Kone ongelmia taas :)

eli porukoitten kone takkuaa todella pahasti niinpä lokia laitan jos sais puhtaaks pöpöistä kun niitä löytyy ja PALJON....

Logfile of HijackThis v1.99.1
Scan saved at 11:18:10, on 1.7.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ELISAT~1\4119343\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\4119343\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\F-Secure\FSGUI\ispnews.exe
C:\Program Files\Elisa Tietoturvapalvelu\4119343\Program\fspex.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Henrik Luukkonen\Työpöytä\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.elisa.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts...dir2.dll?s=consumer&ap=b201&c=1c02&lc=040b&ac
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.presario.net/scripts/...rchredir2.dll?c=1c02&lc=040b&s=search&ap=b204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/...rchredir2.dll?c=1c02&lc=040b&s=search&ap=b204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/...rchredir2.dll?c=1c02&lc=040b&s=search&ap=b204
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts...dir2.dll?s=consumer&ap=b201&c=1c02&lc=040b&ac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels32.exe
O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O4 - HKLM\..\Run: [News Service] "C:\Program Files\F-Secure\FSGUI\ispnews.exe"
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels32.exe
O4 - Global Startup: Elisa Tietoturvapalvelu.lnk = C:\Program Files\Elisa Tietoturvapalvelu\4119343\Program\fspex.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .fpx: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
O12 - Plugin for .ivr: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1115718361875
O23 - Service: Elisa Tietoturvapalvelu (BackWeb Client - 4119343) - BackWeb Technologies Inc. - C:\PROGRA~1\ELISAT~1\4119343\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\4119343\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

 

Avaa HijackThis, paina do a system scan only ja merkkaa nämä:

O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels32.exe
O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels32.exe

SUlje kaikki muut avoimet ikkunat ja paina fix cheked.

Käynnistä tietokoneesi vikasietotilaan näpyttämällä F8:a käynnistyksen yhteydessä.

Poista seuraavat tiedostot vikasietotilassa:

C:\WINDOWS\System32\->kernels32.exe
C:\WINDOWS\System\->svchost.exe <-Huom! Tiedosto sijaitsee System kansiossa, ei System32 kansiossa, jossa on hyvä svchost tiedosto

Käynnistä tietokoneesi normaalisti uudelleen jotta pääsisit takaisin normaalitilaan.
Lähetä uusi HijackThis loki

 

sorry hieman kesti tämä vastaaminen mutta tässä uusi loki:

Logfile of HijackThis v1.99.1
Scan saved at 15:58:52, on 8.7.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\PROGRA~1\ELISAT~1\4119343\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\4119343\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Elisa Tietoturvapalvelu\4119343\Program\fspex.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Henrik Luukkonen\Työpöytä\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.elisa.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts...dir2.dll?s=consumer&ap=b201&c=1c02&lc=040b&ac
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.presario.net/scripts/...rchredir2.dll?c=1c02&lc=040b&s=search&ap=b204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/...rchredir2.dll?c=1c02&lc=040b&s=search&ap=b204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/...rchredir2.dll?c=1c02&lc=040b&s=search&ap=b204
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts...dir2.dll?s=consumer&ap=b201&c=1c02&lc=040b&ac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\F-Secure\FSGUI\ispnews.exe"
O4 - Global Startup: Elisa Tietoturvapalvelu.lnk = C:\Program Files\Elisa Tietoturvapalvelu\4119343\Program\fspex.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .fpx: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
O12 - Plugin for .ivr: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1115718361875
O23 - Service: Elisa Tietoturvapalvelu (BackWeb Client - 4119343) - BackWeb Technologies Inc. - C:\PROGRA~1\ELISAT~1\4119343\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\4119343\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

niitä kahta tiedostoa ei löytynyt enään vikasietotilassa?! normaaliako?

 

Loki on nyt puhdas, noita tiedostoja ei tosiaan aina löydy, koska rekisteriin voi jäädä ns. tyhjiä arvoja

 

semmosta kyselen vielä et mikähän mahtaa olla kun yritän mennä windowsin omaan palomuuriin niin ilmoittaa että "tunnistamattoman ongelman takia asetuksia ei voi muokkaa" ???

