AfterDawn.com Mainosta sivuillamme
User Käyttäjä Salasana  
  Puuttuuko tunnus? Liity jäseneksi nyt!.
Salasana hukassa? Klikkaa tästä. 		 
  Etusivu   Uutiset   Oppaat   Ohjelmat   Sanasto   Laitevertailu   Profiilit   Keskustelu  
 Yksityisviestit     Luo uusi yksityisviesti     Kaikki uudet viestit     Ilman vastauksia olevat viestiketjut     Hae viestejä
torstai 13.11.2025 / 09:41
Hae keskustelualueilta:        In English   Suomeksi   På svenska
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > vistan prosessori täysillä hjt
Näytä aiheet
 
Keskustelualueet
Keskustelualueet
Vistan prosessori täysillä HJT
  Siirry:
 
Kirjoittaja Viesti
Sivu:12>
Brix777
Junior Member
_ 		19. huhtikuuta 2008 @ 19:11 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Edit: Isäni [arthyr] uusi kone, Hp Pavilion dv9740, meni pois käyttö kunnosta.
Prosessori paahtaa koko ajan 50-100% vaikka mitään ohjelmaa ei ole päällä.
Vista (koneen mukana tullut) asennettu 5 päivää sitten.

Hjt:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:04:25, on 19.4.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\Windows Defender\MSASCui.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Automaattinen LiveUpdate-ajastustoiminto (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9645 bytes
[ + lainaa]

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 20. huhtikuuta 2008 @ 13:25
Hujo
Suspended permanently
_ 		19. huhtikuuta 2008 @ 22:16 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

[ + lainaa]
Voiko tietsikka koskaan toimia?
arthyr
Newbie
_ 		20. huhtikuuta 2008 @ 15:14 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Nyt tuntuu kone toimivan, ehkä se tytär onnistui. Katsotaan vieläkö huomenna suoritin on normaali, eikä puhalla jatkuvasti 55%
[ + lainaa]
Hujo
Suspended permanently
_ 		20. huhtikuuta 2008 @ 17:10 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
ajas siinä koneessa.

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.

[ + lainaa]
Voiko tietsikka koskaan toimia?
arthyr
Newbie
_ 		20. huhtikuuta 2008 @ 19:46 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Ongelmat palasivat ja latasin Compofixin. Tässä tulos
ComboFix 08-04-18.3 - Arto 2008-04-20 19:23:38.1 - NTFSx86
Microsoft® Windows Vista? Home Premium 6.0.6000.0.1252.1.1035.18.1099 [GMT 3:00]
Running from: C:\Users\Arto\Desktop\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\KBL.LOG

.
((((( Tiedostot, jotka on luotu seuraavalla aikav?lill?: 2008-03-20 to 2008-04-20 )))))))))))))))))
.

2008-04-20 19:15 . 2008-04-17 07:40 <KANSIO> d-------- C:\327882R2FWJFW
2008-04-19 19:04 . 2008-04-19 19:04 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-04-19 16:03 . 2008-04-19 18:26 <KANSIO> d-------- C:\Users\Arto\AppData\Roaming\Lavasoft
2008-04-18 14:37 . 2008-04-18 14:37 <KANSIO> d-------- C:\Users\Arto\AppData\Roaming\Watchtower
2008-04-18 14:33 . 2008-04-18 14:33 <KANSIO> d-------- C:\Program Files\Watchtower
2008-04-17 15:41 . 2008-04-17 15:41 <KANSIO> d-------- C:\Users\Arto\AppData\Roaming\ScanSoft
2008-04-17 15:41 . 2008-04-17 15:41 <KANSIO> d-------- C:\Users\All Users\ScanSoft
2008-04-17 15:41 . 2008-04-17 15:41 <KANSIO> d-------- C:\Users\All Users\InstallShield
2008-04-17 15:41 . 2008-04-17 15:41 <KANSIO> d-------- C:\ProgramData\ScanSoft
2008-04-17 15:41 . 2008-04-17 15:41 <KANSIO> d-------- C:\ProgramData\InstallShield
2008-04-17 15:41 . 2008-04-17 15:41 <KANSIO> d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-04-17 15:41 . 2008-04-17 15:41 412 --a------ C:\WINDOWS\MAXLINK.INI
2008-04-17 15:40 . 2008-04-17 15:40 <KANSIO> d-------- C:\Program Files\ScanSoft
2008-04-16 16:15 . 2008-04-16 16:15 27,240 --a------ C:\Users\Arto\AppData\Roaming\nvModes.dat
2008-04-16 15:41 . 2008-04-16 15:47 <KANSIO> d-------- C:\Program Files\ABBYY FineReader 6.0 Sprint
2008-04-16 08:55 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\System32\msonpmon.dll
2008-04-16 08:54 . 2008-04-16 08:54 <KANSIO> d-------- C:\Program Files\Microsoft.NET
2008-04-16 08:51 . 2008-04-16 09:45 <KANSIO> d-------- C:\Users\All Users\Microsoft Help
2008-04-16 08:51 . 2008-04-16 09:45 <KANSIO> d-------- C:\ProgramData\Microsoft Help
2008-04-16 08:50 . 2008-04-16 08:50 <KANSIO> dr-h----- C:\MSOCache
2008-04-16 08:22 . 2008-04-16 08:24 <KANSIO> d-------- C:\Program Files\Windows Live
2008-04-16 08:22 . 2008-04-16 08:23 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-16 08:21 . 2008-04-16 08:21 <KANSIO> d-------- C:\Users\All Users\WLInstaller
2008-04-16 08:21 . 2008-04-16 08:21 <KANSIO> d-------- C:\ProgramData\WLInstaller
2008-04-15 17:07 . 2008-04-15 17:07 558,080 --a------ C:\WINDOWS\System32\oleaut32.dll
2008-04-15 16:26 . 2008-04-15 16:26 <KANSIO> d-------- C:\Users\All Users\Google
2008-04-14 17:50 . 2008-04-14 17:54 <KANSIO> d-------- C:\Program Files\Eurowordgiga
2008-04-14 17:50 . 2008-04-14 17:50 339,968 --------- C:\WINDOWS\Setup1.exe
2008-04-14 17:50 . 2008-04-14 17:50 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-04-14 17:12 . 2008-04-16 15:29 <KANSIO> d-------- C:\Users\Arto\AppData\Roaming\Canon
2008-04-14 17:10 . 2008-04-14 17:10 <KANSIO> d-------- C:\Users\Arto\AppData\Roaming\CD-LabelPrint
2008-04-14 17:05 . 2008-04-14 17:05 <KANSIO> d-------- C:\Users\Arto\AppData\Roaming\Template
2008-04-14 17:05 . 2008-04-14 17:08 88 --a------ C:\Users\Arto\AppData\Roaming\wklnhst.dat
2008-04-14 17:02 . 2008-04-14 17:02 <KANSIO> d-------- C:\Users\All Users\CanonIJPLM
2008-04-14 17:02 . 2008-04-14 17:02 <KANSIO> d-------- C:\ProgramData\CanonIJPLM
2008-04-14 16:55 . 2008-04-14 16:55 <KANSIO> d-------- C:\Program Files\Common Files\CANON
2008-04-14 16:51 . 2008-04-14 16:51 <KANSIO> d--h----- C:\Users\All Users\CanonBJ
2008-04-14 16:51 . 2008-04-14 16:51 <KANSIO> d--h----- C:\ProgramData\CanonBJ
2008-04-14 16:50 . 2008-04-14 16:50 <KANSIO> d--h----- C:\WINDOWS\System32\CanonIJ Uninstaller Information
2008-04-14 16:48 . 2007-04-15 23:00 215,040 --a------ C:\WINDOWS\System32\CNMLM93.DLL
2008-04-14 16:47 . 2007-03-23 10:30 1,400,832 --a------ C:\WINDOWS\System32\CNC610C.DLL
2008-04-14 16:47 . 2007-04-13 08:45 200,704 --a------ C:\WINDOWS\System32\CNC610L.DLL
2008-04-14 16:47 . 2007-03-15 08:12 188,416 --a------ C:\WINDOWS\System32\CNC610O.DLL
2008-04-14 16:47 . 2007-03-23 10:29 98,304 --a------ C:\WINDOWS\System32\CNC610I.DLL
2008-04-14 16:46 . 2008-04-14 16:46 <KANSIO> d--h----- C:\Program Files\CanonBJ
2008-04-14 16:44 . 2008-04-14 17:02 <KANSIO> d-------- C:\Program Files\Canon
2008-04-14 16:40 . 2008-04-14 16:40 <KANSIO> d-------- C:\Program Files\Common Files\Adobe
2008-04-14 15:55 . 2008-04-14 15:55 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-14 14:00 . 2008-04-14 14:00 1,060,920 --a------ C:\WINDOWS\System32\drivers\ntfs.sys
2008-04-14 14:00 . 2008-04-14 14:00 194,560 --a------ C:\WINDOWS\System32\WebClnt.dll
2008-04-14 14:00 . 2008-04-14 14:00 110,080 --a------ C:\WINDOWS\System32\drivers\mrxdav.sys
2008-04-14 14:00 . 2008-04-14 14:00 41,984 --a------ C:\WINDOWS\System32\drivers\monitor.sys
2008-04-14 13:58 . 2008-04-14 13:58 803,328 --a------ C:\WINDOWS\System32\drivers\tcpip.sys
2008-04-14 13:57 . 2008-04-14 13:57 2,027,008 --a------ C:\WINDOWS\System32\win32k.sys
2008-04-14 13:57 . 2008-04-14 13:57 1,327,104 --a------ C:\WINDOWS\System32\quartz.dll
2008-04-14 13:57 . 2008-04-14 13:57 296,448 --a------ C:\WINDOWS\System32\gdi32.dll
2008-04-14 13:57 . 2008-04-14 13:57 223,232 --a------ C:\WINDOWS\System32\WMASF.DLL
2008-04-14 13:57 . 2008-04-14 13:57 9,728 --a------ C:\WINDOWS\System32\LAPRXY.DLL
2008-04-14 13:57 . 2008-04-14 13:57 2,048 --a------ C:\WINDOWS\System32\asferror.dll
2008-04-14 13:56 . 2008-04-14 13:56 4,247,552 --a------ C:\WINDOWS\System32\GameUXLegacyGDFs.dll
2008-04-14 13:56 . 2008-04-14 13:56 1,686,528 --a------ C:\WINDOWS\System32\gameux.dll
2008-04-14 13:56 . 2008-04-14 13:56 737,792 --a------ C:\WINDOWS\System32\inetcomm.dll
2008-04-14 13:56 . 2008-04-14 13:56 84,480 --a------ C:\WINDOWS\System32\INETRES.dll
2008-04-14 13:55 . 2008-04-14 13:55 11,776 --a------ C:\WINDOWS\System32\sbunattend.exe
2008-04-14 13:54 . 2008-04-14 13:54 101,888 --a------ C:\WINDOWS\System32\drivers\mrxsmb.sys
2008-04-14 13:54 . 2008-04-14 13:54 84,992 --a------ C:\WINDOWS\System32\drivers\srvnet.sys
2008-04-14 13:54 . 2008-04-14 13:54 83,968 --a------ C:\WINDOWS\System32\dnsrslvr.dll
2008-04-14 13:54 . 2008-04-14 13:54 58,368 --a------ C:\WINDOWS\System32\drivers\mrxsmb20.sys
2008-04-14 13:54 . 2008-04-14 13:54 24,576 --a------ C:\WINDOWS\System32\dnscacheugc.exe
2008-04-14 13:53 . 2008-04-14 13:53 788,992 --a------ C:\WINDOWS\System32\rpcrt4.dll
2008-04-14 13:53 . 2008-04-14 13:53 130,048 --a------ C:\WINDOWS\System32\drivers\srv2.sys
2008-04-14 13:51 . 2008-04-14 13:51 2,048 --a------ C:\WINDOWS\System32\tzres.dll
2008-04-14 13:50 . 2008-04-14 13:50 1,244,672 --a------ C:\WINDOWS\System32\mcmde.dll
2008-04-14 11:42 . 2008-04-14 11:42 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2008-04-14 11:39 . 2008-04-14 11:39 <KANSIO> d-------- C:\Users\Arto\AppData\Roaming\Symantec
2008-04-14 11:37 . 2008-04-14 11:37 <KANSIO> dr------- C:\Users\Arto\Searches
2008-04-14 11:37 . 2008-04-14 15:36 <KANSIO> dr------- C:\Users\Arto\Contacts
2008-04-14 11:37 . 2008-04-14 11:37 <KANSIO> d-------- C:\Users\Arto\AppData\Roaming\DigitalPersona
2008-04-14 11:36 . 2008-04-14 11:36 81 --a------ C:\WINDOWS\System32\LOG
2008-04-14 11:36 . 2008-04-14 11:36 44 --a------ C:\WINDOWS\system\hpsysdrv.dat
2008-04-14 11:35 . 2008-04-14 11:35 <KANSIO> d-------- C:\Users\Arto\AppData\Roaming\Hewlett-Packard
2008-04-14 11:30 . 2008-04-16 08:54 <KANSIO> d-------- C:\Program Files\Microsoft Works
2008-04-14 11:27 . 2008-04-14 16:40 <KANSIO> d-------- C:\Users\All Users\Adobe
2008-04-14 11:26 . 2008-04-14 11:26 <KANSIO> d-------- C:\WINDOWS\PCHEALTH
2008-04-14 11:25 . 2008-04-14 11:25 <KANSIO> d-------- C:\Program Files\Common Files\LightScribe
2008-04-14 11:23 . 2008-04-14 11:23 <KANSIO> d-------- C:\Users\Arto\AppData\Roaming\Macrovision
2008-04-14 11:23 . 2008-04-14 11:23 0 -rahs---- C:\WINDOWS\System32\drivers\103C_HP_cNB_Pavilion dv9700 Notebook PC_Y5335KV_0U_QCNF80243Q2_E459053-DH1_4A_I30DA_SQuanta_V85.26_F.2C_T080324_WV3-0_L40B_M2047_J250_7AMD_8F82_91.90_#071223_N10DE0450;168C001C_(GZ969EA#UUW)_XMOBILE_CN10_Z.MRK
2008-04-14 11:22 . 2008-04-16 14:30 <KANSIO> dr------- C:\Users\Arto\Videos
2008-04-14 11:22 . 2008-04-14 11:37 <KANSIO> dr------- C:\Users\Arto\Saved Games
2008-04-14 11:22 . 2008-04-16 15:17 <KANSIO> dr------- C:\Users\Arto\Pictures
2008-04-14 11:22 . 2008-04-14 11:37 <KANSIO> dr------- C:\Users\Arto\Music
2008-04-14 11:22 . 2008-04-14 11:37 <KANSIO> dr------- C:\Users\Arto\Links
2008-04-14 11:22 . 2008-04-14 15:52 <KANSIO> dr------- C:\Users\Arto\Downloads
2008-04-14 11:22 . 2008-04-17 17:00 <KANSIO> dr------- C:\Users\Arto\Documents
2008-04-14 11:22 . 2006-11-02 15:37 <KANSIO> d-------- C:\Users\Arto\AppData\Roaming\Media Center Programs
2008-04-14 11:22 . 2008-04-14 11:22 <KANSIO> d--h----- C:\Users\Arto\AppData
2008-04-14 11:22 . 2008-04-16 08:24 <KANSIO> d-------- C:\Users\Arto
2008-04-14 11:22 . 2008-04-14 11:40 524,288 --ahs---- C:\Users\Arto\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
2008-04-14 11:22 . 2008-04-14 11:40 524,288 --ahs---- C:\Users\Arto\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
2008-04-14 11:22 . 2008-04-20 19:29 262,144 --ah----- C:\Users\Arto\ntuser.dat.LOG1
2008-04-14 11:22 . 2008-04-14 11:40 65,536 --ahs---- C:\Users\Arto\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
2008-04-14 11:22 . 2008-04-14 11:22 0 --ah----- C:\Users\Arto\ntuser.dat.LOG2
2008-04-14 11:18 . 2008-04-14 11:18 1,712,984 --a------ C:\WINDOWS\System32\wuaueng.dll
2008-04-14 11:18 . 2008-04-14 11:18 1,524,224 --a------ C:\WINDOWS\System32\wucltux.dll
2008-04-14 11:18 . 2008-04-14 11:18 53,080 --a------ C:\WINDOWS\System32\wuauclt.exe
2008-04-14 11:18 . 2008-04-14 11:18 43,352 --a------ C:\WINDOWS\System32\wups2.dll
2008-04-14 11:16 . 2008-04-14 11:16 549,720 --a------ C:\WINDOWS\System32\wuapi.dll
2008-04-14 11:16 . 2008-04-14 11:16 80,896 --a------ C:\WINDOWS\System32\wudriver.dll
2008-04-14 11:16 . 2008-04-14 11:16 33,624 --a------ C:\WINDOWS\System32\wups.dll
2008-04-14 11:15 . 2008-04-14 11:15 <KANSIO> dr------- C:\WINDOWS\System32\config\systemprofile\Contacts
2008-04-14 11:15 . 2008-04-14 11:15 163,000 --a------ C:\WINDOWS\System32\wuwebv.dll
2008-04-14 11:15 . 2008-04-14 11:15 31,232 --a------ C:\WINDOWS\System32\wuapp.exe

