Kone aukeaa 30min ja ei vastaa käskyihin

Hei!

Kone aukeaa normaalisti noin 30 minuutin odottelun jälkeen ja tämänkin jälkeen se jumittaa ihan kokonaan. Ainoastaan työpöytä latautuu ja siihen se sitten jää. Ctrl+Alt+Del combokaan ei aukea että pääsisi katsomaan jos jokin syö esimerkiksi kaiken mehun prosessorista. Vikasietotilaan pääsee ja olen AVG:n käynyt läpi ja löytyi kaksi Hijack.StartMenu itemiä.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:50:30, on 15.2.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
E:\HBCD\Wintools\HBCDMenu.exe
C:\DOCUME~1\JRJEST~1\LOCALS~1\Temp\HBCD\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\system32\msconfig.exe /auto
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\DOCUME~1\JRJEST~1\LOCALS~1\Temp\HBCD\Malwarebytes\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Philips SA011 Device Manager.lnk = C:\Program Files\Philips\GoGear SA011 Device Manager\main.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Unibet - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\unibetpokerMPP\MPPoker.exe (HKCU)
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {2873FCBD-7894-4814-8502-8EF052C643D5} (TypingMaster Intra) - http://online3.typingmaster.com/tmonline3/itutor/TMIntra.cab
O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} (IfolorUploader Control) - http://fika-web.ifolor.net/ORDERINGGENERAL/LowRes/app_support/_2_1_2/ActiveX/IfolorUploader_fika.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google-päivityspalvelu (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: SBO - Unknown owner - C:\DOCUME~1\JRJEST~1\LOCALS~1\Temp\SBO.exe (file missing)
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Windows Media Playerin verkkojakamispalvelu (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 10218 bytes

 

.
Yritetään tätäkautta =>
Boot mode: Safe mode with network support

-----------

Mene alapalkista KÄYNNISTÄ ==> SUORITA valikkoon ja kirjoita services.msc OK
Klikkaa Avautuva ikkuna suureksi ja ohjelma saraketta levität niin että näkyy kaikki.

Etsi
COMODO Internet Security Helper Service
SBO
Windows Media Playerin verkkojakamispalvelu


TuplaKlikkaa riviä ja valikosta muutat Käynnistystapa Ei käytössä.
=> Klikkaa käytä => OK Tämän lisäksi klikkaat vasemmalla
puolella olevaa linkkiä Pysäytä palvelu.(tätä ei ole aina)
Poistu ohjelmasta.

----------------------------------------------------------------

Lataa Malwarebytes' Anti-Malware työpöydällesi.

Jos linkki ei toimi, voit ladata myös seuraavista linkeistä:
Linkki1
Linkki2

* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta.
* Jos päivitys löytyy, ohjelma lataa ja asentaa uusimman version.
* Jos päivityksien lataaminen ei onnistu, voit ladata päivitykset TÄSTÄ. Tuplaklikkaa mbam-rules.exe asentaaksesi päivitykset.
* Kun ohjelma on latautunut ja päivitykset tehty, valitse Suorita täysi tarkistus ja klikkaa Tarkista.
* Kun tarkistus on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Poista valitut.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi.[/list]

Huom. Jos Mbam ei pystynyt poistamaan tiedostoa, se pyytää sinua käynnistämään koneesi uudelleen. Käynnistä koneesi silloin uudelleen heti. Mbam voi tehdä muutoksia rekisteriisi osana puhdistusta. Jos käytät suojausohjelmaa, joka havaitsee rekisterin muutokset, salli Mbamin tehdä muutokset.

Lähetä =>
Uusi HJT logi ja
Kopioi Malwarebytes' Anti-Malwaren Logitiedostot välilehdeltä uusin logi tänne.
--------------------------------------------------------------------------


Päivitä ja skannaa Malwarebytes' Anti-Malwarella

* Käynnistä Malwarebytes' Anti-Malware
* Klikkaa päivitys
* Tarkista päivitykset
* Kun ohjelma on latautunut ja päivitykset tehty, valitse Suorita täysi tarkistus ja klikkaa Tarkista.
* Kun tarkistus on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Poista valitut.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi.

