Apuva!! En saa poistettua millään

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:33:27, on 10.1.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\schtasks.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=74&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=74&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=74&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - F:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (file missing)
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - F:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "F:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O8 - Extra context menu item: Append to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9697 bytes

 

scannaa hjt:lolä merkkaa paina Fix checked

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "F:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:53:52, on 10.1.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\schtasks.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=74&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=74&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=74&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - F:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (file missing)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (file missing)
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - F:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O8 - Extra context menu item: Append to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9049 bytes

 

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi

 

Malwarebytes' Anti-Malware 1.32
Tietokantaversio: 1640
Windows 6.0.6001 Service Pack 1

11.1.2009 10:34:35
mbam-log-2009-01-11 (10-34-35).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|E:\|G:\|H:\|I:\|J:\|K:\|L:\|)
Tarkistetut kohteet: 198455
Kulunut aika: 1 hour(s), 11 minute(s), 52 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)

 

puhasta näytäis olevan mites kone toimii

 

Juu kone toimii normaalisti!!! Suuri kiitos sinulle!!! Osaisitkohan auttaa toisessa ongelmassa...? Joudun tekemään järjestelmän palautuksen joka kerta kun sammutan koneeni pitemmäksi aikaa kuin n. 5min.. Bluesreen tulee ja sit kone käynnistyy uudelleen ja pyytää tekee palautuksen?

 

niin mikäs kone noin tekee

 

tämä sama kone

 

1.Lataa Combofix.exe työpöydällesi yhdestä linkistä:
Combofix1
Combofix2

2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

ComboFix 09-01-11.02 - Zulu 2009-01-12 14:32:55.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1035.18.3070.1800 [GMT 2:00]
Sijainti: c:\users\Zulu\Downloads\ComboFix.exe
* Uusi palautuspiste luotu
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Mahdollisesti saastuneet sivut -----

hxxp://voicebunch.com
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-12-12 to 2009-01-12 )))))))))))))))))
.

2009-01-11 03:30 . 2009-01-04 18:38 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-11 03:30 . 2009-01-04 18:38 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-10 13:01 . 2009-01-10 13:02 <KANSIO> d-------- c:\users\Zulu\.SunDownloadManager
2009-01-10 12:27 . 2009-01-10 12:27 <KANSIO> d-------- c:\users\All Users\NortonInstaller
2009-01-10 12:27 . 2009-01-10 12:27 <KANSIO> d-------- c:\programdata\NortonInstaller
2009-01-10 10:26 . 2008-11-26 19:17 51,792 --a------ c:\windows\System32\drivers\aswMonFlt.sys
2009-01-09 23:32 . 2009-01-09 23:32 <KANSIO> d-------- c:\users\Zulu\AppData\Roaming\Malwarebytes
2009-01-09 23:32 . 2009-01-09 23:32 <KANSIO> d-------- c:\users\All Users\Malwarebytes
2009-01-09 23:32 . 2009-01-09 23:32 <KANSIO> d-------- c:\programdata\Malwarebytes
2009-01-09 23:32 . 2009-01-11 03:30 <KANSIO> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-09 19:41 . 2009-01-09 19:41 <KANSIO> d-------- c:\program files\Trend Micro
2009-01-09 18:54 . 2009-01-09 18:54 <KANSIO> d-------- c:\users\Zulu\AppData\Roaming\PC Tools
2009-01-09 18:54 . 2009-01-10 00:52 <KANSIO> d-------- c:\program files\Spyware Doctor
2009-01-08 23:49 . 2009-01-08 23:49 <KANSIO> d-------- c:\program files\Panda Security
2008-12-30 19:30 . 2009-01-05 17:57 <KANSIO> d-------- c:\users\Zulu\AppData\Roaming\Canon
2008-12-24 16:54 . 2008-12-24 16:54 <KANSIO> d-------- c:\users\All Users\CanonIJPLM
2008-12-24 16:54 . 2008-12-24 16:54 <KANSIO> d-------- c:\programdata\CanonIJPLM
2008-12-24 16:52 . 2008-12-24 16:52 <KANSIO> d-------- c:\users\Zulu\AppData\Roaming\ScanSoft
2008-12-24 16:52 . 2008-12-24 16:52 <KANSIO> d-------- c:\users\All Users\ScanSoft
2008-12-24 16:52 . 2008-12-24 16:52 <KANSIO> d-------- c:\users\All Users\InstallShield
2008-12-24 16:52 . 2008-12-24 16:52 <KANSIO> d-------- c:\programdata\ScanSoft
2008-12-24 16:52 . 2008-12-24 16:52 <KANSIO> d-------- c:\programdata\InstallShield
2008-12-24 16:52 . 2008-12-24 16:52 <KANSIO> d-------- c:\program files\Common Files\ScanSoft Shared
2008-12-24 16:52 . 2008-12-24 16:52 412 --a------ c:\windows\MAXLINK.INI
2008-12-24 16:51 . 2008-12-24 16:51 <KANSIO> d-------- c:\program files\ScanSoft
2008-12-24 16:50 . 2008-12-24 16:50 <KANSIO> d-------- c:\program files\Common Files\CANON
2008-12-24 16:48 . 2008-12-24 16:48 <KANSIO> d--h----- c:\users\All Users\CanonBJ
2008-12-24 16:48 . 2008-12-24 16:48 <KANSIO> d--h----- c:\programdata\CanonBJ
2008-12-24 16:47 . 2008-12-24 16:47 <KANSIO> d--h----- c:\windows\System32\CanonIJ Uninstaller Information
2008-12-24 16:46 . 2007-03-23 09:30 1,400,832 --a------ c:\windows\System32\CNC210C.DLL
2008-12-24 16:46 . 2007-03-18 22:00 215,040 --a------ c:\windows\System32\CNMLM8S.DLL
2008-12-24 16:46 . 2007-03-19 03:16 200,704 --a------ c:\windows\System32\CNC210L.DLL
2008-12-24 16:46 . 2007-03-15 07:12 188,416 --a------ c:\windows\System32\CNC210O.DLL
2008-12-24 16:46 . 2007-03-23 09:29 98,304 --a------ c:\windows\System32\CNC210I.DLL
2008-12-24 16:45 . 2008-12-24 16:45 <KANSIO> d--h----- c:\program files\CanonBJ
2008-12-24 16:45 . 2008-12-24 16:54 <KANSIO> d-------- c:\program files\Canon
2008-12-22 22:41 . 2008-12-23 00:12 <KANSIO> d-------- c:\users\All Users\LightScribe
2008-12-22 22:41 . 2008-12-23 00:12 <KANSIO> d-------- c:\programdata\LightScribe
2008-12-22 22:38 . 2008-12-22 22:49 <KANSIO> d-------- c:\users\Zulu\AppData\Roaming\Nero
2008-12-22 21:38 . 2008-12-22 21:38 4,767 --a------ c:\windows\Irremote.ini
2008-12-22 21:21 . 2008-12-22 21:36 <KANSIO> d-------- c:\program files\Nero
2008-12-22 21:20 . 2008-12-22 21:29 <KANSIO> d-------- c:\users\All Users\Nero
2008-12-22 21:20 . 2008-12-22 21:29 <KANSIO> d-------- c:\programdata\Nero
2008-12-22 21:20 . 2008-12-22 21:52 <KANSIO> d-------- c:\program files\Common Files\Nero
2008-12-18 22:40 . 2009-01-11 20:26 <KANSIO> d-------- c:\program files\PAFPoker
2008-12-18 19:51 . 2008-12-18 19:54 <KANSIO> d-------- c:\program files\PAF Diamond Poker
2008-12-15 21:32 . 2009-01-01 11:43 <KANSIO> d-------- c:\users\Zulu\AppData\Roaming\dvdcss
2008-12-13 16:18 . 2009-01-05 12:17 <KANSIO> d-------- c:\program files\SEGA
2008-12-13 14:06 . 2008-12-13 14:06 <KANSIO> d-------- c:\users\All Users\RTL Winter Sports 2008
2008-12-13 14:06 . 2008-12-13 14:06 <KANSIO> d-------- c:\programdata\RTL Winter Sports 2008
2008-12-13 13:47 . 2008-12-13 14:05 <KANSIO> d-------- c:\program files\RTL Winter Sports 2008
2008-12-12 18:39 . 2008-12-12 18:39 278,728 --a------ c:\windows\System32\drivers\atksgt.sys
2008-12-12 18:39 . 2008-12-12 18:39 25,416 --a------ c:\windows\System32\drivers\lirsgt.sys
2008-12-12 17:30 . 2008-10-22 03:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-12 09:54 . 2008-12-12 09:55 <KANSIO> d-------- c:\users\All Users\Lavasoft
2008-12-12 09:54 . 2008-12-12 09:55 <KANSIO> d-------- c:\programdata\Lavasoft
2008-12-12 09:54 . 2008-12-12 09:54 <KANSIO> d-------- c:\program files\Lavasoft