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-20 16:22 --------- d-----w C:\ProgramData\Symantec
2008-04-17 12:41 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-14 11:06 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-14 11:06 --------- d-----w C:\Program Files\Windows Mail
2008-04-14 11:06 --------- d-----w C:\Program Files\Norton Internet Security
2008-04-14 11:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-14 10:59 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-04-14 10:59 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-04-14 10:59 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-04-14 10:59 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-04-14 10:59 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-04-14 10:59 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-04-14 10:59 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-04-14 10:59 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-04-14 10:59 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-04-14 10:59 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-04-14 10:56 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-04-14 10:56 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-04-14 10:56 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-04-14 10:56 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-04-14 10:56 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-04-14 10:52 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-14 10:52 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-14 10:52 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-14 10:52 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-04-14 10:39 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-04-14 10:39 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-04-14 10:39 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-04-14 10:39 --------- d-----w C:\Program Files\Symantec
2008-04-14 08:39 --------- d-----w C:\ProgramData\NVIDIA
2008-04-14 08:25 --------- d-----w C:\Program Files\HPQ
2008-04-14 08:25 --------- d-----w C:\Program Files\HP
2008-04-14 08:15 --------- d-sh--w C:\ProgramData\Templates
2008-04-14 08:15 --------- d-sh--w C:\ProgramData\Start Menu
2008-04-14 08:15 --------- d-sh--w C:\ProgramData\Favorites
2008-04-14 08:15 --------- d-sh--w C:\ProgramData\Documents
2008-04-14 08:15 --------- d-sh--w C:\ProgramData\Desktop
2008-04-14 08:15 --------- d-sh--w C:\ProgramData\Application Data
2008-03-06 18:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-03-06 18:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-03-06 18:32 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat
2007-12-23 13:44 174 --sha-w C:\Program Files\desktop.ini
.

(((((((((((((((((((((((((((((( Rekisterin k?ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji? arvoja ja laillisia oletusarvoja ei n?ytet?

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-25 04:51 316784 --a------ c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-04-14 13:38 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-25 04:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-14 13:55 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 17:36 455968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-19 23:05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-19 23:05 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-19 23:05 81920]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 11:29 102400]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-10-01 06:34 181544]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-20 01:31 202032]
"OnScreenDisplay"="C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-05 00:54 554320]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 10:13 218408]
"DpAgent"="C:\Program Files\DigitalPersona\Bin\dpagent.exe" [2007-09-20 22:12 671744]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-23 16:04 1006264]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [ ]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 19:47 480560]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-09 02:53 311296]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 15:00 132496]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 19:01 644696]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 19:50 1603152]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 12:02 79400]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DCF507BC-F4FE-4A10-A155-BD56F59B76C6}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{BA0BF932-6DCB-4630-977C-96C889ABA098}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{E34059C3-F3A3-4392-8F01-B920F60F0D65}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"TCP Query User{12A00520-2979-4A68-A14B-932E53DC70D1}C:\\windows\\system32\\ftp.exe"= UDP:C:\windows\system32\ftp.exe:FTP-tiedostonsiirto-ohjelma
"UDP Query User{B0525007-49FE-4DB9-A5AB-93FD935B93B2}C:\\windows\\system32\\ftp.exe"= TCP:C:\windows\system32\ftp.exe:FTP-tiedostonsiirto-ohjelma
"{505FD9CF-06C2-455D-83E6-B032C16D06F2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5DC9F40F-9EAD-4585-AE3D-2852CC063286}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{38D452A6-073C-42EE-915A-61A05A550B74}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080415.001\IDSvix86.sys [2008-03-20 23:37]
R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 10:20]
R2 LiveUpdate Notice;LiveUpdate Notice;"c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS);"C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe" [2007-10-01 06:34]
R2 QPSched;QuickPlay Task Scheduler (QTS);"C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe" [2007-10-01 06:34]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 17:27]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-05-31 02:40]
R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 21:30]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-17 00:50]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-08-13 21:50]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 10:30]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-20 19:29:46
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 2

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\audiodg.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\drivers\XAudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\WINDOWS\System32\conime.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
.
**************************************************************************
.
Completion time: 2008-04-20 19:33:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-20 16:33:16

Pre-Run: 191,800,832,000 tavua vapaana
Post-Run: 191,709,306,880 tavua vapaana

281 --- E O F --- 2008-04-18 10:50:15
[ + lainaa]
arthyr
Newbie
_ 		20. huhtikuuta 2008 @ 20:59 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Tässä on tämä toinen tulos. Sitten kun tämä uusii taas(?) Käynkö silloin läpi jommallakummalla ohjelmalla uudelleen. Tämä on helpompi. Haittaavatko nämä Norton antiviruksen toimintaa?
Malwarebytes' Anti-Malware 1.11
Tietokantaversio: 662

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 156412
Kulunut aika: 44 minute(s), 17 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)
[ + lainaa]
Hujo
Suspended permanently
_ 		20. huhtikuuta 2008 @ 21:26 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
vieläkös on ongelmaa.
[ + lainaa]
Voiko tietsikka koskaan toimia?
arthyr
Newbie
_ 		21. huhtikuuta 2008 @ 09:05 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Kyllä nyt aamulla. Aivan sama juttu explorer.exe käyttää suoritintehosta 45-49% koko ajan. Sitten jos minä teen vielä jotain se nousee helposti sataan.
[ + lainaa]
Hujo
Suspended permanently
_ 		21. huhtikuuta 2008 @ 16:55 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Lataa Tästä Ccleaner
CCleaner v2.05.555- Standard Build, ÄLÄ aseenna Yahoo toolbaria!

laita asetukset näin:
Valinnat --> Lisäasetukset --> Ota ruksi pois kohdasta Poista vain yli 48 tuntia vanhat tilapäistiedostot.

