1/escanmwav.htm ->Pidä ohjelmistosi ajantasalla. -> Secunia Software Inspector Secunia Software Inspector tutkii sinun järjestälmäsi ja ohjelmistosi puuttuvien turvallisuuspäivityksien osalta. Tavallinen tutkinta kestää normaalisti 5-40 sekuntia, kun läpikotainen (thorough system inspection) voi kestää useita minuutteja. ->Seuraa säännöllisesti viestintäviraston tietoja uusista haavoittuvuuksista -> CERT-FI Jos tulevaisuudessa tulee haittaohjelmien kanssa ongelmia, älä epäröi laittaa Hijackthis-logia tarkistettavaksi!
Enpäs löydä kyseistä C:\WINDOWS\system32\meuhfoyn.qar mistään koneeltani, vaikka laitoin että näytä piilotetut tiedostot ja kansiot.