Huom. Jos Mbam ei pystynyt poistamaan tiedostoa, se pyytää sinua käynnistämään koneesi uudelleen. Käynnistä koneesi silloin uudelleen heti. Mbam voi tehdä muutoksia rekisteriisi osana puhdistusta. Jos käytät suojausohjelmaa, joka havaitsee rekisterin muutokset, salli Mbamin tehdä muutokset.


Laita Windowsin palomuuri päälle Ohjauspanelin => Windows palomuuri kuvakkeesta.

***************************************************************

* Lataa OTM by OldTimer.
* Tallenna se työpöydällesi.
* Kopioi (CTRL+C) alla olevasta laatikosta kaikki teksti.

Koodi:

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

* Tuplaklikkaa OTM.exe käynnistääksesi sen.
* Paina oikeanpuoleista hiiren nappia vasemmanpuoleisessa laatikossa
* Paste Instructions for Items to be Move-ikkunassa (Keltaisen palkin alla) ja paina Liitä tai (Ctrl+V).
* Paina punaista MoveIt! -nappia.
* Jos jotain tiedostoa/kansiota ei voitu siirtää heti, ohjelma ehdottaa koneen
uudelleenkäynnistystä. Vastaa ehdotukseen Yes, jolloin OtMoveIt
käynnistää koneesi uudelleen.
* Logi avautuu Notepadiin maalaa ja Kopioi se (CTRL+C) ja liitä (CTRL+V) teksti seuraavaan viestiisi.

*********************************************************

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut rivit
(HJT sammuttaa ohjelman ei poista)

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\DOCUME~1\JRJEST~1\LOCALS~1\Temp\HBCD\Malwarebytes\mbam.exe" /runcleanupscript
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

sekä sammuta ne.(fix Chekked) napista.

----------------------------------------------------

Tyhjennä roskakori ja Käynnistä koneesi uudelleen.

Postita tänne seuraavat logit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* OTM logi. Löytyy myös => C:\_OTM kansiosta.
* Kopioi Malwarebytes' Anti-Malwaren Logitiedostot välilehdeltä uusin logi tänne.
*
* Mikä on tilanne ???
*

 

Hei!

Kiitos näin nopeasta vastauksesta! Eli koneen saa jopa nyt käynnistettyä normaalisti! Ei anna vain muutaa resoluutiota. Ei ole valtuuksia siihen. Tehtävienhallinta toimi myös. Sammuminen kestää ihan sikana ja muutenkin tahmaa.

Täs olis kivaa logia luettavaks

___---___

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Tietokantaversio: 5750

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

15.2.2011 17:36:19
mbam-log-2011-02-15 (17-36-19).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistettuja kohteita: 208441
Kulunut aika: 15 minuutti(a), 4 sekunti(a)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 1
Saastuneita rekisteriarvoja: 1
Saastuneita rekisterikohteita: 0
Saastuneita kansioita: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Ei haitallisia kohteita)

Saastuneita muistimoduuleja:
(Ei haitallisia kohteita)

Saastuneita rekisteriavaimia:
HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Saastuneita rekisterikohteita:
(Ei haitallisia kohteita)

Saastuneita kansioita:
(Ei haitallisia kohteita)

Saastuneita tiedostoja:
(Ei haitallisia kohteita)

__---___

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Järjestelmänvalvoja
->Temp folder emptied: 22445703 bytes
->Temporary Internet Files folder emptied: 16224293 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 53840302 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 5895 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 5532494 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2351380 bytes
%systemroot%\System32 .tmp files removed: 10004950 bytes
%systemroot%\System32\dllcache .tmp files removed: 141056 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 64481262 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 167,00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 02152011_174035

___---___

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:58:15, on 15.2.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: Philips SA011 Device Manager.lnk = C:\Program Files\Philips\GoGear SA011 Device Manager\main.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Unibet - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\unibetpokerMPP\MPPoker.exe (HKCU)
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {2873FCBD-7894-4814-8502-8EF052C643D5} (TypingMaster Intra) - http://online3.typingmaster.com/tmonline3/itutor/TMIntra.cab
O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} (IfolorUploader Control) - http://fika-web.ifolor.net/ORDERINGGENERAL/LowRes/app_support/_2_1_2/ActiveX/IfolorUploader_fika.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google-päivityspalvelu (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 9810 bytes

KIITOS!

