Kone hidas käynnistymään ja muutenkin...

Akupiste · Feb 26, 2007

Hei
Siis kone on hidas käynnistymään ja muutenkin...antaiskohan joku apuja?
Koneessa on E trustin Internet Securitysuite ollut jo vuoden f-secure sitä ennen..

Logfile of HijackThis v1.99.1
Scan saved at 22:02:29, on 26.2.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\ismo\Local Settings\Temporary Internet Files\Content.IE5\5RCJSR93\HijackThis_v1.99.1[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.soneraplaza.fi/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Plaza Oy
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://chatserver.suomi24.fi:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://chatserver.suomi24.fi:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: MSN Toolbar BHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.00.0001.1203\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.00.0001.1203\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.00.0001.1203\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM_ca.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/english/cyberstore/audiopack/xp_audio/ChkDVD.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1108839934646
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167648930609
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Akupiste · Feb 26, 2007

Jotain ihme chatservereitä poistinkin jo ois tarkoitus saada kone ihan toimimaan parhaiten ilman ylimäääräisyyksiä..Kiitoksia jo etukäteen

Hujo · Feb 27, 2007

C:\Documents and Settings\ismo\Local Settings\Temporary Internet Files\Content.IE5\5RCJSR93\HijackThis_v1.99.1[1].exe tuo pitäis saada tuolta omaan kansioon

Näin
C:\HJT\HijackThis_v1.99.1[1].exe

Jos ei onnistu Niin poista se lisää poista sovelutuksesta

Uusinta lataus tuosta

Lataa hjt tuosta http://koti.mbnet.fi/pattaya1/lataus/hijackthis_self.exe

asenna naputtele numero järjestyksessä

1.Unzip
2.OK
3.Close

scannaa paina tuosta > Do a system scan and save a logfile

Kopioi ponnahtava muistio hjt loki ja laita tänne.

Mites tärkee sulle on tuo Yahoo!

Sen poistasin ensinmäisenä koneesta Lisää poista sovelutuksesta
sitten vikasiedossa kansio Yahoo!

Sitten scannaisin koneen
Escan

Ohjeet tuolla sivulla.
http://koti.mbnet.fi/pattaya1/escanmwav.htm
lataa tuosta
http://www.spywareinfo.dk/download/mwav.exe
päivitä tuosta
http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
laita täpit merkkauksien mukaan
http://koti.mbnet.fi/pattaya1/eScan6.jpg

scannaa

jos ala luukkuun tulee jotain niin kopioi se näin:
Käytä komentoa Ctrl+A.
Kopioi rivit komennolla Ctrl+C.
Liitä rivit komennolla Ctrl+V.

Laita virus log tänne.

Vielä tuolla vikasiedossa

Ohje AVG Anti-Spyware 7.5:n käyttöön
Huom! Tässä ohjeessa sammutetaan tuo reaaliaikasuojaus (Shield). Näin vältetään tilanteet joissa suojaus estäisi esim HijackThis työkalun toimintaa.

Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta

Lataa AVG Anti-Spyware 7.5 http://www.ewido.net/en/download/
ja tallenna ohjelma työpöydällesi.
• Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
• Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
• Käynnistä AVG Anti-Spyware.
• Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.

o Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.

• Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
• Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
• Sitten "Reports" valikon alta:

o Laita täppi kohtaan "Automatically generate report after every scan"
o Ota täppi pois kohdasta"Only if threats were found"

• Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
• "Resident shield is", muuta tila active:sta inactive:ksi
• Sulje ohjelma, ÄLÄ skannaa vielä.
Käynnistä koneesi vikasietotilaan,

sammuta ja käynnistä
käynnistyksen yhteydessä naputtele F8
valitse nuoli näppäimellä vikasietotila
paina enter ja enter

HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.
• Kun vikasietotilassa, käynnistä AVG Anti-Spyware.
• Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
• Ewido aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.

Kun skannaus on valmis:
TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
• Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
• Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"

• Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
• Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
• Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestikejuusi.

scannaisin hjt:llä merkkaisin ja painaisin fix checked

O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)

Käynnistä > suorita kirjoitais alla olevat rivit ja jokaisen rivin jälkeen painaisin enter

sc stop NipSvc
sc delete NipSvc

Sitten laitaisin lokit tänne Hjt lokilla vahvistettuna

asentaisin tuosta Firefoksin koneelle tekisin siintä oletus selaimen
FireFox Linkki

Akupiste · Feb 27, 2007

Ok, poistin Yahoon ja mulla oli jo Hijack tallennettuna ajoin sen...