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-12 07:05 --------- d-----w c:\users\Zulu\AppData\Roaming\uTorrent
2009-01-10 11:24 --------- d-----w c:\program files\CCleaner
2009-01-10 10:29 --------- d-----w c:\programdata\Symantec
2009-01-10 08:09 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-10 08:09 --------- d-----w c:\users\Zulu\AppData\Roaming\vlc
2009-01-10 08:09 --------- d-----w c:\users\Zulu\AppData\Roaming\DAEMON Tools
2009-01-10 08:09 --------- d-----w c:\programdata\FLEXnet
2009-01-10 08:09 --------- d-----w c:\program files\Microsoft Works
2009-01-10 08:09 --------- d-----w c:\program files\Google
2009-01-10 08:09 --------- d-----w c:\program files\Common Files\SureThing Shared
2009-01-10 08:07 --------- d---a-w c:\programdata\TEMP
2009-01-08 17:45 504 ----a-w c:\users\Zulu\AppData\Roaming\wklnhst.dat
2008-12-28 18:10 --------- d-----w c:\program files\Webteh
2008-12-24 14:52 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-22 19:19 --------- d---a-w c:\program files\Common Files\LightScribe
2008-12-21 22:31 --------- d-----w c:\users\Zulu\AppData\Roaming\Roxio
2008-12-13 01:26 --------- d-----w c:\program files\Windows Mail
2008-12-12 07:53 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-11 05:08 173,360,989 ----a-w c:\windows\DUMP7982.tmp
2008-12-09 11:21 --------- d-----w c:\programdata\NVIDIA
2008-12-08 17:56 --------- d-----w c:\program files\B2BPOKER
2008-12-07 08:40 --------- d-----w c:\users\Zulu\AppData\Roaming\Leadertech
2008-12-07 08:22 --------- d-----w c:\program files\EA Sports
2008-12-05 21:53 --------- d-----w c:\program files\Common Files\Adobe
2008-12-05 21:44 --------- d-----w c:\program files\Common Files\Control Panels
2008-12-05 21:42 --------- d-----w c:\programdata\ALM
2008-12-05 21:29 --------- d-----w c:\program files\Bonjour
2008-12-05 21:28 --------- d-----w c:\program files\QuickTime
2008-12-04 19:30 --------- d-----w c:\program files\PokerStars.NET
2008-12-04 12:12 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2008-12-03 16:27 --------- d-----w c:\program files\Rockstar Games
2008-12-03 16:15 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
2008-12-03 13:46 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2008-12-02 13:06 --------- d-----w c:\program files\AGEIA Technologies
2008-11-30 11:13 --------- d-----w c:\program files\Logitech
2008-11-30 11:13 --------- d-----w c:\program files\Common Files\Logitech
2008-11-30 10:54 --------- d-----w c:\users\Zulu\AppData\Roaming\ProtectDisc
2008-11-28 13:35 --------- d-----w c:\program files\DC++
2008-11-28 09:33 --------- d-----w c:\program files\Last.fm
2008-11-26 09:10 --------- d-----w c:\programdata\Last.fm
2008-11-25 15:52 --------- d-----w c:\users\Zulu\AppData\Roaming\Download Manager
2008-11-19 17:58 --------- d-----w c:\program files\Activision
2008-11-18 07:15 --------- d-----w c:\users\Zulu\AppData\Roaming\Notepad++
2008-11-17 16:18 --------- d--h--r c:\users\Zulu\AppData\Roaming\SecuROM
2008-11-17 16:02 --------- d-----w c:\program files\Ubisoft
2008-11-16 17:06 174 --sha-w c:\program files\desktop.ini
2008-11-16 17:04 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-11-16 16:59 --------- d-----w c:\program files\Windows Sidebar
2008-11-16 16:59 --------- d-----w c:\program files\Windows Photo Gallery
2008-11-16 16:59 --------- d-----w c:\program files\Windows Journal
2008-11-16 16:59 --------- d-----w c:\program files\Windows Defender
2008-11-16 16:59 --------- d-----w c:\program files\Windows Collaboration
2008-11-16 16:59 --------- d-----w c:\program files\Windows Calendar
2008-11-16 16:52 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-11-16 16:52 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-11-16 16:41 --------- d-----w c:\program files\DAEMON Tools Toolbar
2008-11-16 12:28 --------- d-----w c:\program files\DAEMON Tools Lite
2008-11-16 12:24 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-11-15 15:21 --------- d-----w c:\program files\VideoLAN
2008-11-13 07:41 --------- d-----w c:\program files\WinSCP
2008-11-13 07:41 --------- d-----w c:\program files\PhotoFiltre
2008-11-13 07:41 --------- d-----w c:\program files\Notepad++
2008-11-12 21:22 --------- d-----w c:\programdata\Microsoft Help
2008-11-11 05:17 428,544 ----a-w c:\windows\System32\EncDec.dll
2008-11-11 05:17 293,376 ----a-w c:\windows\System32\psisdecd.dll
2008-11-11 05:17 269,312 ----a-w c:\windows\System32\es.dll
2008-11-09 12:23 61,440 ----a-w c:\windows\System32\winipsec.dll
2008-11-09 12:23 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL
2008-11-09 12:23 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll
2008-11-09 12:23 272,896 ----a-w c:\windows\System32\polstore.dll
2008-11-09 12:22 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-11-09 12:22 1,695,744 ----a-w c:\windows\System32\gameux.dll
2008-11-09 12:17 303,616 ----a-w c:\windows\System32\wmpeffects.dll
2008-11-09 12:17 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-11-09 12:11 6,656 ----a-w c:\windows\System32\kbd106n.dll
2008-11-09 12:10 988,216 ----a-w c:\windows\System32\winload.exe
2008-11-09 12:10 927,288 ----a-w c:\windows\System32\winresume.exe
2008-11-09 12:10 615,992 ----a-w c:\windows\System32\ci.dll
2008-11-09 12:10 46,592 ----a-w c:\windows\System32\setbcdlocale.dll