 

.
Mene Windowsin ControlPaneliin (Ohjauspaneli) ja sieltä Lisää / Poista sovellus
Vistassa (7) Ohjelmat ja toiminnot
Etsi ja poista ohjelma jonka nimessä on:

Google Toolbar
Google Toolbar Notifier
Google Dictionary Compression sdch

------------------------------------------------------------------

Ole hyvä ja lataa Combofix yhdestä alla olevista linkeistä:

Linkki 3

* TÄRKEÄÄ !!! Tallenna ComboFix.exe työpöydällesi

* Sulje/ota pois päältä kaikki virustorjunta- ja haittaohjelmien poisto-ohjelmat, jotta ne eivät häiritse ComboFixin ajoa.
(ei palomuuria)
* Tuplaklikkaa Combofix.exe ja noudata ohjeita.

* Osana skannausta Combofix tarkistaa onko palautuskonsoli asennettuna. Nykypäivän haittaohjelmien takia on erittäin suositeltua olla asennettuna palautuskonsoli ennen haittaohjelmien poistoa. Windowsin palautuskonsoli mahdollistaa käynnistyksen erityiseen palautustilaan. Palautuskonsolin kautta voimme auttaa sinua helpommin mikäli haittaohjelmien poiston yhteydessä ilmenee ongelmia.

* Seuraa ohjeita ja salli Combofixin ladata ja asentaa Microsoftin palautuskonsoli, ja kun pyydetään, hyväksy ohjelman takuuehdot asentaaksesi palautuskonsolin.

**Huomaa: Jos palautuskonsoli on jo asennettuna, Combofix jatkaa eteenpäin.



Kun Microsoftin palautuskonsoli on asennettu, sinun pitäisi nähdä seuraava viesti:



Klikkaa Kyllä jatkaaksesi skannausta.

Varoitus: ÄLÄ aja ComboFixia ilman valvontaa. Se ei ole lelu ja sitä ei tule käyttää rutiininomaisesti päivittäin.

Jos tarvitset apua, katso yksityiskohtaisempi ohje:
http://www.bleepingcomputer.com/combofix/fi/combofixin-kayttoohje

Kun ComboFix on valmis, se luo raportin. Ole hyvä ja kopioi/liitä
seuraavat raportit vastaukseesi:

-------------------------------------------------------

Poista ne rivit jotka ovat vielä jäljellä:

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut rivit
(HJT sammuttaa ohjelman ei poista)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {2873FCBD-7894-4814-8502-8EF052C643D5} (TypingMaster Intra) - http://online3.typingmaster.com/tmonline3/itutor/TMIntra.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

sekä sammuta ne.(fix Chekked) napista.

----------------------------------------------------

Tyhjennä roskakori ja Käynnistä koneesi uudelleen.

Poista kansio/t, jos löytyy:
C:\Program Files\Google\Google Toolbar\
C:\Program Files\Google\GoogleToolbarNotifier\

Postita tänne seuraavat logit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* C:\ComboFix.txt raportti
*
* Mikä on tilanne ???
*

 

Lisää tai poista sovellus sanoo näin

"Windows ei voi käyttää määritettyä laitetta, polkua tai tiedostoa. Sinulla ei ehkä ole tarvittavia käyttöoikeuksia"

Samaa sanoo tuo kun yrittää resoluutiota vaihtaa. Onneksi sain sitä muokattu atin paneelin kautta.

Windows palomuuri ei mene päälle sanoo että ICS palvelua ei saada käynnistetyä ja COMODO kanssa herjaa ongelmaa.

ComboFix ei tykkää AVG:sta eli ei pysty tekemään skannia jos se asennettu joten poistan sen ainakin väliaikaisesti. Mitä ilmaisia palomuuri/virustorjuntaohjelmia suosittelisit?