Logfile of HijackThis v1.99.1
Scan saved at 21:02:09, on 27.2.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hijack this\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.soneraplaza.fi/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Plaza Oy
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: MSN Toolbar BHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.00.0001.1203\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.00.0001.1203\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.00.0001.1203\en-us\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM_ca.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/english/cyberstore/audiopack/xp_audio/ChkDVD.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1108839934646
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167648930609
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Hujo · Feb 27, 2007

jatka vain listaa alas päin

Akupiste · Mar 1, 2007

Hei vaan mestreille

Ok..homma jatkui näin escanin skannauksen alaluukkuun ei tullut mitään.
Tänään sit avasin koneen normaalisti ja latasin sekä tallensin AVG:n 7.5 työpöydälle ohjeiden mukaan ja sit yritin avata vikasiedossa mut sepä ei onnistukaan tulee teksti: Windows ei käynnistynyt oikein, tämä saattaa johtua laitteisto- tai ohjelmistomuutoksesta järjestelmässä.
Että sellasta huh huh. Mikäs nyt...apua vielä?

Hujo · Mar 1, 2007

laita uusi hjt loki

Akupiste · Mar 1, 2007

Ok...

Logfile of HijackThis v1.99.1
Scan saved at 21:59:39, on 1.3.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijack this\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.soneraplaza.fi/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Plaza Oy
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: MSN Toolbar BHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.00.0001.1203\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.00.0001.1203\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.00.0001.1203\en-us\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O15 - Trusted Zone: http://koti.mbnet.fi
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM_ca.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/english/cyberstore/audiopack/xp_audio/ChkDVD.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1108839934646
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167648930609
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Hujo · Mar 1, 2007

scannaa hjt:llä merkkaa paina Fix checked

O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)

käynnistä > suorita kirjoitta alla olevat rivit ja jokaisen rivin jälkeen paina enter

sc stop NipSvc
sc delete NipSvc

Poista vikasiedossa kansio

C:\Norman

sammuta ja käynnistä

kokeiles uudestaan sitä AVG Anti-Spywarea

Akupiste · Mar 1, 2007

Oiskohan tästä apua...alkua mwav muistiosta...kiinnitti huomioni pari ERROR tekstiä tuolla...

Tue Feb 27 21:51:46 2007 => **********************************************************
Tue Feb 27 21:51:46 2007 => eScan AntiVirus Toolkit Utility.
Tue Feb 27 21:51:46 2007 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Tue Feb 27 21:51:46 2007 => **********************************************************
Tue Feb 27 21:51:46 2007 => Version 4.4.7
Tue Feb 27 21:51:46 2007 => Log File: C:\KASPER~1\mwav.log
Tue Feb 27 21:51:48 2007 => Latest Date of files inside MWAV: 23 Feb 2007 07:10:29.
Tue Feb 27 21:52:00 2007 => AV Library Loaded...
Tue Feb 27 21:52:00 2007 => Scanning File C:\KASPER~1\kavss.exe
Tue Feb 27 21:52:00 2007 => Scanning File C:\KASPER~1\Getvlist.exe
Tue Feb 27 21:52:00 2007 => Scanning File C:\KASPER~1\kavss.dll
Tue Feb 27 21:52:00 2007 => Scanning File C:\KASPER~1\kavssdi.dll
Tue Feb 27 21:52:00 2007 => Scanning File C:\KASPER~1\kavssi.dll
Tue Feb 27 21:52:00 2007 => Scanning File C:\KASPER~1\kavvlg.dll
Tue Feb 27 21:52:00 2007 => Scanning File C:\KASPER~1\msvlclnt.dll
Tue Feb 27 21:52:00 2007 => Scanning File C:\KASPER~1\ipc.dll
Tue Feb 27 21:52:00 2007 => Scanning File C:\KASPER~1\main.avi
Tue Feb 27 21:52:00 2007 => Scanning File C:\KASPER~1\virus.avi
Tue Feb 27 21:52:01 2007 => Virus Database Date: 2007/02/23
Tue Feb 27 21:52:01 2007 => Virus Database Count: 272614