2008-11-09 12:10 40,960 ----a-w c:\windows\System32\srclient.dll
2008-11-09 12:10 378,368 ----a-w c:\windows\System32\srcore.dll
2008-11-09 12:10 318,464 ----a-w c:\windows\System32\rstrui.exe
2008-11-09 12:10 19,000 ----a-w c:\windows\System32\kd1394.dll
2008-11-09 12:10 14,848 ----a-w c:\windows\System32\srdelayed.exe
2008-11-09 12:07 443,392 ----a-w c:\windows\System32\win32spl.dll
2008-11-09 12:07 37,888 ----a-w c:\windows\System32\printcom.dll
2008-11-09 12:06 14,848 ----a-w c:\windows\System32\wshrm.dll
2008-11-09 12:05 84,480 ----a-w c:\windows\System32\INETRES.dll
2008-11-09 12:05 738,304 ----a-w c:\windows\System32\inetcomm.dll
2008-11-09 12:05 1,314,816 ----a-w c:\windows\System32\quartz.dll
2008-11-09 12:04 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-11-09 12:04 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-11-08 15:57 319,456 ----a-w c:\windows\DIFxAPI.dll
2008-11-08 15:57 315,392 ----a-w c:\windows\HideWin.exe
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-08-28 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-28 8473120]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-28 81920]
"Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F7E4684A-18AF-4363-BB42-17EA46E9C1A9}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{1C90DAEC-FA73-4138-8736-E8C22ED5FEA0}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{F03AEB78-B2B1-421E-842E-B0C36FD677A2}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F26F9DA2-F696-4573-A59E-42F63B4D70A5}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{30DADED2-E9CC-4AAA-B7B5-D5DB45BC9497}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{2063E22A-65A5-4569-9B72-4C83DB95D742}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{6F638791-26E5-484D-8B01-93566750F71E}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{680C1764-9C57-40AE-8D28-66195B61EC1D}"= UDP:f:\hc kekkonen\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{F3D17EA0-11E1-4F32-9A18-22AB85C5F6EA}"= TCP:f:\hc kekkonen\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{182EB5E1-6D36-4AB8-8261-3CE11EDAC2FB}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{BF50EF09-E5BE-42E7-B787-D606C593FDE9}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"TCP Query User{B21E1FF8-4D01-4755-BC86-F0EFD0BAA369}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= UDP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"UDP Query User{2A264DE6-EC36-440D-9751-0A91123BAEED}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= TCP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"{CBAB0F42-93FF-4195-A56E-59620B820EFB}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{4FBF0AA8-1D53-416A-8FCF-B2B67A80A7AC}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{EC633511-5322-4C37-A64D-A37FDFE2DB3A}"= UDP:3703:Adobe Version Cue CS3 Server
"{38B66995-0BC0-4B45-9ADF-C48544607795}"= UDP:3704:Adobe Version Cue CS3 Server
"{F3BEAC57-3913-435C-861C-ED20E59DA747}"= UDP:50900:Adobe Version Cue CS3 Server
"{BBDA5B3F-E9D2-4C55-A1E2-440ECCE88B38}"= UDP:50901:Adobe Version Cue CS3 Server
"{7BD5E2A2-D943-40CD-8BF3-89F5CEC9D14F}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{0EDEAA78-E5F4-4295-A478-928617AABCAA}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"TCP Query User{992AC84F-2A8C-42F0-B390-975A3C63826D}c:\\program files\\dc++\\dcplusplus.exe"= UDP:c:\program files\dc++\dcplusplus.exeC++
"UDP Query User{9EE5CFE4-3D22-4997-B765-7847C01139F9}c:\\program files\\dc++\\dcplusplus.exe"= TCP:c:\program files\dc++\dcplusplus.exeC++
"TCP Query User{54564D01-C26E-4550-A193-75E390373A4B}c:\\program files\\b2bpoker\\pokerihuone\\jre\\bin\\javaw.exe"= UDP:c:\program files\b2bpoker\pokerihuone\jre\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary
"UDP Query User{91B56B62-83DE-471C-8854-E610D8F8D7A9}c:\\program files\\b2bpoker\\pokerihuone\\jre\\bin\\javaw.exe"= TCP:c:\program files\b2bpoker\pokerihuone\jre\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary
"{AABA550C-DBF4-4C30-9BE4-D40E20D4C288}"= UDP:c:\program files\SEGA\Beijing 2008\Beijing.exe:Beijing 2008™
"{717F340A-611B-4BB7-B6A5-7611544B2ABE}"= TCP:c:\program files\SEGA\Beijing 2008\Beijing.exe:Beijing 2008™
"TCP Query User{C3D5B1EA-B398-49B7-989E-BB5144AEE65E}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{344C9BFD-FF78-422B-80B2-9C8BD87FE7F6}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{9AB1B6E7-4609-4CB3-8D5C-35090CCD8C52}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= UDP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"UDP Query User{BBF1C6E8-98D7-4985-8CE6-769A0E4A4564}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= TCP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"{3A31E5AD-05DA-48A7-99F8-95A5B65CC085}"= UDP:c:\users\Zulu\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{DEAFBDE4-34B5-4A0C-A22D-4C5BF5A05141}"= TCP:c:\users\Zulu\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-01-10 111184]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\System32\drivers\HCW85BDA.sys [2008-11-08 968064]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\System32\drivers\netr73.sys [2008-02-26 493568]
R4 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-01-10 20560]
R4 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-01-10 51792]
R4 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2008-11-08 198240]