aja Puhdistaja > tutki nappi > aja ccleaner nappi oikea alakulma
aja Virheet > etsi rekisteri virheitä nappi > Korjaa rekisteri virheet. nappi

[ + lainaa]
Voiko tietsikka koskaan toimia?
arthyr
Newbie
_ 		21. huhtikuuta 2008 @ 18:38 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
kokeilin sitä ccleaneria ohjeiden mukaan. Kyllä se löysi poistettavaa, mutta ei asia korjaantunut. explorer.exe paahtaa 48% ja suoritin kokoarvo 55% Siis jos itse ei tee mitään. HP-tuessa oletettiin että olisi joku ladattu ohjelma joka ei sovi Vistaan. En tiedä sellaistakaan. Olen poistanut joitain ohjelmia Euroword giga sanaston, muttei sekään tunnu auttavan. En onnistunut saamaan sitä rekisteriä tähän.
[ + lainaa]
Hujo
Suspended permanently
_ 		21. huhtikuuta 2008 @ 22:50 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Lataa: RegSeeker.zip työpöydälle:

Pura zip C:\RegSeeker\ kansioon. Sieltä käynnistät RegSeeker.exe ohjelman.
Oikeasa yläkulmassa on Languages.... linkki, josta valitset Suomenkielen.
Vasemmasta alakulmasta ruksit Luo vrmuuskopio ja sitten linkki Puhdista rekisteri
Ruksit kaikkiin muihin kohtiin paitsi "Käyttökelvottomat.." sitten "OK" (odotat hetken).
Ruutuun ilmestyy lista epäkelvoista rekisterimerkinnöistä, jotka alapalkista Valitse kohdasta
klikkaat Valitse kaikki jolloin valitut saavat keltaisen pohjavärin.
Alapalkin Toiminnot linkistä klikkaat Poista valitut kohteet
Ponnahdusikkunaan "Kaikki valitut kohteet poistetaan ? vastaat "OK".
Seuraavaan Ponnahdusikkunaan "Varmuuskopiot" vastaat "OK".
Klikaa vasemmalta Lopeta RegSeeker ja käynnistä koneesi uudelleen.

[ + lainaa]
Voiko tietsikka koskaan toimia?
arthyr
Newbie
_ 		22. huhtikuuta 2008 @ 14:59 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Ei ollut tästä ReqSeekeristäkään apua vaikka se kyllä löysi paljon poistettavaa. Minun varmaan pitää sitten vaan taas asentaa Windows uudelleen .
[ + lainaa]
arthyr
Newbie
_ 		24. huhtikuuta 2008 @ 14:55 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Nyt taisin tehdä jotain tyhmää. Asensin uudelleen Winowsin, mutta 2pvän päästä vika uusiutui. Aajoin Compofix1 uudelleen, mutta hidastuneesta koneesta en ilmeisesti odottanut tarpeeksi kauan lokin valmistumista ja sitä ei tullut Tiedostoista eivät nyt kuvat näy, taustakuvat tai mitkään muutkaan kuvat. Jos menee Wn valkuvavalikoimaan siellä ne näkyvät, mutta ei omissa tiedostoissa. Mitä nyt pitäisi tehdä?
[ + lainaa]
Brix777
Junior Member
_ 		25. huhtikuuta 2008 @ 21:43 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Moi.
Selvennykseksi siis että isi asensi koneeseen uudelleen windowsin.
Nyt otin tämän koneen kotiini löytääkseni vian aiheuttajan.

Edit: lisää faktaa...
Prossutehot siis edelleen n. 50% muutta kone ei ole pahan hidas.
Tausta ajoa?
Niin arthrylin kuva ongema ratkesi rebootin jälkeen, omissa kuvatiedostoissa näkyy jälleen esikatselu kuvat. Ja taustakuvan vaan asensin uudelleen.


Aluksi uusi hjt:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:37, on 2008-04-25
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\Windows Defender\MSASCui.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINDOWS\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\WINDOWS\ehome\EHTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Automaattinen LiveUpdate-ajastustoiminto (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9238 bytes



Edit: Lisätään vielä combofixin raportti jatkoksi.

ComboFix 08-04-22.5 - Arto 2008-04-25 21:46:57.2 - NTFSx86
Microsoft® Windows Vista? Home Premium 6.0.6000.0.1252.1.1035.18.1139 [GMT 3:00]
Running from: C:\Users\Arto\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Windows\system32\KBL.LOG

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-03-25 to 2008-04-25 )))))))))))))))))
.