Tue Feb 27 22:16:08 2007 => **********************************************************
Tue Feb 27 22:16:08 2007 => eScan AntiVirus Toolkit Utility.
Tue Feb 27 22:16:08 2007 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Tue Feb 27 22:16:08 2007 =>
Tue Feb 27 22:16:08 2007 => Support: support@mwti.net
Tue Feb 27 22:16:08 2007 => Web: http://www.mwti.net
Tue Feb 27 22:16:08 2007 => **********************************************************
Tue Feb 27 22:16:08 2007 => Version 4.4.7
Tue Feb 27 22:16:08 2007 => Log File: C:\KASPER~1\mwav.log
Tue Feb 27 22:16:11 2007 => Latest Date of files inside MWAV: 27 Feb 2007 21:26:57.

Tue Feb 27 22:16:11 2007 => Options Selected by User:
Tue Feb 27 22:16:11 2007 => Memory Check: Enabled
Tue Feb 27 22:16:11 2007 => Registry Check: Enabled
Tue Feb 27 22:16:11 2007 => StartUp Folder Check: Enabled
Tue Feb 27 22:16:11 2007 => System Folder Check: Enabled
Tue Feb 27 22:16:11 2007 => System Area Check: Disabled
Tue Feb 27 22:16:11 2007 => Services Check: Enabled
Tue Feb 27 22:16:11 2007 => Drive Check: Disabled
Tue Feb 27 22:16:11 2007 => All Drive Check :Enabled
Tue Feb 27 22:16:11 2007 => Scanning Type: Scan And Clean
Tue Feb 27 22:16:11 2007 => Folder Check: Disabled

Tue Feb 27 22:16:12 2007 => ***** Scanning Memory Files *****
Tue Feb 27 22:16:12 2007 => Scanning File C:\WINDOWS\system32\services.exe
Tue Feb 27 22:16:12 2007 => Scanning File C:\WINDOWS\system32\lsass.exe
Tue Feb 27 22:16:12 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Feb 27 22:16:12 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Feb 27 22:16:12 2007 => Scanning File C:\PROGRA~1\Ahead\InCD\InCDsrv.exe
Tue Feb 27 22:16:12 2007 => Scanning File C:\WINDOWS\system32\spoolsv.exe
Tue Feb 27 22:16:12 2007 => Scanning File C:\PROGRA~1\CA\ETRUST~1\ETRUST~3\ISafe.exe
Tue Feb 27 22:16:13 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Feb 27 22:16:13 2007 => Scanning File C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Tue Feb 27 22:16:13 2007 => Scanning File C:\WINDOWS\Explorer.EXE
Tue Feb 27 22:16:13 2007 => Scanning File C:\WINDOWS\system32\MsPMSPSv.exe
Tue Feb 27 22:16:13 2007 => Scanning File C:\PROGRA~1\CA\ETRUST~1\ETRUST~3\VetMsg.exe
Tue Feb 27 22:16:13 2007 => Scanning File C:\PROGRA~1\CA\ETRUST~1\ETRUST~4\ca.exe
Tue Feb 27 22:16:13 2007 => Scanning File C:\WINDOWS\system32\igfxtray.exe
Tue Feb 27 22:16:13 2007 => Scanning File C:\WINDOWS\system32\hkcmd.exe
Tue Feb 27 22:16:14 2007 => Scanning File C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\PPACTI~1.EXE
Tue Feb 27 22:16:14 2007 => Scanning File C:\PROGRA~1\TeleWell\TW-EA1~1\CnxDslTb.exe
Tue Feb 27 22:16:14 2007 => Scanning File C:\PROGRA~1\CA\ETRUST~1\ETRUST~3\CAVRID.exe
Tue Feb 27 22:16:14 2007 => Scanning File C:\PROGRA~1\CA\ETRUST~1\ETRUST~3\CAVTray.exe
Tue Feb 27 22:16:14 2007 => Scanning File C:\WINDOWS\system32\ctfmon.exe
Tue Feb 27 22:16:14 2007 => Scanning File C:\PROGRA~1\INTERN~1\IEXPLORE.EXE
Tue Feb 27 22:16:14 2007 => Scanning File C:\Kaspersky\mwavscan.com
Tue Feb 27 22:16:14 2007 => Scanning File C:\Kaspersky\kavss.exe