--- Muut muistissa olevat ajurit/palvelut ---

*Deregistered* - sptd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bfc2607-adab-11dd-80ca-806e6f6e6963}]
\shell\AutoRun\command - E:\Autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
'Ajoitetut tehtävät'-kansion sisältö

2008-12-22 c:\windows\Tasks\Norton Internet Security - Suorita täyd. järj.tarkistus - Zulu.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe []
.
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=74&bd=Pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=74&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe

c:\windows\Downloaded Program Files\Manager.exe - c:\windows\Downloaded Program Files\DownloadManagerV2.ocx
O16 -: {4871A87A-BFDD-4106-8153-FFDE2BAC2967}
hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
c:\windows\Downloaded Program Files\DownloadManagerV2.inf
FF - ProfilePath - c:\users\Zulu\AppData\Roaming\Mozilla\Firefox\Profiles\4hvypeoz.default\
FF - prefs.js: browser.startup.homepage - www.suomi24.fi
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1361345&SearchSource=2&q=
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-12 14:35:29
Windows 6.0.6001 Service Pack 1 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
Valmistumisajankohta: 2009-01-12 14:36:59
ComboFix-quarantined-files.txt 2009-01-12 12:36:57

Ennen ajoa: 185 474 711 552 tavua vapaana
Ajon jälkeen: 185,576,652,800 tavua vapaana

298 --- E O F --- 2009-01-10 13:17:51

 

Nyt tuon alla olevan Kopioit / liität Tyhjään muistioon
käynnistä nappi >apuohjelmat > muistio

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.



combofix työstää tulee sininen taulu paina numeroa 1 ja enter

Laita tuleva loki tänne.

Sammutat ja käynnistät koneen

 