 

En osaa sanoa, mutta jos epäilet että koneella on vielä haittaohjelmia, lähetä WinPfindin loki:

Lataa WinPFind työpöydällesi.
http://www.bleepingcomputer.com/files/oldtimer/WinPFind.zip

Pura tiedoston WinPFind.zip sisältö (kansio WinPFind) C-aseman juureen.

Mene sitten kansioon C:\WinPFind ja tuplaklikkaa tiedostoa WinPFind.exe, ohjelma käynnistyy.

Paina Start Scan- painiketta ja odota kunnes skannaus on valmis. Ohjelma skannaa todella suuren määrään tiedostoja etsien vastaavuutta haittaohjelmille tyypillisiin tiedostoihin, joten ole kärsivällinen ja anna ohjelman skannata. Skannaus saattaa kestää jopa yli 30 minuuttia.

Kun skannaus on valmis, ohjelma näyttää skannaustuloksen. Paina Copy to Clipboard-painiketta, tulos kopioituu leikepöydälle. Avaa sitten Muistio ja liitä tulos siihen, tallenna dokumentti työpöydälle nimellä WinPFind-loki. Liitä sitten tämän dokumentin sisältö viestiketjuusi.

Huom! Kaikki listatut kohteet eivät välttämättä ole haittaohjelmia.

 

Tässä tämä toinen loki:



»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 9.10.2001 8:00:00 41113 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 4.11.2005 17:27:24 534280 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2 9.6.2006 4:19:50 5967776 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 9.6.2006 4:19:50 5967776 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 15.9.2004 2:11:38 701952 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 15.9.2004 2:11:56 661504 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 9.10.2001 8:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 4.8.2004 8:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
8.7.2006 17:35:52 S 2048 C:\WINDOWS\bootstat.dat
22.6.2006 14:18:08 S 13309 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911280.cat
29.5.2006 19:16:02 S 23751 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB916281.cat
18.5.2006 10:15:02 S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917344.cat
1.6.2006 23:28:42 S 11043 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918439.cat
8.7.2006 17:52:40 H 1024 C:\WINDOWS\system32\config\default.LOG
8.7.2006 17:35:58 H 1024 C:\WINDOWS\system32\config\SAM.LOG
8.7.2006 17:37:10 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
8.7.2006 18:02:46 H 1024 C:\WINDOWS\system32\config\software.LOG
8.7.2006 17:37:28 H 1024 C:\WINDOWS\system32\config\system.LOG
19.6.2006 12:44:02 H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
14.6.2006 20:22:46 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\03b2dca3-669a-4133-8bb9-b56d26ca205b
14.6.2006 20:22:46 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
8.7.2006 17:35:54 H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 15.9.2004 2:12:08 70144 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 15.9.2004 2:12:08 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 15.9.2004 2:12:08 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 15.9.2004 2:12:08 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 15.9.2004 2:12:08 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 15.9.2004 2:12:08 154624 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 15.9.2004 2:12:08 359424 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 15.9.2004 2:12:08 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 15.9.2004 2:12:08 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 15.9.2004 2:12:08 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 9.10.2001 8:00:00 188416 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 15.9.2004 2:12:08 620032 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 9.10.2001 8:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 15.9.2004 2:12:08 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 15.9.2004 2:12:08 256000 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 28.7.2003 15:19:00 143360 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 15.9.2004 2:12:08 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 15.9.2004 2:12:08 115200 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 15.9.2004 2:12:08 299008 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 9.10.2001 8:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 15.9.2004 2:12:08 93696 C:\WINDOWS\SYSTEM32\timedate.cpl
Compaq Computer Corporation 30.4.2002 14:42:46 106496 C:\WINDOWS\SYSTEM32\UICONFIG.cpl
Microsoft Corporation 15.9.2004 2:12:08 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26.5.2005 4:16:30 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 9.10.2001 8:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 15.9.2004 2:12:08 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 26.5.2005 4:16:30 174872 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
NVIDIA Corporation 9.3.2002 11:53:00 106496 C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\nvtuicpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
22.10.2001 22:43:16 HS 84 C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\desktop.ini
8.7.2006 17:36:06 935 C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Elisa Tietoturvapalvelu.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
22.10.2001 22:32:58 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
22.10.2001 22:43:16 HS 84 C:\Documents and Settings\Henrik Luukkonen\Käynnistä-valikko\Ohjelmat\Käynnistys\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
22.10.2001 22:32:58 HS 62 C:\Documents and Settings\Henrik Luukkonen\Application Data\desktop.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{23814B80-52A2-11d0-BC1A-004095606CB9}
F-Secure = C:\Program Files\F-Secure\Common\fpshx.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Käynnistä-valikon nasta = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{23814B80-52A2-11d0-BC1A-004095606CB9}
F-Secure = C:\Program Files\F-Secure\Common\fpshx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Päivän vihje = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{300DB664-75B5-47c0-8B45-A44ACCF73C00}
ButtonText = IE-suojaus :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Lähiosoite : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Linkit : %SystemRoot%\system32\SHELL32.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
CPQEASYACC C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
Smapp C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
F-Secure Manager "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
F-Secure TNB "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
F-Secure Startup Wizard "C:\Program Files\F-Secure\FSGUI\FSSW.EXE" /reboot
News Service "C:\Program Files\F-Secure\FSGUI\ispnews.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdaptecDirectCD
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DirectCD
hkey HKLM
command "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DirectCD
hkey HKLM
command "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Aft
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Gcq
hkey HKLM
command C:\WINDOWS\Gcq.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Gcq
hkey HKLM
command C:\WINDOWS\Gcq.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Ars
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Hvm
hkey HKCU
command C:\WINDOWS\Hvm.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Hvm
hkey HKCU
command C:\WINDOWS\Hvm.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Bcu
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Cdv
hkey HKLM
command C:\WINDOWS\Cdv.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Cdv
hkey HKLM
command C:\WINDOWS\Cdv.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Bvm
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Jgf
hkey HKLM
command C:\WINDOWS\Jgf.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Jgf
hkey HKLM
command C:\WINDOWS\Jgf.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Ccn
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Urv
hkey HKLM
command C:\WINDOWS\Urv.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Urv
hkey HKLM
command C:\WINDOWS\Urv.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Cdh
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Jja
hkey HKLM
command C:\WINDOWS\Jja.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Jja
hkey HKLM
command C:\WINDOWS\Jja.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Eov
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Gfk
hkey HKLM
command C:\WINDOWS\Gfk.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Gfk
hkey HKLM
command C:\WINDOWS\Gfk.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Eue
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Kvl
hkey HKLM
command C:\WINDOWS\Kvl.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Kvl
hkey HKLM
command C:\WINDOWS\Kvl.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Ftj
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Fvk
hkey HKLM
command C:\WINDOWS\Fvk.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Fvk
hkey HKLM