Tue Feb 27 22:16:14 2007 => ***** Scanning Registry Files *****

Tue Feb 27 22:16:14 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Tue Feb 27 22:16:14 2007 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction ***
Tue Feb 27 22:16:14 2007 => Scanning File C:\WINDOWS\system32\SHELL32.dll [**]
Tue Feb 27 22:16:14 2007 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction ***
Tue Feb 27 22:16:14 2007 => Scanning File C:\WINDOWS\system32\SHELL32.dll [**]
Tue Feb 27 22:16:14 2007 => Scanning File C:\WINDOWS\system32\webcheck.dll
Tue Feb 27 22:16:15 2007 => Scanning File C:\WINDOWS\System32\stobject.dll
Tue Feb 27 22:16:15 2007 => Scanning File C:\WINDOWS\system32\WPDShServiceObj.dll

Tue Feb 27 22:16:15 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
Tue Feb 27 22:16:15 2007 => {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
Tue Feb 27 22:16:15 2007 => Scanning File C:\PROGRA~1\COMMON~1\Adobe\Acrobat\ActiveX\ACROIE~1.DLL
Tue Feb 27 22:16:15 2007 => {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
Tue Feb 27 22:16:15 2007 => Scanning File C:\PROGRA~1\Java\JRE15~1.0_1\bin\ssv.dll
Tue Feb 27 22:16:15 2007 => {7E853D72-626A-48EC-A868-BA8D5E23E045} = NULL
Tue Feb 27 22:16:15 2007 => {AA58ED58-01DD-4d91-8333-CF10577473F7} = c:\program files\google\googletoolbar3.dll
Tue Feb 27 22:16:15 2007 => Scanning File c:\PROGRA~1\google\GOOGLE~3.DLL
Tue Feb 27 22:16:15 2007 => {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = C:\Program Files\MSN Toolbar Suite\TB\02.00.0001.1203\en-us\msntb.dll
Tue Feb 27 22:16:15 2007 => Scanning File C:\PROGRA~1\MSNTOO~1\TB\020000~1.120\en-us\msntb.dll

Tue Feb 27 22:16:16 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Tue Feb 27 22:16:16 2007 => Scanning File C:\WINDOWS\Explorer.exe
Tue Feb 27 22:16:16 2007 => Scanning File C:\WINDOWS\system32\userinit.exe

Tue Feb 27 22:16:16 2007 => Scanning HKCU\Control Panel\Desktop
Tue Feb 27 22:16:16 2007 => Scanning File C:\WINDOWS\System32\logon.scr

Tue Feb 27 22:16:16 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Tue Feb 27 22:16:16 2007 => Scanning File C:\PROGRA~1\CA\ETRUST~1\ETRUST~4\ca.exe
Tue Feb 27 22:16:16 2007 => Scanning File C:\WINDOWS\system32\igfxtray.exe
Tue Feb 27 22:16:16 2007 => Scanning File C:\WINDOWS\system32\hkcmd.exe
Tue Feb 27 22:16:16 2007 => Scanning File C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\PPACTI~1.EXE
Tue Feb 27 22:16:16 2007 => Scanning File C:\PROGRA~1\TeleWell\TW-EA1~1\CnxDslTb.exe
Tue Feb 27 22:16:16 2007 => Scanning File C:\PROGRA~1\CA\ETRUST~1\ETRUST~3\CAVRID.exe
Tue Feb 27 22:16:17 2007 => Scanning File C:\PROGRA~1\CA\ETRUST~1\ETRUST~3\CAVTray.exe

Tue Feb 27 22:16:17 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Tue Feb 27 22:16:17 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

Tue Feb 27 22:16:17 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Tue Feb 27 22:16:17 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Tue Feb 27 22:16:17 2007 => Scanning File C:\WINDOWS\system32\ctfmon.exe

Tue Feb 27 22:16:17 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Tue Feb 27 22:16:17 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

Tue Feb 27 22:16:17 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Tue Feb 27 22:16:17 2007 => Scanning HKCR\txtfile\shell\open\command