ComboFix 09-01-11.02 - Zulu 2009-01-12 17:26:23.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1035.18.3070.1631 [GMT 2:00]
Sijainti: c:\users\Zulu\Downloads\ComboFix.exe
Käytetyt komentorivivalitsimet :: c:\users\Zulu\Documents\CFScript.txt
* Uusi palautuspiste luotu
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Panda Security
c:\program files\Panda Security\ActiveScan 2.0\ee366d2b2e4ede8287de879e85a0dcc2KRN_DATA
c:\program files\Panda Security\ActiveScan 2.0\ee366d2b2e4ede8287de879e85a0dcc2PSK_NM
c:\program files\Panda Security\ActiveScan 2.0\ee366d2b2e4ede8287de879e85a0dcc2PSK_NM2
c:\program files\Panda Security\ActiveScan 2.0\nanocache.fil2
c:\program files\Panda Security\ActiveScan 2.0\pav.sig
c:\program files\Panda Security\ActiveScan 2.0\pavvts.dat
c:\program files\Panda Security\ActiveScan 2.0\psnengav.nsc
c:\program files\Panda Security\ActiveScan 2.0\psqstore\Invent.QCF
c:\program files\Panda Security\ActiveScan 2.0\psqstore\Invent.QCF.ext
c:\programdata\NortonInstaller
c:\programdata\NortonInstaller\Logs\1-10-2009-12h27m23s\SymNRT-1-10-2009-12h27m23s.log
c:\programdata\NortonInstaller\Logs\1-10-2009-12h27m23s\SymNRT.1.mft.7z
c:\programdata\NortonInstaller\Settings\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}.7z
c:\programdata\Symantec
c:\programdata\Symantec\ErrLogs\{4843B611-8FCB-4428-8C23-31D0A5EAE164}1b5c8b1d.zip.log
c:\programdata\Symantec\ErrLogs\{4843B611-8FCB-4428-8C23-31D0A5EAE164}362f0a40.zip
c:\programdata\Symantec\ErrLogs\{4843B611-8FCB-4428-8C23-31D0A5EAE164}362f0a40.zip.log
c:\programdata\Symantec\ErrLogs\{4843B611-8FCB-4428-8C23-31D0A5EAE164}8ac1385d.zip
c:\programdata\Symantec\ErrLogs\{4843B611-8FCB-4428-8C23-31D0A5EAE164}bc04d8ef.zip
c:\programdata\Symantec\ErrLogs\{4843B611-8FCB-4428-8C23-31D0A5EAE164}c625e94c.zip.log
c:\programdata\Symantec\ErrLogs\Uploaded\{4843B611-8FCB-4428-8C23-31D0A5EAE164}1b5c8b1d.zip
c:\programdata\Symantec\ErrLogs\Uploaded\{4843B611-8FCB-4428-8C23-31D0A5EAE164}c625e94c.zip
c:\users\All Users\NortonInstaller\Logs\1-10-2009-12h27m23s\SymNRT-1-10-2009-12h27m23s.log
c:\users\All Users\NortonInstaller\Logs\1-10-2009-12h27m23s\SymNRT.1.mft.7z
c:\users\All Users\NortonInstaller\Settings\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}.7z

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-12-12 to 2009-01-12 )))))))))))))))))
.

2009-01-11 03:30 . 2009-01-04 18:38 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-11 03:30 . 2009-01-04 18:38 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-10 13:01 . 2009-01-10 13:02 <KANSIO> d-------- c:\users\Zulu\.SunDownloadManager
2009-01-10 10:26 . 2008-11-26 19:17 51,792 --a------ c:\windows\System32\drivers\aswMonFlt.sys
2009-01-09 23:32 . 2009-01-09 23:32 <KANSIO> d-------- c:\users\Zulu\AppData\Roaming\Malwarebytes
2009-01-09 23:32 . 2009-01-09 23:32 <KANSIO> d-------- c:\users\All Users\Malwarebytes
2009-01-09 23:32 . 2009-01-09 23:32 <KANSIO> d-------- c:\programdata\Malwarebytes
2009-01-09 23:32 . 2009-01-11 03:30 <KANSIO> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-09 19:41 . 2009-01-09 19:41 <KANSIO> d-------- c:\program files\Trend Micro
2009-01-09 18:54 . 2009-01-09 18:54 <KANSIO> d-------- c:\users\Zulu\AppData\Roaming\PC Tools
2009-01-09 18:54 . 2009-01-10 00:52 <KANSIO> d-------- c:\program files\Spyware Doctor
2008-12-30 19:30 . 2009-01-05 17:57 <KANSIO> d-------- c:\users\Zulu\AppData\Roaming\Canon
2008-12-24 16:54 . 2008-12-24 16:54 <KANSIO> d-------- c:\users\All Users\CanonIJPLM
2008-12-24 16:54 . 2008-12-24 16:54 <KANSIO> d-------- c:\programdata\CanonIJPLM
2008-12-24 16:52 . 2008-12-24 16:52 <KANSIO> d-------- c:\users\Zulu\AppData\Roaming\ScanSoft
2008-12-24 16:52 . 2008-12-24 16:52 <KANSIO> d-------- c:\users\All Users\ScanSoft
2008-12-24 16:52 . 2008-12-24 16:52 <KANSIO> d-------- c:\users\All Users\InstallShield
2008-12-24 16:52 . 2008-12-24 16:52 <KANSIO> d-------- c:\programdata\ScanSoft
2008-12-24 16:52 . 2008-12-24 16:52 <KANSIO> d-------- c:\programdata\InstallShield
2008-12-24 16:52 . 2008-12-24 16:52 <KANSIO> d-------- c:\program files\Common Files\ScanSoft Shared
2008-12-24 16:52 . 2008-12-24 16:52 412 --a------ c:\windows\MAXLINK.INI
2008-12-24 16:51 . 2008-12-24 16:51 <KANSIO> d-------- c:\program files\ScanSoft
2008-12-24 16:50 . 2008-12-24 16:50 <KANSIO> d-------- c:\program files\Common Files\CANON
2008-12-24 16:48 . 2008-12-24 16:48 <KANSIO> d--h----- c:\users\All Users\CanonBJ
2008-12-24 16:48 . 2008-12-24 16:48 <KANSIO> d--h----- c:\programdata\CanonBJ
2008-12-24 16:47 . 2008-12-24 16:47 <KANSIO> d--h----- c:\windows\System32\CanonIJ Uninstaller Information
2008-12-24 16:46 . 2007-03-23 09:30 1,400,832 --a------ c:\windows\System32\CNC210C.DLL
2008-12-24 16:46 . 2007-03-18 22:00 215,040 --a------ c:\windows\System32\CNMLM8S.DLL
2008-12-24 16:46 . 2007-03-19 03:16 200,704 --a------ c:\windows\System32\CNC210L.DLL
2008-12-24 16:46 . 2007-03-15 07:12 188,416 --a------ c:\windows\System32\CNC210O.DLL
2008-12-24 16:46 . 2007-03-23 09:29 98,304 --a------ c:\windows\System32\CNC210I.DLL
2008-12-24 16:45 . 2008-12-24 16:45 <KANSIO> d--h----- c:\program files\CanonBJ
2008-12-24 16:45 . 2008-12-24 16:54 <KANSIO> d-------- c:\program files\Canon
2008-12-22 22:41 . 2008-12-23 00:12 <KANSIO> d-------- c:\users\All Users\LightScribe
2008-12-22 22:41 . 2008-12-23 00:12 <KANSIO> d-------- c:\programdata\LightScribe
2008-12-22 22:38 . 2008-12-22 22:49 <KANSIO> d-------- c:\users\Zulu\AppData\Roaming\Nero
2008-12-22 21:38 . 2008-12-22 21:38 4,767 --a------ c:\windows\Irremote.ini
2008-12-22 21:21 . 2008-12-22 21:36 <KANSIO> d-------- c:\program files\Nero
2008-12-22 21:20 . 2008-12-22 21:29 <KANSIO> d-------- c:\users\All Users\Nero
2008-12-22 21:20 . 2008-12-22 21:29 <KANSIO> d-------- c:\programdata\Nero
2008-12-22 21:20 . 2008-12-22 21:52 <KANSIO> d-------- c:\program files\Common Files\Nero
2008-12-18 22:40 . 2009-01-11 20:26 <KANSIO> d-------- c:\program files\PAFPoker
2008-12-18 19:51 . 2008-12-18 19:54 <KANSIO> d-------- c:\program files\PAF Diamond Poker
2008-12-15 21:32 . 2009-01-01 11:43 <KANSIO> d-------- c:\users\Zulu\AppData\Roaming\dvdcss
2008-12-13 16:18 . 2009-01-05 12:17 <KANSIO> d-------- c:\program files\SEGA
2008-12-13 14:06 . 2008-12-13 14:06 <KANSIO> d-------- c:\users\All Users\RTL Winter Sports 2008
2008-12-13 14:06 . 2008-12-13 14:06 <KANSIO> d-------- c:\programdata\RTL Winter Sports 2008
2008-12-13 13:47 . 2008-12-13 14:05 <KANSIO> d-------- c:\program files\RTL Winter Sports 2008
2008-12-12 18:39 . 2008-12-12 18:39 278,728 --a------ c:\windows\System32\drivers\atksgt.sys
2008-12-12 18:39 . 2008-12-12 18:39 25,416 --a------ c:\windows\System32\drivers\lirsgt.sys
2008-12-12 17:30 . 2008-10-22 03:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-12 09:54 . 2008-12-12 09:55 <KANSIO> d-------- c:\users\All Users\Lavasoft
2008-12-12 09:54 . 2008-12-12 09:55 <KANSIO> d-------- c:\programdata\Lavasoft
2008-12-12 09:54 . 2008-12-12 09:54 <KANSIO> d-------- c:\program files\Lavasoft