command C:\WINDOWS\Fvk.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Gai
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Bnb
hkey HKLM
command C:\WINDOWS\System32\Bnb.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Bnb
hkey HKLM
command C:\WINDOWS\System32\Bnb.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Ghi
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Djo
hkey HKLM
command C:\WINDOWS\System32\Djo.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Djo
hkey HKLM
command C:\WINDOWS\System32\Djo.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Htp
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Nvn
hkey HKLM
command C:\WINDOWS\System32\Nvn.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Nvn
hkey HKLM
command C:\WINDOWS\System32\Nvn.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Huj
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Bep
hkey HKLM
command C:\WINDOWS\System32\Bep.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Bep
hkey HKLM
command C:\WINDOWS\System32\Bep.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Iac
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Dge
hkey HKLM
command C:\WINDOWS\System32\Dge.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Dge
hkey HKLM
command C:\WINDOWS\System32\Dge.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Iug
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Rur
hkey HKLM
command C:\WINDOWS\System32\Rur.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Rur
hkey HKLM
command C:\WINDOWS\System32\Rur.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Kmv
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Peb
hkey HKCU
command C:\WINDOWS\Peb.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Peb
hkey HKCU
command C:\WINDOWS\Peb.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Ktp
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Gdi
hkey HKLM
command C:\WINDOWS\System32\Gdi.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Gdi
hkey HKLM
command C:\WINDOWS\System32\Gdi.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Ltj
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Lnv
hkey HKLM
command C:\WINDOWS\Lnv.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Lnv
hkey HKLM
command C:\WINDOWS\Lnv.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Mgt
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Vsd
hkey HKLM
command C:\WINDOWS\Vsd.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Vsd
hkey HKLM
command C:\WINDOWS\Vsd.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Microsoft Works Portfolio
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WksSb
hkey HKLM
command C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WksSb
hkey HKLM
command C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Microsoft Works Update Detection
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WkDetect
hkey HKLM
command C:\Program Files\Microsoft Works\WkDetect.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WkDetect
hkey HKLM
command C:\Program Files\Microsoft Works\WkDetect.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Nfs
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Ejn
hkey HKLM
command C:\WINDOWS\System32\Ejn.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Ejn
hkey HKLM
command C:\WINDOWS\System32\Ejn.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Nnh
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Sqd
hkey HKLM
command C:\WINDOWS\Sqd.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Sqd
hkey HKLM
command C:\WINDOWS\Sqd.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Nnl
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Gnk
hkey HKLM
command C:\WINDOWS\Gnk.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Gnk
hkey HKLM
command C:\WINDOWS\Gnk.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\nwiz
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item nwiz
hkey HKLM
command nwiz.exe /install
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item nwiz
hkey HKLM
command nwiz.exe /install
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Pan
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Vom
hkey HKLM
command C:\WINDOWS\System32\Vom.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Vom
hkey HKLM
command C:\WINDOWS\System32\Vom.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Pji
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Jjg
hkey HKCU
command C:\WINDOWS\Jjg.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Jjg
hkey HKCU
command C:\WINDOWS\Jjg.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Puv
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Auv
hkey HKLM
command C:\WINDOWS\Auv.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Auv
hkey HKLM
command C:\WINDOWS\Auv.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Rbh
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Arm
hkey HKLM
command C:\WINDOWS\System32\Arm.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Arm
hkey HKLM
command C:\WINDOWS\System32\Arm.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Rem
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Ufe
hkey HKLM
command C:\WINDOWS\Ufe.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Ufe
hkey HKLM
command C:\WINDOWS\Ufe.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Rsp
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Aff
hkey HKLM
command C:\WINDOWS\System32\Aff.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Aff
hkey HKLM
command C:\WINDOWS\System32\Aff.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sqc
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Qcm
hkey HKCU
command C:\WINDOWS\System32\Qcm.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Qcm
hkey HKCU
command C:\WINDOWS\System32\Qcm.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\sr64
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ndobcham
hkey HKCU
command C:\Documents and Settings\Kari Luukkonen\Application Data\Microsoft\sr64\ndobcham.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ndobcham
hkey HKCU
command C:\Documents and Settings\Kari Luukkonen\Application Data\Microsoft\sr64\ndobcham.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Srj
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Rpf
hkey HKLM
command C:\WINDOWS\System32\Rpf.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Rpf
hkey HKLM
command C:\WINDOWS\System32\Rpf.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\srmclean
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item srmclean
hkey HKLM
command C:\Cpqs\Scom\srmclean.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item srmclean
hkey HKLM
command C:\Cpqs\Scom\srmclean.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Svd
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Eqn
hkey HKLM
command C:\WINDOWS\Eqn.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Eqn
hkey HKLM
command C:\WINDOWS\Eqn.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Svk
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Etv
hkey HKCU
command C:\WINDOWS\Etv.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Etv
hkey HKCU
command C:\WINDOWS\Etv.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Tla
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Dch
hkey HKLM
command C:\WINDOWS\System32\Dch.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Dch
hkey HKLM
command C:\WINDOWS\System32\Dch.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uoo
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Hcb
hkey HKLM
command C:\WINDOWS\System32\Hcb.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Hcb
hkey HKLM
command C:\WINDOWS\System32\Hcb.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Voc
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Plg
hkey HKLM
command C:\WINDOWS\Plg.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Plg
hkey HKLM
command C:\WINDOWS\Plg.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 8.7.2006 18:05:49