2008-04-25 21:37 . 2008-04-25 21:37 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-04-24 22:18 . 2008-04-24 22:18 <KANSIO> d-------- C:\Users\Arto\AppData\Roaming\HP
2008-04-24 22:18 . 2008-04-24 22:18 <KANSIO> d-------- C:\Users\All Users\HP
2008-04-24 22:18 . 2008-04-24 22:18 <KANSIO> d-------- C:\ProgramData\HP
2008-04-24 12:52 . 2008-04-24 12:56 <KANSIO> d-------- C:\Program Files\Eurowordgiga
2008-04-24 12:51 . 2008-04-24 12:51 339,968 --------- C:\WINDOWS\Setup1.exe
2008-04-24 12:51 . 2008-04-24 12:51 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-04-24 12:40 . 2008-04-24 12:46 <KANSIO> d-------- C:\Program Files\ABBYY FineReader 6.0 Sprint
2008-04-24 11:32 . 2008-04-24 15:02 27,240 --a------ C:\Users\Arto\AppData\Roaming\nvModes.dat
2008-04-23 14:17 . 2008-04-23 15:40 <KANSIO> d-------- C:\Users\Arto\AppData\Roaming\Canon
2008-04-23 14:16 . 2008-04-23 14:16 <KANSIO> d-------- C:\Users\All Users\InstallShield
2008-04-23 14:16 . 2008-04-23 14:16 <KANSIO> d-------- C:\ProgramData\InstallShield
2008-04-23 14:15 . 2008-04-24 12:13 <KANSIO> d-------- C:\Users\All Users\ScanSoft
2008-04-23 14:15 . 2008-04-24 12:13 <KANSIO> d-------- C:\ProgramData\ScanSoft
2008-04-23 14:15 . 2008-04-23 14:15 <KANSIO> d-------- C:\Program Files\ScanSoft
2008-04-23 14:09 . 2008-04-23 14:09 <KANSIO> d-------- C:\Users\All Users\CanonIJPLM
2008-04-23 14:09 . 2008-04-23 14:09 <KANSIO> d-------- C:\ProgramData\CanonIJPLM
2008-04-23 14:04 . 2008-04-23 14:04 <KANSIO> d-------- C:\Program Files\Common Files\CANON
2008-04-23 14:00 . 2008-04-23 14:00 <KANSIO> d--h----- C:\Users\All Users\CanonBJ
2008-04-23 14:00 . 2008-04-23 14:00 <KANSIO> d--h----- C:\ProgramData\CanonBJ
2008-04-23 13:59 . 2008-04-23 13:59 <KANSIO> d--h----- C:\WINDOWS\System32\CanonIJ Uninstaller Information
2008-04-23 13:57 . 2007-04-15 23:00 215,040 --a------ C:\WINDOWS\System32\CNMLM93.DLL
2008-04-23 13:56 . 2007-03-23 10:30 1,400,832 --a------ C:\WINDOWS\System32\CNC610C.DLL
2008-04-23 13:56 . 2007-04-13 08:45 200,704 --a------ C:\WINDOWS\System32\CNC610L.DLL
2008-04-23 13:56 . 2007-03-15 08:12 188,416 --a------ C:\WINDOWS\System32\CNC610O.DLL
2008-04-23 13:56 . 2007-03-23 10:29 98,304 --a------ C:\WINDOWS\System32\CNC610I.DLL
2008-04-23 13:55 . 2008-04-23 13:55 <KANSIO> d--h----- C:\Program Files\CanonBJ
2008-04-23 13:54 . 2008-04-23 14:09 <KANSIO> d-------- C:\Program Files\Canon
2008-04-23 09:20 . 2008-04-23 09:20 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-23 09:07 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\System32\msonpmon.dll
2008-04-23 09:06 . 2008-04-23 09:06 <KANSIO> d-------- C:\Program Files\Microsoft.NET
2008-04-23 09:03 . 2008-04-23 09:39 <KANSIO> d-------- C:\Users\All Users\Microsoft Help
2008-04-23 09:03 . 2008-04-23 09:39 <KANSIO> d-------- C:\ProgramData\Microsoft Help
2008-04-23 09:03 . 2008-04-23 09:03 <KANSIO> dr-h----- C:\MSOCache
2008-04-23 08:55 . 2008-04-23 08:55 <KANSIO> d-------- C:\Users\Arto\AppData\Roaming\Watchtower
2008-04-23 08:51 . 2008-04-23 08:51 <KANSIO> d-------- C:\Program Files\Watchtower
2008-04-22 18:06 . 2008-04-22 18:06 <KANSIO> d-------- C:\Users\All Users\Google
2008-04-22 18:05 . 2008-04-22 18:06 <KANSIO> d-------- C:\Program Files\Google
2008-04-22 17:30 . 2008-04-22 17:30 194,560 --a------ C:\WINDOWS\System32\WebClnt.dll
2008-04-22 17:30 . 2008-04-22 17:30 110,080 --a------ C:\WINDOWS\System32\drivers\mrxdav.sys
2008-04-22 17:28 . 2008-04-22 17:28 8,147,968 --a------ C:\WINDOWS\System32\wmploc.DLL
2008-04-22 17:28 . 2008-04-22 17:28 1,060,920 --a------ C:\WINDOWS\System32\drivers\ntfs.sys
2008-04-22 17:28 . 2008-04-22 17:28 356,864 --a------ C:\WINDOWS\System32\MediaMetadataHandler.dll
2008-04-22 17:28 . 2008-04-22 17:28 41,984 --a------ C:\WINDOWS\System32\drivers\monitor.sys
2008-04-22 17:28 . 2008-04-22 17:28 7,680 --a------ C:\WINDOWS\System32\spwmp.dll
2008-04-22 17:28 . 2008-04-22 17:28 4,096 --a------ C:\WINDOWS\System32\msdxm.ocx
2008-04-22 17:28 . 2008-04-22 17:28 4,096 --a------ C:\WINDOWS\System32\dxmasf.dll
2008-04-22 17:26 . 2008-04-22 17:26 1,327,104 --a------ C:\WINDOWS\System32\quartz.dll
2008-04-22 17:26 . 2008-04-22 17:26 803,328 --a------ C:\WINDOWS\System32\drivers\tcpip.sys
2008-04-22 17:26 . 2008-04-22 17:26 216,632 --a------ C:\WINDOWS\System32\drivers\netio.sys
2008-04-22 17:26 . 2008-04-22 17:26 167,424 --a------ C:\WINDOWS\System32\tcpipcfg.dll
2008-04-22 17:26 . 2008-04-22 17:26 24,064 --a------ C:\WINDOWS\System32\netcfg.exe
2008-04-22 17:26 . 2008-04-22 17:26 22,016 --a------ C:\WINDOWS\System32\netiougc.exe
2008-04-22 17:23 . 2008-04-22 17:23 1,585,664 --a------ C:\WINDOWS\System32\setupapi.dll
2008-04-22 17:21 . 2008-04-22 17:21 2,027,008 --a------ C:\WINDOWS\System32\win32k.sys
2008-04-22 17:20 . 2008-04-22 17:20 4,247,552 --a------ C:\WINDOWS\System32\GameUXLegacyGDFs.dll
2008-04-22 17:20 . 2008-04-22 17:20 1,686,528 --a------ C:\WINDOWS\System32\gameux.dll
2008-04-22 17:20 . 2008-04-22 17:20 296,448 --a------ C:\WINDOWS\System32\gdi32.dll
2008-04-22 17:20 . 2008-04-22 17:20 223,232 --a------ C:\WINDOWS\System32\WMASF.DLL
2008-04-22 17:20 . 2008-04-22 17:20 9,728 --a------ C:\WINDOWS\System32\LAPRXY.DLL
2008-04-22 17:20 . 2008-04-22 17:20 2,048 --a------ C:\WINDOWS\System32\asferror.dll
2008-04-22 17:19 . 2008-04-22 17:19 737,792 --a------ C:\WINDOWS\System32\inetcomm.dll
2008-04-22 17:19 . 2008-04-22 17:19 84,480 --a------ C:\WINDOWS\System32\INETRES.dll
2008-04-22 17:19 . 2008-04-22 17:19 11,776 --a------ C:\WINDOWS\System32\sbunattend.exe
2008-04-22 17:17 . 2008-04-22 17:17 130,048 --a------ C:\WINDOWS\System32\drivers\srv2.sys
2008-04-22 17:17 . 2008-04-22 17:17 101,888 --a------ C:\WINDOWS\System32\drivers\mrxsmb.sys
2008-04-22 17:17 . 2008-04-22 17:17 84,992 --a------ C:\WINDOWS\System32\drivers\srvnet.sys
2008-04-22 17:17 . 2008-04-22 17:17 83,968 --a------ C:\WINDOWS\System32\dnsrslvr.dll
2008-04-22 17:17 . 2008-04-22 17:17 58,368 --a------ C:\WINDOWS\System32\drivers\mrxsmb20.sys
2008-04-22 17:17 . 2008-04-22 17:17 24,576 --a------ C:\WINDOWS\System32\dnscacheugc.exe
2008-04-22 17:16 . 2008-04-22 17:16 788,992 --a------ C:\WINDOWS\System32\rpcrt4.dll
2008-04-22 17:14 . 2008-04-22 17:14 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2008-04-22 17:12 . 2008-04-22 17:12 2,048 --a------ C:\WINDOWS\System32\tzres.dll
2008-04-22 17:11 . 2008-04-22 17:11 1,244,672 --a------ C:\WINDOWS\System32\mcmde.dll
2008-04-22 17:02 . 2008-04-22 17:02 <KANSIO> d-------- C:\Users\Arto\AppData\Roaming\Symantec
2008-04-22 17:00 . 2008-04-22 17:00 <KANSIO> dr------- C:\Users\Arto\Searches
2008-04-22 17:00 . 2008-04-22 17:00 <KANSIO> d-------- C:\Users\Arto\AppData\Roaming\DigitalPersona
2008-04-22 16:59 . 2008-04-24 21:23 <KANSIO> dr------- C:\Users\Arto\Contacts
2008-04-22 16:59 . 2008-04-22 16:59 81 --a------ C:\WINDOWS\System32\LOG
2008-04-22 16:59 . 2008-04-22 16:59 44 --a------ C:\WINDOWS\system\hpsysdrv.dat
2008-04-22 16:55 . 2008-04-22 16:55 <KANSIO> d-------- C:\Users\Arto\AppData\Roaming\Hewlett-Packard
2008-04-22 16:51 . 2008-04-23 09:06 <KANSIO> d-------- C:\Program Files\Microsoft Works
2008-04-22 16:49 . 2008-04-22 16:50 <KANSIO> d-------- C:\Users\All Users\Adobe
2008-04-22 16:48 . 2008-04-22 16:49 <KANSIO> d-------- C:\Program Files\Common Files\Adobe
2008-04-22 16:47 . 2008-04-22 16:47 <KANSIO> d-------- C:\WINDOWS\PCHEALTH
2008-04-22 16:47 . 2008-04-22 16:47 <KANSIO> d-------- C:\Program Files\MSN Messenger
2008-04-22 16:46 . 2008-04-22 16:47 <KANSIO> d-------- C:\Program Files\Common Files\LightScribe
2008-04-22 16:45 . 2008-04-22 16:45 0 -rahs---- C:\WINDOWS\System32\drivers\103C_HP_cNB_Pavilion dv9700 Notebook PC_Y5335KV_0U_QCNF80243Q2_E459053-DH1_4A_I30DA_SQuanta_V85.26_F.2C_T080324_WV3-0_L40B_M2047_J250_7AMD_8F82_91.90_#071223_N10DE0450;168C001C_(GZ969EA#UUW)_XMOBILE_CN10_Z.MRK
2008-04-22 16:44 . 2008-04-22 16:44 <KANSIO> d-------- C:\Users\Arto\AppData\Roaming\Macrovision
2008-04-22 16:43 . 2008-04-23 15:10 <KANSIO> dr------- C:\Users\Arto\Videos
2008-04-22 16:43 . 2008-04-22 17:00 <KANSIO> dr------- C:\Users\Arto\Saved Games
2008-04-22 16:43 . 2008-04-23 15:34 <KANSIO> dr------- C:\Users\Arto\Pictures
2008-04-22 16:43 . 2008-04-22 17:00 <KANSIO> dr------- C:\Users\Arto\Music
2008-04-22 16:43 . 2008-04-22 17:00 <KANSIO> dr------- C:\Users\Arto\Links
2008-04-22 16:43 . 2008-04-22 18:02 <KANSIO> dr------- C:\Users\Arto\Downloads
2008-04-22 16:43 . 2008-04-24 21:38 <KANSIO> dr------- C:\Users\Arto\Documents
2008-04-22 16:43 . 2006-11-02 15:37 <KANSIO> d-------- C:\Users\Arto\AppData\Roaming\Media Center Programs
2008-04-22 16:43 . 2008-04-22 16:43 <KANSIO> d--h----- C:\Users\Arto\AppData
2008-04-22 16:43 . 2008-04-23 13:59 <KANSIO> d-------- C:\Users\Arto
2008-04-22 16:43 . 2008-04-22 17:39 524,288 --ahs---- C:\Users\Arto\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
2008-04-22 16:43 . 2008-04-22 17:39 524,288 --ahs---- C:\Users\Arto\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
2008-04-22 16:43 . 2008-04-25 21:49 262,144 --ah----- C:\Users\Arto\ntuser.dat.LOG1
2008-04-22 16:43 . 2008-04-22 17:39 65,536 --ahs---- C:\Users\Arto\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
2008-04-22 16:43 . 2008-04-22 16:43 0 --ah----- C:\Users\Arto\ntuser.dat.LOG2
2008-04-22 16:38 . 2008-04-22 16:38 1,712,984 --a------ C:\WINDOWS\System32\wuaueng.dll
2008-04-22 16:38 . 2008-04-22 16:38 1,524,224 --a------ C:\WINDOWS\System32\wucltux.dll
2008-04-22 16:38 . 2008-04-22 16:38 53,080 --a------ C:\WINDOWS\System32\wuauclt.exe
2008-04-22 16:38 . 2008-04-22 16:38 43,352 --a------ C:\WINDOWS\System32\wups2.dll
2008-04-22 16:37 . 2008-04-22 16:37 549,720 --a------ C:\WINDOWS\System32\wuapi.dll
2008-04-22 16:37 . 2008-04-22 16:37 80,896 --a------ C:\WINDOWS\System32\wudriver.dll
2008-04-22 16:37 . 2008-04-22 16:37 33,624 --a------ C:\WINDOWS\System32\wups.dll
2008-04-22 16:36 . 2008-04-22 16:36 <KANSIO> dr------- C:\WINDOWS\System32\config\systemprofile\Contacts
2008-04-22 16:36 . 2008-04-22 16:36 163,000 --a------ C:\WINDOWS\System32\wuwebv.dll
2008-04-22 16:36 . 2008-04-22 16:36 31,232 --a------ C:\WINDOWS\System32\wuapp.exe

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-25 18:42 --------- d-----w C:\ProgramData\Symantec
2008-04-23 11:15 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-22 14:40 --------- d-----w C:\Program Files\Norton Internet Security
2008-04-22 14:40 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-22 14:39 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-22 14:39 --------- d-----w C:\Program Files\Windows Mail
2008-04-22 14:27 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-04-22 14:25 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-04-22 14:25 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-04-22 14:25 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-04-22 14:25 --------- d-----w C:\Program Files\Symantec
2008-04-22 14:20 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-04-22 14:20 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-04-22 14:20 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-04-22 14:20 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-04-22 14:20 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-04-22 14:15 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-22 14:15 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-22 14:15 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-22 14:15 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-04-22 14:01 --------- d-----w C:\ProgramData\NVIDIA
2008-04-22 13:47 --------- d-----w C:\Program Files\HPQ
2008-04-22 13:46 --------- d-----w C:\Program Files\HP
2008-04-22 13:36 --------- d-sh--w C:\ProgramData\Templates
2008-04-22 13:36 --------- d-sh--w C:\ProgramData\Start Menu
2008-04-22 13:36 --------- d-sh--w C:\ProgramData\Favorites
2008-04-22 13:36 --------- d-sh--w C:\ProgramData\Documents
2008-04-22 13:36 --------- d-sh--w C:\ProgramData\Desktop
2008-04-22 13:36 --------- d-sh--w C:\ProgramData\Application Data
2008-03-06 18:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-03-06 18:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-03-06 18:32 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat
2007-12-23 13:44 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-04-24_14.09.59.31 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-24 11:06:30 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-25 18:27:29 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-24 11:18:10 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-04-24 11:18:10 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-04-24 10:59:18 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-25 18:27:25 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-24 11:07:08 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-24 13:56:23 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-24 13:56:23 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-04-24 11:00:24 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-25 18:47:00 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-24 11:07:09 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-24 18:34:41 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-24 18:34:41 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-04-24 09:35:42 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-25 18:42:24 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-24 09:35:42 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-25 18:42:24 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-24 09:35:42 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-25 18:42:24 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-24 19:08:01 2,456 ----a-w C:\Windows\System32\networklist\icons\{1F53BF58-86F7-41F9-9640-C7945736AFB0}_24.bin
+ 2008-04-24 19:08:01 4,280 ----a-w C:\Windows\System32\networklist\icons\{1F53BF58-86F7-41F9-9640-C7945736AFB0}_32.bin
+ 2008-04-24 19:08:01 9,560 ----a-w C:\Windows\System32\networklist\icons\{1F53BF58-86F7-41F9-9640-C7945736AFB0}_48.bin
- 2008-04-23 12:47:33 103,924 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-04-24 14:00:31 103,924 ----a-w C:\Windows\System32\perfc009.dat
- 2008-04-23 12:47:33 83,896 ----a-w C:\Windows\System32\perfc00B.dat
+ 2008-04-24 14:00:31 83,896 ----a-w C:\Windows\System32\perfc00B.dat
- 2008-04-23 12:47:33 610,142 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-04-24 14:00:31 610,142 ----a-w C:\Windows\System32\perfh009.dat
- 2008-04-23 12:47:33 459,542 ----a-w C:\Windows\System32\perfh00B.dat
+ 2008-04-24 14:00:31 459,542 ----a-w C:\Windows\System32\perfh00B.dat
- 2008-04-24 10:46:21 3,814 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2500855807-140450306-3488081192-1000_UserData.bin
+ 2008-04-24 11:20:29 4,460 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2500855807-140450306-3488081192-1000_UserData.bin
- 2008-04-24 10:46:21 57,494 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-24 11:20:29 58,342 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-04-24 10:46:17 33,320 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-04-24 11:20:25 33,680 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-04-25 13:23:51 99,416 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-25 04:51 316784 --a------ c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-04-22 17:23 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-25 04:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-22 17:19 1232896]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 17:36 455968]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-04-22 18:06 171448]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 15:35 125440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-19 23:05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-19 23:05 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-19 23:05 81920]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 11:29 102400]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-10-01 06:34 181544]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-20 01:31 202032]
"OnScreenDisplay"="C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-05 00:54 554320]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 10:13 218408]
"DpAgent"="C:\Program Files\DigitalPersona\Bin\dpagent.exe" [2007-09-20 22:12 671744]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-23 16:04 1006264]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [ ]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 19:47 480560]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-09 02:53 311296]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 15:00 132496]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 19:01 644696]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 19:50 1603152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DCF507BC-F4FE-4A10-A155-BD56F59B76C6}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{BA0BF932-6DCB-4630-977C-96C889ABA098}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{E34059C3-F3A3-4392-8F01-B920F60F0D65}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{5A97A8A4-6CC0-4213-A1D0-A70644B65BE3}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{149A90DE-28C9-4464-8228-95ECF3FED449}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D4F1C685-688E-49A3-B3D4-8242EADC064F}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080423.001\IDSvix86.sys [2008-03-20 23:37]
R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 10:20]
R2 LiveUpdate Notice;LiveUpdate Notice;"c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS);"C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe" [2007-10-01 06:34]
R2 QPSched;QuickPlay Task Scheduler (QTS);"C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe" [2007-10-01 06:34]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 17:27]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-05-31 02:40]
R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 21:30]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-17 00:50]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-08-13 21:50]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 10:30]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-04-22 14:41:18 C:\Windows\Tasks\Norton Internet Security - Suorita täysi järjestelmäntarkistus - Arto.job"
- c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-25 21:49:13
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Users\Arto\AppData\Local\Temp\~DF282C.tmp 32768 bytes
C:\Users\Arto\AppData\Local\Temp\~DF2FD8.tmp