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-12 07:05 --------- d-----w c:\users\Zulu\AppData\Roaming\uTorrent
2009-01-10 11:24 --------- d-----w c:\program files\CCleaner
2009-01-10 08:09 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-10 08:09 --------- d-----w c:\users\Zulu\AppData\Roaming\vlc
2009-01-10 08:09 --------- d-----w c:\users\Zulu\AppData\Roaming\DAEMON Tools
2009-01-10 08:09 --------- d-----w c:\programdata\FLEXnet
2009-01-10 08:09 --------- d-----w c:\program files\Microsoft Works
2009-01-10 08:09 --------- d-----w c:\program files\Google
2009-01-10 08:09 --------- d-----w c:\program files\Common Files\SureThing Shared
2009-01-10 08:07 --------- d---a-w c:\programdata\TEMP
2009-01-08 17:45 504 ----a-w c:\users\Zulu\AppData\Roaming\wklnhst.dat
2008-12-28 18:10 --------- d-----w c:\program files\Webteh
2008-12-24 14:52 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-22 19:19 --------- d---a-w c:\program files\Common Files\LightScribe
2008-12-21 22:31 --------- d-----w c:\users\Zulu\AppData\Roaming\Roxio
2008-12-13 01:26 --------- d-----w c:\program files\Windows Mail
2008-12-12 07:53 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-11 05:08 173,360,989 ----a-w c:\windows\DUMP7982.tmp
2008-12-09 11:21 --------- d-----w c:\programdata\NVIDIA
2008-12-08 17:56 --------- d-----w c:\program files\B2BPOKER
2008-12-07 08:40 --------- d-----w c:\users\Zulu\AppData\Roaming\Leadertech
2008-12-07 08:22 --------- d-----w c:\program files\EA Sports
2008-12-05 21:53 --------- d-----w c:\program files\Common Files\Adobe
2008-12-05 21:44 --------- d-----w c:\program files\Common Files\Control Panels
2008-12-05 21:42 --------- d-----w c:\programdata\ALM
2008-12-05 21:29 --------- d-----w c:\program files\Bonjour
2008-12-05 21:28 --------- d-----w c:\program files\QuickTime
2008-12-04 19:30 --------- d-----w c:\program files\PokerStars.NET
2008-12-04 12:12 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2008-12-03 16:27 --------- d-----w c:\program files\Rockstar Games
2008-12-03 16:15 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
2008-12-03 13:46 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2008-12-02 13:06 --------- d-----w c:\program files\AGEIA Technologies
2008-11-30 11:13 --------- d-----w c:\program files\Logitech
2008-11-30 11:13 --------- d-----w c:\program files\Common Files\Logitech
2008-11-30 10:54 --------- d-----w c:\users\Zulu\AppData\Roaming\ProtectDisc
2008-11-28 13:35 --------- d-----w c:\program files\DC++
2008-11-28 09:33 --------- d-----w c:\program files\Last.fm
2008-11-26 09:10 --------- d-----w c:\programdata\Last.fm
2008-11-25 15:52 --------- d-----w c:\users\Zulu\AppData\Roaming\Download Manager
2008-11-19 17:58 --------- d-----w c:\program files\Activision
2008-11-18 07:15 --------- d-----w c:\users\Zulu\AppData\Roaming\Notepad++
2008-11-17 16:18 --------- d--h--r c:\users\Zulu\AppData\Roaming\SecuROM
2008-11-17 16:02 --------- d-----w c:\program files\Ubisoft
2008-11-16 17:06 174 --sha-w c:\program files\desktop.ini
2008-11-16 17:04 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-11-16 16:59 --------- d-----w c:\program files\Windows Sidebar
2008-11-16 16:59 --------- d-----w c:\program files\Windows Photo Gallery
2008-11-16 16:59 --------- d-----w c:\program files\Windows Journal
2008-11-16 16:59 --------- d-----w c:\program files\Windows Defender
2008-11-16 16:59 --------- d-----w c:\program files\Windows Collaboration
2008-11-16 16:59 --------- d-----w c:\program files\Windows Calendar
2008-11-16 16:52 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-11-16 16:52 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-11-16 16:41 --------- d-----w c:\program files\DAEMON Tools Toolbar
2008-11-16 12:28 --------- d-----w c:\program files\DAEMON Tools Lite
2008-11-16 12:24 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-11-15 15:21 --------- d-----w c:\program files\VideoLAN
2008-11-13 07:41 --------- d-----w c:\program files\WinSCP
2008-11-13 07:41 --------- d-----w c:\program files\PhotoFiltre
2008-11-13 07:41 --------- d-----w c:\program files\Notepad++
2008-11-12 21:22 --------- d-----w c:\programdata\Microsoft Help
2008-11-11 05:17 428,544 ----a-w c:\windows\System32\EncDec.dll
2008-11-11 05:17 293,376 ----a-w c:\windows\System32\psisdecd.dll
2008-11-11 05:17 269,312 ----a-w c:\windows\System32\es.dll
2008-11-09 12:23 61,440 ----a-w c:\windows\System32\winipsec.dll
2008-11-09 12:23 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL
2008-11-09 12:23 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll
2008-11-09 12:23 272,896 ----a-w c:\windows\System32\polstore.dll
2008-11-09 12:22 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-11-09 12:22 1,695,744 ----a-w c:\windows\System32\gameux.dll
2008-11-09 12:17 303,616 ----a-w c:\windows\System32\wmpeffects.dll
2008-11-09 12:17 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-11-09 12:11 6,656 ----a-w c:\windows\System32\kbd106n.dll
2008-11-09 12:10 988,216 ----a-w c:\windows\System32\winload.exe
2008-11-09 12:10 927,288 ----a-w c:\windows\System32\winresume.exe
2008-11-09 12:10 615,992 ----a-w c:\windows\System32\ci.dll
2008-11-09 12:10 46,592 ----a-w c:\windows\System32\setbcdlocale.dll
2008-11-09 12:10 40,960 ----a-w c:\windows\System32\srclient.dll
2008-11-09 12:10 378,368 ----a-w c:\windows\System32\srcore.dll
2008-11-09 12:10 318,464 ----a-w c:\windows\System32\rstrui.exe
2008-11-09 12:10 19,000 ----a-w c:\windows\System32\kd1394.dll
2008-11-09 12:10 14,848 ----a-w c:\windows\System32\srdelayed.exe
2008-11-09 12:07 443,392 ----a-w c:\windows\System32\win32spl.dll