 

Pöpöähän siellä on ja melko vakavaakin, palaan asiaan kunhan kerkeän :>

 

niin mä vähän epäilin, ku takkuaa koko ajan... odotellaan ei tällä niin kiire ole ku ollu jo joku 3-5kk samanlainen

 

Ensiksi lataa täältä eScan
http://koti.mbnet.fi/pattaya1/escanmwav.htm
Lue ohjeet huolella, päivitä tunnisteet, mutta ei tarvitse skannata ennenkuin niin mainitaan.

Kopioi lainauksessa oleva teksti muistioon

Paina muistiosta tiedosto -> tallenna nimellä. Valitse tallennusmuodoksi kaikki tiedostot (*.*) ja tallenna se nimellä fix.reg.
Tärkeää on tuo .reg pääte.

Kun olet tallentanut sen jonnekkin, esim. työpöydälle tuplaklikkaa sitä kuvaketta. Sinulta kysytään että haluatko yhdistää tiedot rekisteriin, vastaa myöntävästi.

Seuraavaksi mene vikasietotilaan ja poista seuraavat tiedostot:

C:\WINDOWS\Gcq.exe
C:\WINDOWS\Hvm.exe
C:\WINDOWS\Cdv.exe
C:\WINDOWS\Jgf.exe
C:\WINDOWS\Urv.exe
C:\WINDOWS\Jja.exe
C:\WINDOWS\Gfk.exe
C:\WINDOWS\Kvl.exe
C:\WINDOWS\Fvk.exe
C:\WINDOWS\System32\Bnb.exe
C:\WINDOWS\System32\Djo.exe
C:\WINDOWS\System32\Nvn.exe
C:\WINDOWS\System32\Bep.exe
C:\WINDOWS\System32\Dge.exe
C:\WINDOWS\System32\Rur.exe
C:\WINDOWS\Peb.exe
C:\WINDOWS\System32\Gdi.exe
C:\WINDOWS\Lnv.exe
C:\WINDOWS\Vsd.exe
C:\WINDOWS\System32\Ejn.exe
C:\WINDOWS\Sqd.exe
C:\WINDOWS\Gnk.exe
C:\WINDOWS\System32\Vom.exe
C:\WINDOWS\Jjg.exe
C:\WINDOWS\Auv.exe
C:\WINDOWS\System32\Arm.exe
C:\WINDOWS\Ufe.exe
C:\WINDOWS\System32\Aff.exe
C:\WINDOWS\System32\Qcm.exe
C:\Documents and Settings\Kari Luukkonen\Application Data\Microsoft\sr64 <- poista tämä kansio
C:\WINDOWS\System32\Rpf.exe
C:\WINDOWS\Eqn.exe
C:\WINDOWS\Etv.exe
C:\WINDOWS\System32\Dch.exe
C:\WINDOWS\System32\Hcb.exe
C:\WINDOWS\Plg.exe

Seuraavaksi skannaa koneesi eScannilla ohjeiden mukaisesti ja ota "örkkitulokset" ylös muistioon.

Nyt käynnistä tietokoneesi takaisin normaalitilaan ja lähetä uusi WinPFindin loki sekä eScanin örkkitulokset.

 

laitoin aamulla tohon skannaukseen asti koneen ja jätin sen escan ohjelman sinne skannaamaan ja äsken kävin katsomassa niin oli heittäny tiltit?! eli mikään ei vastaannu mihinkään... koitan huomenna uudestaan skannaa niin ja mitään se ei ollu siihen mennessä löytäny...