Tue Feb 27 22:16:17 2007 => Scanning HKCR\comfile\shell\open\command

Tue Feb 27 22:16:17 2007 => Scanning HKCR\exefile\shell\open\command

Tue Feb 27 22:16:17 2007 => Scanning HKCR\dllfile\shell\open\command

Tue Feb 27 22:16:17 2007 => Scanning HKCR\batfile\shell\open\command

Tue Feb 27 22:16:17 2007 => Scanning HKCR\piffile\shell\open\command

Tue Feb 27 22:16:17 2007 => Scanning HKCR\scrfile\shell\open\command

Tue Feb 27 22:16:17 2007 => Scanning HKCR\scrfile\shell\config\command

Tue Feb 27 22:16:17 2007 => Scanning HKCR\regfile\shell\open\command

Tue Feb 27 22:16:17 2007 => ***** Scanning StartUp Folders *****

Tue Feb 27 22:16:17 2007 => ***** Scanning C:\Documents and Settings\ismo\Käynnistä-valikko\Ohjelmat\Käynnistys Folder *****
Tue Feb 27 22:16:17 2007 => Scanning Folder: C:\Documents and Settings\ismo\Käynnistä-valikko\Ohjelmat\Käynnistys\*.*
Tue Feb 27 22:16:17 2007 => Scanning File C:\Documents and Settings\ismo\Käynnistä-valikko\Ohjelmat\Käynnistys\desktop.ini

Tue Feb 27 22:16:17 2007 => ***** Scanning C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys Folder *****
Tue Feb 27 22:16:17 2007 => Scanning Folder: C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\*.*
Tue Feb 27 22:16:17 2007 => Scanning File C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Reader Speed Launch.lnk
Tue Feb 27 22:16:17 2007 => Scanning File C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Reader Synchronizer.lnk
Tue Feb 27 22:16:18 2007 => Scanning File C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\desktop.ini