2008-11-09 12:07 37,888 ----a-w c:\windows\System32\printcom.dll
2008-11-09 12:06 14,848 ----a-w c:\windows\System32\wshrm.dll
2008-11-09 12:05 84,480 ----a-w c:\windows\System32\INETRES.dll
2008-11-09 12:05 738,304 ----a-w c:\windows\System32\inetcomm.dll
2008-11-09 12:05 1,314,816 ----a-w c:\windows\System32\quartz.dll
2008-11-09 12:04 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-11-09 12:04 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-11-08 15:57 319,456 ----a-w c:\windows\DIFxAPI.dll
2008-11-08 15:57 315,392 ----a-w c:\windows\HideWin.exe
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-12_14.35.52,14 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-10 11:05:00 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-01-12 12:35:58 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-01-12 12:35:58 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-01-12 11:22:50 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-12 15:25:05 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-12 11:22:50 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-12 15:25:05 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-12 11:22:50 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-12 15:25:05 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-08-28 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-28 8473120]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-28 81920]
"Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F7E4684A-18AF-4363-BB42-17EA46E9C1A9}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{1C90DAEC-FA73-4138-8736-E8C22ED5FEA0}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{F03AEB78-B2B1-421E-842E-B0C36FD677A2}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F26F9DA2-F696-4573-A59E-42F63B4D70A5}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{30DADED2-E9CC-4AAA-B7B5-D5DB45BC9497}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{2063E22A-65A5-4569-9B72-4C83DB95D742}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{6F638791-26E5-484D-8B01-93566750F71E}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{680C1764-9C57-40AE-8D28-66195B61EC1D}"= UDP:f:\hc kekkonen\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{F3D17EA0-11E1-4F32-9A18-22AB85C5F6EA}"= TCP:f:\hc kekkonen\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{182EB5E1-6D36-4AB8-8261-3CE11EDAC2FB}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{BF50EF09-E5BE-42E7-B787-D606C593FDE9}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"TCP Query User{B21E1FF8-4D01-4755-BC86-F0EFD0BAA369}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= UDP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"UDP Query User{2A264DE6-EC36-440D-9751-0A91123BAEED}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= TCP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"{CBAB0F42-93FF-4195-A56E-59620B820EFB}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{4FBF0AA8-1D53-416A-8FCF-B2B67A80A7AC}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{EC633511-5322-4C37-A64D-A37FDFE2DB3A}"= UDP:3703:Adobe Version Cue CS3 Server
"{38B66995-0BC0-4B45-9ADF-C48544607795}"= UDP:3704:Adobe Version Cue CS3 Server
"{F3BEAC57-3913-435C-861C-ED20E59DA747}"= UDP:50900:Adobe Version Cue CS3 Server
"{BBDA5B3F-E9D2-4C55-A1E2-440ECCE88B38}"= UDP:50901:Adobe Version Cue CS3 Server
"{7BD5E2A2-D943-40CD-8BF3-89F5CEC9D14F}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{0EDEAA78-E5F4-4295-A478-928617AABCAA}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"TCP Query User{992AC84F-2A8C-42F0-B390-975A3C63826D}c:\\program files\\dc++\\dcplusplus.exe"= UDP:c:\program files\dc++\dcplusplus.exeC++
"UDP Query User{9EE5CFE4-3D22-4997-B765-7847C01139F9}c:\\program files\\dc++\\dcplusplus.exe"= TCP:c:\program files\dc++\dcplusplus.exeC++
"TCP Query User{54564D01-C26E-4550-A193-75E390373A4B}c:\\program files\\b2bpoker\\pokerihuone\\jre\\bin\\javaw.exe"= UDP:c:\program files\b2bpoker\pokerihuone\jre\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary
"UDP Query User{91B56B62-83DE-471C-8854-E610D8F8D7A9}c:\\program files\\b2bpoker\\pokerihuone\\jre\\bin\\javaw.exe"= TCP:c:\program files\b2bpoker\pokerihuone\jre\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary
"{AABA550C-DBF4-4C30-9BE4-D40E20D4C288}"= UDP:c:\program files\SEGA\Beijing 2008\Beijing.exe:Beijing 2008™
"{717F340A-611B-4BB7-B6A5-7611544B2ABE}"= TCP:c:\program files\SEGA\Beijing 2008\Beijing.exe:Beijing 2008™
"TCP Query User{C3D5B1EA-B398-49B7-989E-BB5144AEE65E}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{344C9BFD-FF78-422B-80B2-9C8BD87FE7F6}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{9AB1B6E7-4609-4CB3-8D5C-35090CCD8C52}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= UDP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"UDP Query User{BBF1C6E8-98D7-4985-8CE6-769A0E4A4564}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= TCP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"{3A31E5AD-05DA-48A7-99F8-95A5B65CC085}"= UDP:c:\users\Zulu\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{DEAFBDE4-34B5-4A0C-A22D-4C5BF5A05141}"= TCP:c:\users\Zulu\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-01-10 111184]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\System32\drivers\HCW85BDA.sys [2008-11-08 968064]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\System32\drivers\netr73.sys [2008-02-26 493568]
R4 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-01-10 20560]
R4 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-01-10 51792]
R4 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2008-11-08 198240]