scan completed successfully
hidden files: 2

**************************************************************************
.
Completion time: 2008-04-25 21:50:04
ComboFix-quarantined-files.txt 2008-04-25 18:49:59

Pre-Run: 201,845,776,384 tavua vapaana
Post-Run: 201,841,848,320 tavua vapaana

313 --- E O F --- 2008-04-23 11:23:52

[ + lainaa]
AMD Athlon XP-A, 1853 MHz 2500+ | 1280mb ddr | NVIDIA GeForce 6600 GT (128 MB) | Nokia 446Xpro (4xUSB-Hub) [19" CRT] | SONY CD-RW(12x/8x/32x) & TSSTcorp CD/DVDW SH-S182M

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 25. huhtikuuta 2008 @ 22:18
Hujo
Suspended permanently
_ 		26. huhtikuuta 2008 @ 12:36 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Scannaa koneesi Kaspersky Online Scannerin

Ohjelman käynnistyessä kysytään sallitaanko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.
" Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
" Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
" Klikkaa nyt asetuksia, Scan Settings
" Tarkista asetuksista, että seuraavat ovat valittuina:
o Scan using the following Anti-Virus database:
+ Extended (Jos valittavissa, muuten valitse Standard)
o Scan Options:
+ Scan Archives
+ Scan Mail Bases
" Klikkaa OK
" Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
" Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
" Klikkaa nyt Save as Text-painiketta.
" Tallenna tiedosto työpöydällesi.
" Mikäli haluat jatkaa asian käsittelyä foorumissa niin kopioi tiedoston sisältö viestiisi.

[ + lainaa]
Voiko tietsikka koskaan toimia?
Brix777
Junior Member
_ 		27. huhtikuuta 2008 @ 13:03 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, April 27, 2008 2:21:00 AM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/04/2008
Kaspersky Anti-Virus database records: 726288
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 114797
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 01:00:02

Infected Object Name / Virus Name / Last Action
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.ilg Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\ProgramData\Symantec\Common Client\ccSubSDK\submissions.idx Object is locked skipped
C:\ProgramData\Symantec\Common Client\settings.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\settings.DAT Object is locked skipped
C:\ProgramData\Symantec\Common Client\volatile.DAT Object is locked skipped
C:\ProgramData\Symantec\Common Client\{098CCF48-4E90-43E0-A282-55A4E748B96B}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{88C2F96E-5235-4128-B7D7-FB4A1EB4322A}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{88C2F96E-5235-4128-B7D7-FB4A1EB4322A}.DAT Object is locked skipped
C:\ProgramData\Symantec\Common Client\{B75EFE3F-5A4F-4EE3-BBA1-1D5B60EA8FEB}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{B75EFE3F-5A4F-4EE3-BBA1-1D5B60EA8FEB}.DAT Object is locked skipped
C:\ProgramData\Symantec\Common Client\{BC721F2F-DD66-4C4A-BCD7-8E4BF055ECFF}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{BC721F2F-DD66-4C4A-BCD7-8E4BF055ECFF}.DAT Object is locked skipped
C:\ProgramData\Symantec\Common Client\{DC262AF8-C2EC-459F-A418-C06AEFF275C7}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{DC262AF8-C2EC-459F-A418-C06AEFF275C7}.DAT Object is locked skipped
C:\ProgramData\Symantec\LiveUpdate\2008-04-26_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\ProgramData\Symantec\Shared\QBackup\index.qbs Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\Shl_{4D23560F-7CBE-44FC-B106-14E6FB8A1FB7}.ldb Object is locked skipped
C:\ProgramData\Symantec\SPBBC\Shl_{4D23560F-7CBE-44FC-B106-14E6FB8A1FB7}.sds Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDALRT.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDCON.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDDBG.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDFW.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDIDS.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDSYS.log Object is locked skipped
C:\ProgramData\CyberLink\TinyDB\EPGSignal Object is locked skipped
C:\ProgramData\CyberLink\TinyDB\Schedule Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4b0cf7fa6ce0a899f7bd07564b01a60b_acbf7a3b-5874-4da3-a14d-5e2e081685c8 Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\Administrator.dat Object is locked skipped
C:\QooBox\Quarantine\C\ProgramData\Microsoft\Network\Downloader\qmgr0.dat.vir Object is locked skipped
C:\QooBox\Quarantine\C\ProgramData\Microsoft\Network\Downloader\qmgr1.dat.vir Object is locked skipped
C:\System.sav\Logs\LPs\Insda-dk.log.txt Object is locked skipped
C:\System.sav\Logs\LPs\Insfi-fi.log.txt Object is locked skipped
C:\System.sav\Logs\LPs\Insnb-no.log.txt Object is locked skipped
C:\System.sav\Logs\LPs\Inssv-se.log.txt Object is locked skipped
C:\Users\Arto\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Arto\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Arto\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008042620080427\index.dat Object is locked skipped
C:\Users\Arto\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\Arto\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Arto\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Arto\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\Arto\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Arto\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Arto\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Arto\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Arto\AppData\Local\Microsoft\Windows\UsrClass.dat{fceeed4b-1071-11dd-9bd9-001e68053fba}.TM.blf Object is locked skipped
C:\Users\Arto\AppData\Local\Microsoft\Windows\UsrClass.dat{fceeed4b-1071-11dd-9bd9-001e68053fba}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Arto\AppData\Local\Microsoft\Windows\UsrClass.dat{fceeed4b-1071-11dd-9bd9-001e68053fba}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Arto\AppData\Local\Microsoft\Windows Defender\FileTracker\{577B2510-CD9E-4996-8937-530B855C1E7E} Object is locked skipped
C:\Users\Arto\AppData\Local\Mozilla\Firefox\Profiles\uqnal3ox.default\Cache\_CACHE_001_ Object is locked skipped
C:\Users\Arto\AppData\Local\Mozilla\Firefox\Profiles\uqnal3ox.default\Cache\_CACHE_002_ Object is locked skipped
C:\Users\Arto\AppData\Local\Mozilla\Firefox\Profiles\uqnal3ox.default\Cache\_CACHE_003_ Object is locked skipped
C:\Users\Arto\AppData\Local\Mozilla\Firefox\Profiles\uqnal3ox.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Users\Arto\AppData\Local\Temp\ehmsas.txt Object is locked skipped
C:\Users\Arto\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Arto\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\Arto\AppData\Roaming\Mozilla\Firefox\Profiles\uqnal3ox.default\cert8.db Object is locked skipped
C:\Users\Arto\AppData\Roaming\Mozilla\Firefox\Profiles\uqnal3ox.default\GoogleToolbarData\googlesafebrowsing.db Object is locked skipped
C:\Users\Arto\AppData\Roaming\Mozilla\Firefox\Profiles\uqnal3ox.default\history.dat Object is locked skipped
C:\Users\Arto\AppData\Roaming\Mozilla\Firefox\Profiles\uqnal3ox.default\key3.db Object is locked skipped
C:\Users\Arto\AppData\Roaming\Mozilla\Firefox\Profiles\uqnal3ox.default\parent.lock Object is locked skipped
C:\Users\Arto\AppData\Roaming\Symantec\NPMDataStore\CIMStore.xml Object is locked skipped
C:\Users\Arto\NTUSER.DAT Object is locked skipped
C:\Users\Arto\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Arto\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Arto\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Users\Arto\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Arto\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Debug\sam.log Object is locked skipped
C:\WINDOWS\Logs\CBS\CBS.log Object is locked skipped
C:\WINDOWS\Logs\DPX\setupact.log Object is locked skipped
C:\WINDOWS\Logs\DPX\setuperr.log Object is locked skipped
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\WINDOWS\panther\diagerr.xml Object is locked skipped
C:\WINDOWS\panther\diagwrn.xml Object is locked skipped
C:\WINDOWS\panther\setupact.log Object is locked skipped
C:\WINDOWS\panther\setuperr.log Object is locked skipped
C:\WINDOWS\panther\UnattendGC\diagerr.xml Object is locked skipped
C:\WINDOWS\panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\WINDOWS\panther\UnattendGC\setupact.log Object is locked skipped
C:\WINDOWS\panther\UnattendGC\setuperr.log Object is locked skipped
C:\WINDOWS\security\database\secedit.sdb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{F22AA149-28E2-43D9-A661-EFB351554289}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\WINDOWS\System32\catroot2\edb.log Object is locked skipped
C:\WINDOWS\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\WINDOWS\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\WINDOWS\System32\config\COMPONENTS Object is locked skipped
C:\WINDOWS\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\WINDOWS\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\WINDOWS\System32\config\DEFAULT Object is locked skipped
C:\WINDOWS\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\WINDOWS\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\WINDOWS\System32\config\SAM Object is locked skipped
C:\WINDOWS\System32\config\SAM.LOG1 Object is locked skipped
C:\WINDOWS\System32\config\SAM.LOG2 Object is locked skipped
C:\WINDOWS\System32\config\SECURITY Object is locked skipped
C:\WINDOWS\System32\config\SECURITY.LOG1 Object is locked skipped
C:\WINDOWS\System32\config\SECURITY.LOG2 Object is locked skipped
C:\WINDOWS\System32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\WINDOWS\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\WINDOWS\System32\config\SYSTEM Object is locked skipped
C:\WINDOWS\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\WINDOWS\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\WINDOWS\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\WINDOWS\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\WINDOWS\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\WINDOWS\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\WINDOWS\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\WINDOWS\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\WINDOWS\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\WINDOWS\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
C:\WINDOWS\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
C:\WINDOWS\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\WINDOWS\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\System32\restore\MachineGuid.txt Object is locked skipped
C:\WINDOWS\System32\spool\SpoolerETW.etl Object is locked skipped
C:\WINDOWS\System32\sysprep\Panther\diagerr.xml Object is locked skipped
C:\WINDOWS\System32\sysprep\Panther\diagwrn.xml Object is locked skipped
C:\WINDOWS\System32\sysprep\Panther\setupact.log Object is locked skipped
C:\WINDOWS\System32\sysprep\Panther\setuperr.log Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped
C:\WINDOWS\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\WINDOWS\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\WINDOWS\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\DigitalPersona Pro.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-DateTimeControlPanel%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnosis-MSDT%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticResolver%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Forwarding%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Kernel-WDI%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-MeetingSpace%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-MemoryDiagnostics-Results%4Debug.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\System.evtx Object is locked skipped
C:\WINDOWS\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\WINDOWS\Temp\JETF584.tmp Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped
D:\$RECYCLE.BIN\Desktop.ini Object is locked skipped
D:\$RECYCLE.BIN\Folder.htt Object is locked skipped
D:\$RECYCLE.BIN\protect.chinese hong kong Object is locked skipped
D:\$RECYCLE.BIN\protect.chinese simplified Object is locked skipped
D:\$RECYCLE.BIN\protect.chinese traditional Object is locked skipped
D:\$RECYCLE.BIN\protect.czech Object is locked skipped
D:\$RECYCLE.BIN\protect.danish Object is locked skipped
D:\$RECYCLE.BIN\protect.dutch Object is locked skipped
D:\$RECYCLE.BIN\Protect.ed Object is locked skipped
D:\$RECYCLE.BIN\protect.english Object is locked skipped
D:\$RECYCLE.BIN\protect.finnish Object is locked skipped
D:\$RECYCLE.BIN\protect.french Object is locked skipped
D:\$RECYCLE.BIN\protect.german Object is locked skipped
D:\$RECYCLE.BIN\protect.greek Object is locked skipped
D:\$RECYCLE.BIN\protect.hebrew Object is locked skipped
D:\$RECYCLE.BIN\protect.hungarian Object is locked skipped
D:\$RECYCLE.BIN\protect.italian Object is locked skipped
D:\$RECYCLE.BIN\protect.japanese Object is locked skipped
D:\$RECYCLE.BIN\protect.korean Object is locked skipped
D:\$RECYCLE.BIN\protect.norwegian Object is locked skipped
D:\$RECYCLE.BIN\protect.polish Object is locked skipped
D:\$RECYCLE.BIN\protect.portuguese Object is locked skipped
D:\$RECYCLE.BIN\protect.portuguese brazilian Object is locked skipped
D:\$RECYCLE.BIN\protect.russian Object is locked skipped
D:\$RECYCLE.BIN\protect.spanish Object is locked skipped
D:\$RECYCLE.BIN\protect.swedish Object is locked skipped
D:\$RECYCLE.BIN\protect.turkish Object is locked skipped