Tue Feb 27 22:16:18 2007 => ***** Scanning Service Files *****
Tue Feb 27 22:16:18 2007 => Scanning HKLM\SYSTEM\CurrentControlSet\Services
Tue Feb 27 22:16:18 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ACPI.sys
Tue Feb 27 22:16:18 2007 => Scanning File C:\PROGRA~1\COMMON~1\ADOBES~1\Service\ADOBEL~1.EXE
Tue Feb 27 22:16:18 2007 => Scanning File C:\WINDOWS\system32\drivers\aec.sys
Tue Feb 27 22:16:18 2007 => Scanning File C:\WINDOWS\System32\drivers\afd.sys
Tue Feb 27 22:16:18 2007 => Scanning File C:\WINDOWS\system32\drivers\ALCXWDM.SYS
Tue Feb 27 22:16:18 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Feb 27 22:16:18 2007 => Scanning File C:\WINDOWS\System32\alg.exe
Tue Feb 27 22:16:18 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Feb 27 22:16:18 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\asyncmac.sys
Tue Feb 27 22:16:19 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\atapi.sys
Tue Feb 27 22:16:19 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\atmarpc.sys
Tue Feb 27 22:16:19 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Feb 27 22:16:19 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\audstub.sys
Tue Feb 27 22:16:19 2007 => ERROR!!! Invalid Entry \SystemRoot\system32\drivers\av5flt.sys in SYSTEM\CurrentControlSet\Services\AvFlt...
Tue Feb 27 22:16:19 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\HSF_BSC2.sys
Tue Feb 27 22:16:19 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Feb 27 22:16:19 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Feb 27 22:16:19 2007 => Scanning File C:\PROGRA~1\CA\ETRUST~1\ETRUST~3\ISafe.exe
Tue Feb 27 22:16:19 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\cdrom.sys
Tue Feb 27 22:16:19 2007 => Scanning File C:\WINDOWS\system32\cisvc.exe
Tue Feb 27 22:16:19 2007 => Scanning File C:\WINDOWS\system32\clipsrv.exe
Tue Feb 27 22:16:19 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\CnxEtP.sys
Tue Feb 27 22:16:20 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\CnxEtU.sys
Tue Feb 27 22:16:20 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\CnxTgN.sys
Tue Feb 27 22:16:20 2007 => Scanning File C:\WINDOWS\System32\dllhost.exe
Tue Feb 27 22:16:20 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Feb 27 22:16:20 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Feb 27 22:16:20 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Feb 27 22:16:20 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\disk.sys
Tue Feb 27 22:16:20 2007 => Scanning File C:\WINDOWS\System32\dmadmin.exe
Tue Feb 27 22:16:20 2007 => Scanning File C:\WINDOWS\system32\drivers\dmboot.sys
Tue Feb 27 22:16:20 2007 => Scanning File C:\WINDOWS\system32\drivers\dmio.sys
Tue Feb 27 22:16:21 2007 => Scanning File C:\WINDOWS\system32\drivers\dmload.sys
Tue Feb 27 22:16:21 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Feb 27 22:16:21 2007 => Scanning File C:\WINDOWS\system32\drivers\DMusic.sys
Tue Feb 27 22:16:21 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Feb 27 22:16:21 2007 => Scanning File C:\WINDOWS\system32\drivers\drmkaud.sys
Tue Feb 27 22:16:21 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Feb 27 22:16:21 2007 => Scanning File C:\WINDOWS\system32\services.exe
Tue Feb 27 22:16:22 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Feb 27 22:16:22 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\HSF_FALL.sys
Tue Feb 27 22:16:22 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Feb 27 22:16:22 2007 => Scanning File C:\WINDOWS\system32\drivers\fltmgr.sys
Tue Feb 27 22:16:22 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\HSF_FSKS.sys
Tue Feb 27 22:16:22 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ftdisk.sys
Tue Feb 27 22:16:22 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\msgpc.sys
Tue Feb 27 22:16:23 2007 => Scanning File C:\PROGRA~1\Google\Common\GOOGLE~1\GOOGLE~1.EXE
Tue Feb 27 22:16:23 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Feb 27 22:16:23 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Feb 27 22:16:23 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\hidusb.sys
Tue Feb 27 22:16:23 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\HPZid412.sys
Tue Feb 27 22:16:23 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
Tue Feb 27 22:16:23 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\HPZius12.sys
Tue Feb 27 22:16:23 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
Tue Feb 27 22:16:23 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
Tue Feb 27 22:16:24 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys
Tue Feb 27 22:16:24 2007 => Scanning File C:\WINDOWS\system32\Drivers\HTTP.sys
Tue Feb 27 22:16:24 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Feb 27 22:16:24 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Tue Feb 27 22:16:24 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
Tue Feb 27 22:16:24 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\imapi.sys
Tue Feb 27 22:16:24 2007 => Scanning File C:\WINDOWS\System32\imapi.exe
Tue Feb 27 22:16:24 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\InCDPass.sys
Tue Feb 27 22:16:24 2007 => Scanning File C:\PROGRA~1\Ahead\InCD\InCDsrv.exe
Tue Feb 27 22:16:24 2007 => Scanning File C:\PROGRA~1\Ahead\InCD\InCDsrv.exe
Tue Feb 27 22:16:25 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\intelide.sys
Tue Feb 27 22:16:25 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\intelppm.sys
Tue Feb 27 22:16:25 2007 => Scanning File C:\WINDOWS\system32\drivers\ip6fw.sys
Tue Feb 27 22:16:25 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
Tue Feb 27 22:16:25 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ipinip.sys
Tue Feb 27 22:16:25 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ipnat.sys
Tue Feb 27 22:16:25 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ipsec.sys
Tue Feb 27 22:16:25 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\irenum.sys
Tue Feb 27 22:16:25 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\isapnp.sys
Tue Feb 27 22:16:25 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\HSF_K56K.sys