--- Muut muistissa olevat ajurit/palvelut ---

*Deregistered* - sptd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bfc2607-adab-11dd-80ca-806e6f6e6963}]
\shell\AutoRun\command - E:\Autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
'Ajoitetut tehtävät'-kansion sisältö

2008-12-22 c:\windows\Tasks\Norton Internet Security - Suorita täyd. järj.tarkistus - Zulu.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe []
.
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=74&bd=Pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=74&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe

c:\windows\Downloaded Program Files\Manager.exe - c:\windows\Downloaded Program Files\DownloadManagerV2.ocx
O16 -: {4871A87A-BFDD-4106-8153-FFDE2BAC2967}
hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
c:\windows\Downloaded Program Files\DownloadManagerV2.inf
FF - ProfilePath - c:\users\Zulu\AppData\Roaming\Mozilla\Firefox\Profiles\4hvypeoz.default\
FF - prefs.js: browser.startup.homepage - www.suomi24.fi
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1361345&SearchSource=2&q=
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-12 17:27:38
Windows 6.0.6001 Service Pack 1 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...


c:\users\Zulu\AppData\Local\Temp\catchme.dll 53248 bytes executable

tarkistus on valmis
piilotetut tiedostot: 1

**************************************************************************
.
Valmistumisajankohta: 2009-01-12 17:29:09
ComboFix-quarantined-files.txt 2009-01-12 15:29:06
ComboFix2.txt 2009-01-12 12:37:00

Ennen ajoa: 184 456 351 744 tavua vapaana
Ajon jälkeen: 184,419,254,272 tavua vapaana

326 --- E O F --- 2009-01-10 13:17:51
En kyllä painanu 1 ja entteriä kun en nähny mistä painaa

 

Kirjoita suorita luukkuun

ComboFix /u

Klikkaa ok

 

nyt poisti comboFixin

 

aja ccleaner

puhdistaja
rekisteri

sammuta ja käynnistä

mikäs on koneen toiminta

 

Annoin olla 5min sammuksissa, kone kännisty, tuli bluescreen, kännisty uudestaan ja tuli vaihtoehdot kännistyksen korjaus ja normaali kännistys, otin normaari käynnistys ni kone lähti käyntiin normaalisti

 

mikäs käyttöjärjestelmä cd on koneen mukana tulut
onkos se efta windows vai recovery cd

 

oli valmiix asennettuna, mut sain huollon kautta kotia 3kpl cd levyjä, Järjestelmän uudelleen asennus1/2 ja 2/2 sekä Supplemental Recovery

 

niin tuo Bluesreen ei oikeen kuulu kuvaan

Tärkeet tuone toiseen osioon turvaan ja korjausasennus

Epäilen kyllä että tuo recovery cd putsaa kaikki pois.
sen takia toiselle osiolle tärkeet suojaan, pois C:\asemalta