Scan process completed.
[ + lainaa]
Hujo
Suspended permanently
_ 		27. huhtikuuta 2008 @ 16:10 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
scannaas uusi hjt:n loki
[ + lainaa]
Voiko tietsikka koskaan toimia?
Brix777
Junior Member
_ 		28. huhtikuuta 2008 @ 09:12 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Tässä tämä hjt-loki
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:37, on 2008-04-25
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\Windows Defender\MSASCui.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINDOWS\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\WINDOWS\ehome\EHTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Automaattinen LiveUpdate-ajastustoiminto (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9238 bytes
[ + lainaa]
Hujo
Suspended permanently
_ 		28. huhtikuuta 2008 @ 09:18 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Lataa SmitfraudFix (c) S!Ri
Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:

Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
Postita ponnahtava rapport ? muistion sisältö viestiketjuusi.
Löytyy myös C:\rapport.txt

Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat
(AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja.
A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä,
silloin ne saattavat varoittaa käyttäjää.

============

Lataa TÄSTÄ VundoFix.exe työpöydällesi.

Tupla-klikkaa VundoFix.exe ajaaksesi sen.
Klikkaa Scan for Vundo valintaa.
Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
Sinulta kysytään haluatko poistaa filut - klikkaa YES.
Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

[ + lainaa]
Voiko tietsikka koskaan toimia?
arthyr
Newbie
_ 		29. huhtikuuta 2008 @ 13:07 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Smitraudfixin lokiin(+) tulee vain teksti "käyttö estetty"
Vundofix ei löytänyt tartutettuja tiedsostoja
Tässä uusi hjt
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:37, on 2008-04-25
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\Windows Defender\MSASCui.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINDOWS\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\WINDOWS\ehome\EHTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Automaattinen LiveUpdate-ajastustoiminto (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9238 bytes
[ + lainaa]
Hujo
Suspended permanently
_ 		29. huhtikuuta 2008 @ 13:26 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Lataa Deckard's System Scanner
Työpöydällesi.

Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman.

[*]Sulje kaikki avoimet ikkunat ja ohjelmat.
[*]Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita.
[*]Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt
[*]Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V )
[*]kopioi ja liitä main.txt ja extra.txt sisältö seuraavaan vastaukseesi.
[ + lainaa]
Voiko tietsikka koskaan toimia?
arthyr
Newbie
_ 		30. huhtikuuta 2008 @ 14:00 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Tässä nämä tulokset

Deckard's System Scanner v20071014.68
Run by Arto on 2008-04-30 13:37:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
22: 2008-04-28 12:09:41 UTC - RP27 - Laitteen ohjainkokonaisuuden asentaminen: Canon Kuvankäsittelylaitteet
21: 2008-04-28 12:08:23 UTC - RP26 - Laitteen ohjainkokonaisuuden asentaminen: Canon Tulostimet
20: 2008-04-27 09:35:40 UTC - RP25 - Installed EasyCleaner
19: 2008-04-26 09:48:49 UTC - RP23 - Removed Java(TM) 6 Update 2
18: 2008-04-26 09:32:44 UTC - RP22 - Laitteen ohjainkokonaisuuden asentaminen: TeleWell USB-väyläohjaimet


-- First Restore Point --
1: 2008-04-22 13:45:14 UTC - RP4 - First_User_Boot


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Arto.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:40:13, on 30.4.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Arto\Desktop\dss.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Arto.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O23 - Service: Automaattinen LiveUpdate-ajastustoiminto (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8755 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 DpHost (Biometric Authentication Service) - c:\program files\digitalpersona\bin\dphostw.exe <Not Verified; DigitalPersona, Inc.; DigitalPersona Pro for Active Directory>
R2 HP Health Check Service - "c:\program files\hewlett-packard\hp health check\hphc_service.exe" <Not Verified; Hewlett-Packard; HP Health Check Service>
R2 IJPLMSVC (PIXMA Extended Survey Program) - c:\program files\canon\ijplm\ijplmsvc.exe <Not Verified; ; IJPLMSVC>

S3 Com4Qlb - "c:\program files\hewlett-packard\hp quick launch buttons\com4qlb.exe" <Not Verified; Hewlett-Packard Development Company, L.P.; HP Quick Launch Buttons>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-28 20:44:42 566 --a------ C:\Windows\Tasks\Norton Internet Security - Suorita täysi järjestelmäntarkistus - Arto.job


-- Files created between 2008-03-30 and 2008-04-30 -----------------------------

2008-04-28 17:41:03 0 d-------- C:\VundoFix Backups
2008-04-28 15:12:12 0 d--h----- C:\Users\All Users\CanonBJ
2008-04-28 15:10:36 0 d--h----- C:\Windows\system32\CanonIJ Uninstaller Information
2008-04-28 15:07:14 0 d--h----- C:\Program Files\CanonBJ
2008-04-27 12:36:24 0 d-------- C:\Program Files\ToniArts
2008-04-27 12:34:47 0 d-------- C:\Program Files\CCleaner
2008-04-26 13:43:11 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-04-26 12:33:26 0 d-------- C:\Program Files\TeleWell
2008-04-26 12:32:36 22048 --a------ C:\Windows\system32\cocpyinf.dll <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
2008-04-25 21:37:30 0 d-------- C:\Program Files\Trend Micro
2008-04-24 22:18:18 0 d-------- C:\Users\All Users\HP
2008-04-24 14:00:11 68096 --a------ C:\Windows\zip.exe
2008-04-24 14:00:11 49152 --a------ C:\Windows\VFind.exe
2008-04-24 14:00:11 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-24 14:00:11 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-24 14:00:11 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-24 14:00:11 98816 --a------ C:\Windows\sed.exe
2008-04-24 14:00:11 80412 --a------ C:\Windows\grep.exe
2008-04-24 14:00:11 73728 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-24 12:52:11 0 d-------- C:\Program Files\Eurowordgiga
2008-04-24 12:51:53 339968 -----n--- C:\Windows\Setup1.exe <Not Verified; Matti Aladin; Visual Basic 6.0 Asennus Suomi>
2008-04-24 12:51:50 73216 --a------ C:\Windows\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-04-24 12:40:13 0 d-------- C:\Program Files\ABBYY FineReader 6.0 Sprint
2008-04-23 14:16:07 0 d-------- C:\Users\All Users\InstallShield
2008-04-23 14:15:44 0 d-------- C:\Users\All Users\ScanSoft
2008-04-23 14:15:07 0 d-------- C:\Program Files\ScanSoft
2008-04-23 14:09:51 0 d-------- C:\Users\All Users\CanonIJPLM
2008-04-23 14:04:46 0 d-------- C:\Program Files\Common Files\CANON
2008-04-23 13:54:52 0 d-------- C:\Program Files\Canon
2008-04-23 09:20:51 0 --a------ C:\Windows\nsreg.dat
2008-04-23 09:06:21 0 d-------- C:\Program Files\Microsoft.NET
2008-04-23 09:03:36 0 d-------- C:\Users\All Users\Microsoft Help
2008-04-23 09:03:04 0 dr-h----- C:\MSOCache
2008-04-23 08:51:38 0 d-------- C:\Program Files\Watchtower
2008-04-22 18:06:30 0 d-------- C:\Users\All Users\Google
2008-04-22 18:05:01 0 d-------- C:\Program Files\Google
2008-04-22 17:14:35 0 d-------- C:\Program Files\MSXML 4.0
2008-04-22 17:00:11 0 dr------- C:\Users\Arto\Searches
2008-04-22 16:59:52 0 dr------- C:\Users\Arto\Contacts
2008-04-22 16:59:37 81 --a------ C:\Windows\system32\LOG
2008-04-22 16:59:30 44 --a------ C:\Windows\system\hpsysdrv.dat
2008-04-22 16:51:10 0 d-------- C:\Program Files\Microsoft Works
2008-04-22 16:49:07 0 d-------- C:\Users\All Users\Adobe
2008-04-22 16:48:50 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-22 16:47:28 0 d-------- C:\Windows\PCHEALTH
2008-04-22 16:47:28 0 d-------- C:\Program Files\MSN Messenger
2008-04-22 16:46:58 0 d-------- C:\Program Files\Common Files\LightScribe
2008-04-22 16:43:46 0 d--hs---- C:\Users\Arto\Verkkoympäristö
2008-04-22 16:43:46 0 d--hs---- C:\Users\Arto\Tulostinympäristö
2008-04-22 16:43:46 0 d--hs---- C:\Users\Arto\SendTo
2008-04-22 16:43:46 0 d--hs---- C:\Users\Arto\Recent
2008-04-22 16:43:46 0 d--hs---- C:\Users\Arto\Omat tiedostot
2008-04-22 16:43:46 0 d--hs---- C:\Users\Arto\Mallit
2008-04-22 16:43:46 0 d--hs---- C:\Users\Arto\Local Settings
2008-04-22 16:43:46 0 d--hs---- C:\Users\Arto\Käynnistä-valikko
2008-04-22 16:43:46 0 d--hs---- C:\Users\Arto\Cookies
2008-04-22 16:43:46 0 d--hs---- C:\Users\Arto\Application Data
2008-04-22 16:43:45 0 dr------- C:\Users\Arto\Documents
2008-04-22 16:43:45 0 dr------- C:\Users\Arto\Desktop
2008-04-22 16:43:45 0 d--h----- C:\Users\Arto\AppData
2008-04-22 16:43:44 0 dr------- C:\Users\Arto\Videos
2008-04-22 16:43:44 0 dr------- C:\Users\Arto\Saved Games
2008-04-22 16:43:44 0 dr------- C:\Users\Arto\Pictures
2008-04-22 16:43:44 1572864 --ahs---- C:\Users\Arto\NTUSER.DAT
2008-04-22 16:43:44 0 dr------- C:\Users\Arto\Music
2008-04-22 16:43:44 0 dr------- C:\Users\Arto\Links
2008-04-22 16:43:44 0 dr------- C:\Users\Arto\Favorites
2008-04-22 16:43:44 0 dr------- C:\Users\Arto\Downloads
2008-04-22 16:36:26 0 d--hs---- C:\Users\Default\Templates
2008-04-22 16:36:26 0 d--hs---- C:\Users\Default\Start Menu
2008-04-22 16:36:26 0 d--hs---- C:\Users\Default\SendTo
2008-04-22 16:36:26 0 d--hs---- C:\Users\Default\Recent
2008-04-22 16:36:26 0 d--hs---- C:\Users\Default\PrintHood
2008-04-22 16:36:26 0 d--hs---- C:\Users\Default\NetHood
2008-04-22 16:36:26 0 d--hs---- C:\Users\Default\My Documents
2008-04-22 16:36:26 0 d--hs---- C:\Users\Default\Local Settings
2008-04-22 16:36:26 0 d--hs---- C:\Users\Default\Cookies
2008-04-22 16:36:26 0 d--hs---- C:\Users\Default\Application Data
2008-04-22 16:36:26 0 d--hs---- C:\Users\All Users\Templates
2008-04-22 16:36:26 0 d--hs---- C:\Users\All Users\Start Menu
2008-04-22 16:36:26 0 d--hs---- C:\Users\All Users\Favorites
2008-04-22 16:36:26 0 d--hs---- C:\Users\All Users\Documents
2008-04-22 16:36:26 0 d--hs---- C:\Users\All Users\Desktop
2008-04-22 16:36:26 0 d--hs---- C:\Users\All Users\Application Data
2008-04-22 16:36:26 0 d--hs---- C:\Documents and Settings
2008-04-22 16:35:49 0 d--hs---- C:\System Volume Information