Tue Feb 27 22:16:25 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Tue Feb 27 22:16:25 2007 => Scanning File C:\WINDOWS\system32\drivers\kmixer.sys
Tue Feb 27 22:16:26 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Feb 27 22:16:26 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Feb 27 22:16:26 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
Tue Feb 27 22:16:26 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Feb 27 22:16:26 2007 => Scanning File C:\WINDOWS\System32\mnmsrvc.exe
Tue Feb 27 22:16:26 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\mouclass.sys
Tue Feb 27 22:16:26 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\mouhid.sys
Tue Feb 27 22:16:26 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Tue Feb 27 22:16:26 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Tue Feb 27 22:16:26 2007 => Scanning File C:\WINDOWS\System32\msdtc.exe
Tue Feb 27 22:16:27 2007 => Scanning File C:\WINDOWS\system32\msiexec.exe
Tue Feb 27 22:16:27 2007 => Scanning File C:\WINDOWS\system32\drivers\MSKSSRV.sys
Tue Feb 27 22:16:27 2007 => Scanning File C:\WINDOWS\system32\drivers\MSPCLOCK.sys
Tue Feb 27 22:16:27 2007 => Scanning File C:\WINDOWS\system32\drivers\MSPQM.sys
Tue Feb 27 22:16:27 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Tue Feb 27 22:16:27 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Tue Feb 27 22:16:27 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Tue Feb 27 22:16:27 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Tue Feb 27 22:16:27 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\netbios.sys
Tue Feb 27 22:16:28 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\netbt.sys
Tue Feb 27 22:16:28 2007 => Scanning File C:\WINDOWS\system32\netdde.exe
Tue Feb 27 22:16:28 2007 => Scanning File C:\WINDOWS\system32\netdde.exe
Tue Feb 27 22:16:28 2007 => Scanning File C:\WINDOWS\System32\lsass.exe
Tue Feb 27 22:16:28 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Feb 27 22:16:28 2007 => Scanning File C:\WINDOWS\system32\Drivers\NETMDUSB.sys
Tue Feb 27 22:16:28 2007 => ERROR!!! Invalid Entry C:\Norman\Nvc\BIN\nipsvc.exe in SYSTEM\CurrentControlSet\Services\NipSvc...
Tue Feb 27 22:16:28 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Feb 27 22:16:28 2007 => Scanning File C:\WINDOWS\System32\lsass.exe
Tue Feb 27 22:16:28 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Feb 27 22:16:28 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
Tue Feb 27 22:16:28 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
Tue Feb 27 22:16:28 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\parport.sys
Tue Feb 27 22:16:28 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\pci.sys
Tue Feb 27 22:16:29 2007 => Scanning File C:\WINDOWS\system32\drivers\pfc.sys
Tue Feb 27 22:16:29 2007 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\PFMODNT.SYS
Tue Feb 27 22:16:29 2007 => Scanning File C:\WINDOWS\system32\services.exe
Tue Feb 27 22:16:29 2007 => Scanning File C:\WINDOWS\system32\HPZipm12.exe
Tue Feb 27 22:16:29 2007 => Scanning File C:\WINDOWS\System32\lsass.exe
Tue Feb 27 22:16:29 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\raspptp.sys
Tue Feb 27 22:16:29 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\processr.sys
Tue Feb 27 22:16:29 2007 => Scanning File C:\WINDOWS\system32\lsass.exe
Tue Feb 27 22:16:29 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\psched.sys
Tue Feb 27 22:16:29 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ptilink.sys
Tue Feb 27 22:16:29 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
Tue Feb 27 22:16:29 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\rasacd.sys
Tue Feb 27 22:16:29 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Feb 27 22:16:30 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Tue Feb 27 22:16:30 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Feb 27 22:16:30 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Tue Feb 27 22:16:30 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\raspti.sys
Tue Feb 27 22:16:30 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\rdbss.sys
Tue Feb 27 22:16:30 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
Tue Feb 27 22:16:30 2007 => Scanning File C:\WINDOWS\system32\sessmgr.exe
Tue Feb 27 22:16:30 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\redbook.sys
Tue Feb 27 22:16:30 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Feb 27 22:16:30 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\HSF_SAMP.sys
Tue Feb 27 22:16:30 2007 => Scanning File C:\WINDOWS\System32\locator.exe
Tue Feb 27 22:16:30 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Feb 27 22:16:30 2007 => Scanning File C:\WINDOWS\System32\rsvp.exe
Tue Feb 27 22:16:30 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
Tue Feb 27 22:16:31 2007 => Scanning File C:\WINDOWS\system32\lsass.exe
Tue Feb 27 22:16:31 2007 => Scanning File C:\WINDOWS\System32\SCardSvr.exe
Tue Feb 27 22:16:31 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Feb 27 22:16:31 2007 => Scanning File C:\WINDOWS\system32\drivers\scsiport.sys
Tue Feb 27 22:16:31 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\secdrv.sys
Tue Feb 27 22:16:31 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Feb 27 22:16:31 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Feb 27 22:16:31 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\serenum.sys
Tue Feb 27 22:16:31 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\serial.sys
Tue Feb 27 22:16:31 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\sfloppy.sys
Tue Feb 27 22:16:31 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Feb 27 22:16:31 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Feb 27 22:16:31 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\HSF_FAXX.sys
Tue Feb 27 22:16:31 2007 => Scanning File C:\WINDOWS\system32\drivers\splitter.sys
Tue Feb 27 22:16:32 2007 => Scanning File C:\WINDOWS\system32\spoolsv.exe
Tue Feb 27 22:16:32 2007 => Scanning File C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\S