-- Find3M Report ---------------------------------------------------------------

2008-04-30 09:44:05 27240 --a------ C:\Users\Arto\AppData\Roaming\nvModes.001
2008-04-29 09:48:36 459542 --a------ C:\Windows\system32\perfh00B.dat
2008-04-29 09:48:36 83896 --a------ C:\Windows\system32\perfc00B.dat
2008-04-28 16:04:42 0 d-------- C:\Users\Arto\AppData\Roaming\Canon
2008-04-28 12:45:01 0 d-------- C:\Users\Arto\AppData\Roaming\Adobe
2008-04-27 12:36:22 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-26 12:49:34 0 d-------- C:\Program Files\Common Files
2008-04-24 22:18:18 0 d-------- C:\Users\Arto\AppData\Roaming\HP
2008-04-24 15:02:25 27240 --a------ C:\Users\Arto\AppData\Roaming\nvModes.dat
2008-04-23 14:15:42 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-23 09:20:49 0 d-------- C:\Users\Arto\AppData\Roaming\Mozilla
2008-04-23 09:15:23 0 d-------- C:\Users\Arto\AppData\Roaming\Google
2008-04-23 08:55:43 0 d-------- C:\Users\Arto\AppData\Roaming\Watchtower
2008-04-22 17:40:49 0 d-------- C:\Program Files\Norton Internet Security
2008-04-22 17:40:48 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-22 17:39:08 0 d-------- C:\Program Files\Windows Mail
2008-04-22 17:39:04 0 d-------- C:\Program Files\Windows Sidebar
2008-04-22 17:25:03 0 d-------- C:\Program Files\Symantec
2008-04-22 17:02:09 0 d-------- C:\Users\Arto\AppData\Roaming\Symantec
2008-04-22 17:00:23 0 d-------- C:\Users\Arto\AppData\Roaming\DigitalPersona
2008-04-22 16:59:57 0 d-------- C:\Users\Arto\AppData\Roaming\Identities
2008-04-22 16:56:07 0 d-------- C:\Users\Arto\AppData\Roaming\Macromedia
2008-04-22 16:55:28 0 d-------- C:\Users\Arto\AppData\Roaming\Hewlett-Packard
2008-04-22 16:55:24 0 dr------- C:\Program Files\Online Services
2008-04-22 16:47:09 0 d-------- C:\Program Files\HPQ
2008-04-22 16:46:35 0 d-------- C:\Program Files\HP
2008-04-22 16:44:51 0 d-------- C:\Users\Arto\AppData\Roaming\Macrovision


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
25.08.2007 04:51 316784 --a------ c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
22.04.2008 17:23 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [19.09.2007 23:05]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [19.09.2007 23:05]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [19.09.2007 23:05]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [15.09.2007 11:29]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [01.10.2007 06:34]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [20.09.2007 01:31]
"OnScreenDisplay"="C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [05.09.2007 00:54]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [17.08.2007 10:13]
"DpAgent"="C:\Program Files\DigitalPersona\Bin\dpagent.exe" [20.09.2007 22:12]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [23.12.2007 16:04]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [14.02.2008 11:01]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" []
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [13.09.2007 19:47]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [09.01.2007 02:53]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [16.02.2005 23:11]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11.05.2007 03:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [22.04.2008 17:19]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19.01.2007 12:55]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [23.08.2007 17:36]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [22.04.2008 18:06]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02.11.2006 15:35]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-04-30 13:41:07 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista? Home Premium (build 6000)
Architecture: X86; Language: Other (040B) - see http://preview.tinyurl.com/mhhp6

CPU 0: AMD Turion(tm) 64 X2 Mobile Technology TL-58
Percentage of Memory in Use: 47%
Physical Memory (total/avail): 2046.38 MiB / 1077.7 MiB
Pagefile Memory (total/avail): 4312.34 MiB / 3205.32 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1904.3 MiB

C: is Fixed (NTFS) - 223.1 GiB total, 182.15 GiB free.
D: is Fixed (NTFS) - 9.78 GiB total, 2.89 GiB free.
E: is CDROM (CDFS)
F: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD2500BEVS-60UST0 ATA Device - 232.88 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 223.1 GiB - C:
\PARTITION1 - Installable File System - 9.78 GiB - D:

\\.\PHYSICALDRIVE1 - Canon MP610 series USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Norton Internet Security v15.0.0.60 (Symantec Corporation)
AV: Norton Internet Security v15.0.0.60 (Symantec Corporation)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: Norton Internet Security v15.0.0.60 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Arto\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KURU2
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Arto
LOCALAPPDATA=C:\Users\Arto\AppData\Local
LOGONSERVER=\\KURU2
NUMBER_OF_PROCESSORS=2
OnlineServices=Online Services
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\CyberLink\Power2Go
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PCBRAND=Pavilion
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 104 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=6802
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Arto\AppData\Local\Temp
TMP=C:\Users\Arto\AppData\Local\Temp
USERDOMAIN=Kuru2
USERNAME=Arto
USERPART=E:
USERPROFILE=C:\Users\Arto
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Arto


-- Add/Remove Programs ---------------------------------------------------------

--> "c:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
--> C:\Program Files\Conexant\SmartAudio\SETUP.EXE -U -ISmartAudio -SM=SMAUDIO.EXE,1801
2007 Office Systemin yhteensopivuuspaketti --> MsiExec.exe /X{90120000-0020-040B-0000-0000000FF1CE}
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.0 - Suomi --> MsiExec.exe /I{AC76BA86-7AD7-1035-7B44-A81000000003}
Adobe Shockwave Player --> MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Atheros Driver Installation Program --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe" -l0x9 -removeonly
AuthenTec Fingerprint Sensor Minimum Install --> MsiExec.exe /X{7F362F06-A9A3-440F-8B19-6A01A72723C4}
Canon MP Navigator EX 1.0 --> "C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini
Canon MP610 series --> "C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series /L0x000b
Canon Utilities Easy-PhotoPrint EX --> C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
ccCommon --> MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CD-LabelPrint --> "C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
Component Framework --> MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -IQh30CFza.INF
CyberLink YouCam --> "C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
DigitalPersona Personal 3.0.0 --> MsiExec.exe /I{C7AF7F33-9092-997E-2D29-DE8095863FE3}
DVD Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
EasyCleaner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly
ESU for Microsoft Vista --> MsiExec.exe /I{68471BF2-F1F7-4C89-BBBA-400B94996596}
Euroword Giga --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Eurowordgiga\ST6UNST.LOG"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Hauppauge MCE XP/Vista Software Encoder (2.0.25149) --> C:\PROGRA~1\WinTV\UNSftMCE.EXE C:\PROGRA~1\WinTV\softMCE.LOG
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -I*.INF
Hewlett-Packard Active Check --> MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check --> MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Customer Experience Enhancements --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD0E2B92-3814-46F0-893B-4612EA010C7E}\setup.exe" -l0x9 -removeonly
HP Doc Viewer --> MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Frontend --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}\setup.exe" -l0x9 -removeonly
HP Help and Support --> MsiExec.exe /I{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}
HP Quick Launch Buttons 6.30 E1 --> C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninst
HP QuickPlay 3.6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP QuickTouch 1.00 C4 --> MsiExec.exe /I{7DC4A410-9986-4329-9E5D-687B2C42CA39}
HP Update --> MsiExec.exe /X{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}
HP User Guides 0088 --> MsiExec.exe /I{8347A7A5-4AB8-433F-82AA-496B0D189A9B}
HP Wireless Assistant --> MsiExec.exe /I{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}
Kaspersky Online Scanner --> C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LabelPrint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall
LiveUpdate (Symantec Corporation) --> MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "c:\ProgramData\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Microsoft Office Excel MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-0016-040B-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-00A1-040B-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-0018-040B-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (Finnish) --> MsiExec.exe /X{95120000-00AF-040B-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (Finnish) 2007 --> MsiExec.exe /X{90120000-001F-040B-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Swedish) 2007 --> MsiExec.exe /X{90120000-001F-041D-0000-0000000FF1CE}
Microsoft Office Proofing (Finnish) 2007 --> MsiExec.exe /X{90120000-002C-040B-0000-0000000FF1CE}
Microsoft Office Shared MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-006E-040B-0000-0000000FF1CE}
Microsoft Office Word MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-001B-040B-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{7D9EF8C1-1B76-44AF-A918-86CBA6FD24C8}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSCU for Microsoft Vista --> MsiExec.exe /I{F7F3B252-E772-48AA-93EB-7964BC326067}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Norton AntiVirus --> MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton AntiVirus Help --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Confidential Core --> MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
Norton Internet Security --> MsiExec.exe /I{3672B097-EA69-4BFE-B92F-29AE6D9D2B34}
Norton Internet Security --> MsiExec.exe /I{C1C185CA-C531-49F5-A6FA-B838405A049D}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_0_0_60\Setup.exe" /X
Norton Protection Center --> MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
PIXMA Extended Survey Program --> C:\Program Files\Canon\IJPLM\SETUP.EXE -R
Power2Go --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDirector --> "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
QuickPlay SlingPlayer 0.4.4 --> "C:\Program Files\HP\QuickPlay\unins000.exe"
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Office 2007 (KB946691) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Watchtower Library 2007 - Suomi --> C:\Program Files\Watchtower\Watchtower Library 2007\FI\uninst.exe
Windows Live Messenger --> MsiExec.exe /I{DF6FEB75-A0D1-44E5-A754-0072D4967734}


-- Application Event Log -------------------------------------------------------

Event Record #/Type1796 / Success
Event Submitted/Written: 04/30/2008 01:32:41 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1795 / Error
Event Submitted/Written: 04/30/2008 01:31:43 PM
Event ID/Source: 20227 / RasClient
Event Description:
CoID={35FF2B3A-3A69-4205-9187-0C70EDDD95EC}: Käyttäjä Kuru2\Arto valitsi yhteyden Laajakaistayhteys numeron, mutta yhteyden muodostus epäonnistui. Palautettu virhekoodi: 0.

Event Record #/Type1792 / Error
Event Submitted/Written: 04/30/2008 01:31:33 PM
Event ID/Source: 20227 / RasClient
Event Description:
CoID={78993D9F-F7B5-4729-A950-0D9B8407811E}: Käyttäjä Kuru2\Arto valitsi yhteyden Laajakaistayhteys numeron, mutta yhteyden muodostus epäonnistui. Palautettu virhekoodi: 0.

Event Record #/Type1789 / Error
Event Submitted/Written: 04/30/2008 01:31:24 PM
Event ID/Source: 20227 / RasClient
Event Description:
CoID={379675A6-3E11-4B67-B138-F694D09A03D9}: Käyttäjä Kuru2\Arto valitsi yhteyden Laajakaistayhteys numeron, mutta yhteyden muodostus epäonnistui. Palautettu virhekoodi: 0.

Event Record #/Type1783 / Error
Event Submitted/Written: 04/30/2008 00:50:08 PM
Event ID/Source: 20227 / RasClient
Event Description:
CoID={B771B497-E7AC-46BB-856E-4E6BAEB5F04B}: Käyttäjä Kuru2\Arto valitsi yhteyden Laajakaistayhteys numeron, mutta yhteyden muodostus epäonnistui. Palautettu virhekoodi: 815.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type13384 / Warning
Event Submitted/Written: 04/30/2008 01:40:23 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Kuru227 reaaliaikainen suojausagentti havaitsi muutoksia. Microsoft suosittelee, että analysoit muutokset tehneen ohjelman mahdollisten riskien varalta. Ohjelmien toimintaa koskevien tietojen avulla voit valita, haluatko sallia niiden suorittamisen vai poistaa ne tietokoneesta. Salli muutokset vain, jos luotat ohjelmaan tai ohjelmiston julkaisijaan. %Kuru227 ei voi kumota sallimiasi muutoksia.

Lisätietoja:
%Kuru2275

Tarkistustunnus: {8129B852-E673-4C7B-A36B-7A3C26692521}

Käyttäjä: Kuru2\Arto

Nimi: %Kuru2271

Tunnus: %Kuru2272

Vakavuustunnus: %Kuru2273

Luokan tunnus: %Kuru2274

Löytynyt polku: %Kuru2276

Hälytystyyppi: %Kuru2278

Havaitsemistyyppi: 1.1.1505.02

Event Record #/Type13383 / Warning
Event Submitted/Written: 04/30/2008 01:40:23 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Kuru227 reaaliaikainen suojausagentti havaitsi muutoksia. Microsoft suosittelee, että analysoit muutokset tehneen ohjelman mahdollisten riskien varalta. Ohjelmien toimintaa koskevien tietojen avulla voit valita, haluatko sallia niiden suorittamisen vai poistaa ne tietokoneesta. Salli muutokset vain, jos luotat ohjelmaan tai ohjelmiston julkaisijaan. %Kuru227 ei voi kumota sallimiasi muutoksia.

Lisätietoja:
%Kuru2275

Tarkistustunnus: {BF1A7798-6121-4FA5-9CE4-9B4D3A63F671}

Käyttäjä: Kuru2\Arto

Nimi: %Kuru2271

Tunnus: %Kuru2272

Vakavuustunnus: %Kuru2273

Luokan tunnus: %Kuru2274

Löytynyt polku: %Kuru2276

Hälytystyyppi: %Kuru2278

Havaitsemistyyppi: 1.1.1505.02

Event Record #/Type13382 / Warning
Event Submitted/Written: 04/30/2008 01:40:23 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Kuru227 reaaliaikainen suojausagentti havaitsi muutoksia. Microsoft suosittelee, että analysoit muutokset tehneen ohjelman mahdollisten riskien varalta. Ohjelmien toimintaa koskevien tietojen avulla voit valita, haluatko sallia niiden suorittamisen vai poistaa ne tietokoneesta. Salli muutokset vain, jos luotat ohjelmaan tai ohjelmiston julkaisijaan. %Kuru227 ei voi kumota sallimiasi muutoksia.

Lisätietoja:
%Kuru2275

Tarkistustunnus: {849B54A7-5409-4108-94FF-FE2080275633}

Käyttäjä: Kuru2\Arto

Nimi: %Kuru2271

Tunnus: %Kuru2272

Vakavuustunnus: %Kuru2273

Luokan tunnus: %Kuru2274

Löytynyt polku: %Kuru2276

Hälytystyyppi: %Kuru2278

Havaitsemistyyppi: 1.1.1505.02

Event Record #/Type13381 / Warning
Event Submitted/Written: 04/30/2008 01:40:23 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Kuru227 reaaliaikainen suojausagentti havaitsi muutoksia. Microsoft suosittelee, että analysoit muutokset tehneen ohjelman mahdollisten riskien varalta. Ohjelmien toimintaa koskevien tietojen avulla voit valita, haluatko sallia niiden suorittamisen vai poistaa ne tietokoneesta. Salli muutokset vain, jos luotat ohjelmaan tai ohjelmiston julkaisijaan. %Kuru227 ei voi kumota sallimiasi muutoksia.

Lisätietoja:
%Kuru2275

Tarkistustunnus: {E4DC183F-0C58-42C2-8AC5-5E3945C13A14}

Käyttäjä: Kuru2\Arto

Nimi: %Kuru2271

Tunnus: %Kuru2272

Vakavuustunnus: %Kuru2273

Luokan tunnus: %Kuru2274

Löytynyt polku: %Kuru2276

Hälytystyyppi: %Kuru2278

Havaitsemistyyppi: 1.1.1505.02

Event Record #/Type13358 / Warning
Event Submitted/Written: 04/30/2008 00:47:54 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Verkon DHCP-palvelin ei voinut uusia IP-osoitetta tietokoneen verkkokortille, jonka verkko-osoite on 001E68053FBA. Virhe:
%%1223. Tietokone jatkaa osoitteen pyytämistä verkon DHCP-palvelimelta.



-- End of Deckard's System Scanner: finished at 2008-04-30 13:41:07 ------------
[ + lainaa]
Hujo
Suspended permanently
_ 		30. huhtikuuta 2008 @ 15:10 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Muisti siellä on aika kovassa käytössä

Käynnistä > suorita kirjoita msconfig > ok
Käynnistys välilehti

Ota alla olevien edestä ruksi pois

nvsvc
jusched
HPWuSchd2
Reader_sl
SSBkgdupdate
NvMcTray


käytä ja ok
Käynnistä kone uudelleen ja laita pikkuseen neliöön ruksi ja paina sitten vasta ok

[ + lainaa]
Voiko tietsikka koskaan toimia?
arthyr
Newbie
_ 		30. huhtikuuta 2008 @ 15:43 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Jäikö sun hyvistä neuvoista jotain pois?
Käynnistys-välilehdellä ei ole mitään sellaista.
Siinä lukee vain
"Microsoft Winows Vista (C:\Windows):Nykyinen käyttöjärjestelmä;Oletuskäyttöjärjestelmä"
Lisäasetuksissakaan ei ollut niitä.
Palvelut> oli mahdollisuus ottaa pois rukseja, muttei ohjeessa mainittuja???
[ + lainaa]
Mainos
_ 		__
 
_
Hujo
Suspended permanently
_ 		30. huhtikuuta 2008 @ 18:25 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Hmmmm.

Lataa OTMoveIt
OTMoveIt ja tallenna se työpöydällesi.

Tuplaklikkaa OTMoveIt.exe.
Klikkaa CleanUp!.
Valitse Yes kun kysytään "Begin cleanup Process?".
Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.

HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.

[ + lainaa]
Voiko tietsikka koskaan toimia?

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 30. huhtikuuta 2008 @ 18:32
 
Sivu:12>
Aiheeseen liittyviä linkkejä
Lataa uusin versio HijackThis-ohjelmasta täältä!
 
Aiheeseen liittyviä viestiketjuja Viestejä Viimeisin viesti Keskustelualue
HJT Logi 2 3. kesäkuuta 2014 Virukset ja haittaohjelmat - HijackThis -logit
HJT-logi ja vale-firefox ongelmia....virus koneella ? 4 6. toukokuuta 2014 Virukset ja haittaohjelmat - HijackThis -logit
HJT logi, kone jumittaa 1 3. huhtikuuta 2014 Virukset ja haittaohjelmat - HijackThis -logit
Näppäimistö sekoilee hjt log 1 2. huhtikuuta 2014 Virukset ja haittaohjelmat - HijackThis -logit
HJT-log ja Malwarebytes- log, Troijalainen? Apu tarpeen! 2 10. maaliskuuta 2014 Virukset ja haittaohjelmat - HijackThis -logit
HJT-loki, kone valtavan hidas ja perusskannereiden läpi ajamisella ei vaikutusta 1 19. helmikuuta 2014 Virukset ja haittaohjelmat - HijackThis -logit
probook 445 hjt-logit 1 19. tammikuuta 2014 Virukset ja haittaohjelmat - HijackThis -logit
HJT loki tarkastukseen 1 19. tammikuuta 2014 Virukset ja haittaohjelmat - HijackThis -logit
Win7 + HJT ongelma ja kummitteleva Mass effect 2 1 11. tammikuuta 2014 Windows -ongelmat
HJT-logia.. 1 9. tammikuuta 2014 Virukset ja haittaohjelmat - HijackThis -logit

 
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > vistan prosessori täysillä hjt
 

Apua ongelmiin: AfterDawnin keskustelualueet | AfterDawnin Vastaukset
Uutiset: IT-alan uutiset | Uutisia puhelimista
Musiikkia: MP3Lizard.com
Tuotearviot: Laitevertailu | Vertaa puhelimia | Vertaa kännykkäliittymiä
Pelit: Pelitiedostot, pelidemot ja trailerit
Ohjelmat: download.fi | AfterDawnin ohjelma-alueet
International: AfterDawn in English | Software downloads | Free, legal MP3s | AfterDawn på svenska
RSS -syötteet: AfterDawnin uutiset | Uusimmat ohjelmapäivitykset | Keskustelualueiden viestit
Tietoja: Tietoa AfterDawn Oy:stä | Mainosta sivuillamme | Sivuston käyttöehdot ja tietoja yksityisyydensuojasta
Ota yhteyttä: Lähetä palautetta | Ota yhteyttä mainosmyyntiimme
 
  © 1999-2025 AfterDawn Oy