Hujo · Mar 1, 2007

ei tuo siinä auta

Akupiste · Mar 1, 2007

Ok..tää käy kohta mielenkiintoiseksi..ei onnistunut päästä vieläkään vikasietoon tein sen käynnistä ja suorita kopioin tekstin ja painoin enteriä ja sama toiselle tekstille pikaisesti luukku vilahti näytössä ja sit yritin vikasietoon mut ei sama juttu kun aikaisemmin...ei pääse vielä. Apua kiitos..ja kumarrus

Hujo · Mar 1, 2007

niihän se vilahtaa jos tuota tarkoitat

käynnistä > suorita kirjoitta alla olevat rivit ja jokaisen rivin jälkeen paina enter

sc stop NipSvc
sc delete NipSvc
Click to expand...

laitas hjt loki

Vikasietotilaan
sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjä tilisi ja taas pikkunen ikkuna paina ok

mitä tulee kun tuon tekee

Akupiste · Mar 2, 2007

Tässä Hijackthis Muistio, yritän koht sinne vikasietoon.

Logfile of HijackThis v1.99.1
Scan saved at 19:53:16, on 2.3.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijack this\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.soneraplaza.fi/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Plaza Oy
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: MSN Toolbar BHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.00.0001.1203\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.00.0001.1203\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.00.0001.1203\en-us\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O15 - Trusted Zone: http://koti.mbnet.fi
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM_ca.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/english/cyberstore/audiopack/xp_audio/ChkDVD.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1108839934646
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167648930609
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Hujo · Mar 2, 2007

scannaa hjt:llä merkkaa paina Fix checked

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Lataa Atribunen ATF Cleaner

Ohjeet;

Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.

Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.

Jos käytät FireFoxia selaimenasi

Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.

Jos käytät Operaa selaimenasi

Klikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.

Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)

Akupiste · Mar 2, 2007

Ok yritin ensin vikasietoon ei onnistu sama juttu kun eilen, eli:
Windows ei käynnistynyt oikein jne...
Ajoin äsken ATF cleanerin ja se has freed 191, 000 MBs

Akupiste · Mar 2, 2007

Hei Hujo vieläkö jaksaisit auttaa..?

Mikähän ihme tossa tökkii kun ei päästä tonne vikasietotilaan, ei ymmärrä alkuunkaan. Onko mitään hyötyä jos ajan AVg:n normaalitilassa?

Hujo · Mar 2, 2007

aja normaalissa sitten ilman netti yhteyttä

Log in or Sign up

Kone hidas käynnistymään ja muutenkin...

Akupiste Member

Akupiste Member

Hujo Guest

Akupiste Member

Hujo Guest

Akupiste Member

Hujo Guest

Akupiste Member

Hujo Guest

Akupiste Member

Hujo Guest

Akupiste Member

Hujo Guest

Akupiste Member

Hujo Guest

Akupiste Member

Akupiste Member

Hujo Guest

Share This Page

Log in or Sign up

Kone hidas käynnistymään ja muutenkin...

Akupiste Member

Akupiste Member

Hujo Guest

Akupiste Member

Hujo Guest

Akupiste Member

Hujo Guest

Akupiste Member

Hujo Guest

Akupiste Member

Hujo Guest

Akupiste Member

Hujo Guest

Akupiste Member

Hujo Guest

Akupiste Member

Akupiste Member

Hujo Guest

Share This Page

Useful Searches