Huhuh! AVG ei tykännyt MILLÄÄN poistua mutta vähän rekisteriä muokkaamalla onnistu

Kone kyllä sammuu nyt pal nopeemmin mutta ei vielä lupia muutella esim. resoluutiota tai poistella ohjelmia :/

ComboFix:

ComboFix 11-02-15.01 - Järjestelmänvalvoja 15.02.2011 19:59:12.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.358.1035.18.2047.1647 [GMT 2:00]
Sijainti: c:\documents and settings\Järjestelmänvalvoja\Työpöytä\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\10070ha5ktzol987.bin
c:\windows\10309vizus945.cpl
c:\windows\10602s9z3c95.ocx
c:\windows\10925trzj1b.exe
c:\windows\10adb9ckzoor2525.ocx
c:\windows\10ezdownl5ade91561.dll
c:\windows\1128s9yw5re2z79.exe
c:\windows\114st9az22305.ocx
c:\windows\11798sz95bot240.dll
c:\windows\11850wz5m439.bin
c:\windows\11z3no9-5-virus5b3.cpl
c:\windows\12175tzoj1b9.cpl
c:\windows\12738spy59z.bin
c:\windows\1315zspy9dd.cpl
c:\windows\1384spzrse2559.bin
c:\windows\13f7szyware5799.dll
c:\windows\13z35h9cktool431.cpl
c:\windows\1419v5r2461z.cpl
c:\windows\142239z5m3a1.ocx
c:\windows\1476s5ambotz09.exe
c:\windows\15553spy953z.cpl
c:\windows\15752n9t-azvirus7d55.exe
c:\windows\1591tzre9t29170.dll
c:\windows\15969zpy5d1.dll
c:\windows\15bzaddware1619.bin
c:\windows\15e9v9r555z.dll
c:\windows\1635zot-a-virus399.dll
c:\windows\165dz5eal1395.bin
c:\windows\165z9teal5869.ocx
c:\windows\16797vzru5569.exe
c:\windows\1685zackdo951064.cpl
c:\windows\16dzsp5war92249.cpl
c:\windows\16f2st5al3129z.cpl
c:\windows\17424n9t-azvirus5ed.exe
c:\windows\178bzo9nloade52968.cpl
c:\windows\18056n9t-a-virus16fz.dll
c:\windows\1825ztroj97f.exe
c:\windows\1846addw5r928z5.ocx
c:\windows\1879ad9waze458.bin
c:\windows\18994wo5z9ea.cpl
c:\windows\1899not-a-vi5us49z.cpl
c:\windows\1936znot-a-virus653.cpl
c:\windows\195zthie9625.dll
c:\windows\1975s5zal21889.cpl
c:\windows\19804hackto5z2249.ocx
c:\windows\19909hacktzol9d35.cpl
c:\windows\19970vir5s4z6.ocx
c:\windows\19977hac9to5z42e.cpl
c:\windows\1a129ddzar51875.bin
c:\windows\1aa0b95kdoor30z8.exe
c:\windows\1b69a9dzare5079.cpl
c:\windows\1b95sz9al936.bin
c:\windows\1b99addwarz655.bin
c:\windows\1c05s5arsz29589.exe
c:\windows\1c2bspars51920z.ocx
c:\windows\1ce2tz59f1755.exe
c:\windows\1eb2th5ez9259.cpl
c:\windows\1fe5vzr55269.dll
c:\windows\1fee5h9zf28.bin
c:\windows\1z14hackt9ol6155.ocx
c:\windows\1z458tr5jca9.bin
c:\windows\1zf5backdoor19509.bin
c:\windows\20152t9oj599z.ocx
c:\windows\20z019pa5bot432.exe
c:\windows\213855ro9ze.ocx
c:\windows\2153troj2z9.dll
c:\windows\21859sp5mbzt775.ocx
c:\windows\22095vizus35a.cpl
c:\windows\22413hackt95l17ez.bin
c:\windows\22622virz55379.ocx
c:\windows\2285virz193.dll
c:\windows\22992zpamb5t7dd.exe
c:\windows\229c9pywa5z3098.cpl
c:\windows\2335z5roj5b9.dll
c:\windows\23b3ad9wz5e2787.ocx
c:\windows\24439a5kdooz1689.dll
c:\windows\247sp5mbotz39.ocx
c:\windows\25015no9-a5vzrus16f.bin
c:\windows\25051n9t-z-virusb95.cpl
c:\windows\2512vzru5695.ocx
c:\windows\25360troj3za9.dll
c:\windows\2544zpyware3129.ocx
c:\windows\2551spars92595z.bin
c:\windows\25522not-a9virusz2d.bin
c:\windows\25697z9cktool597.cpl
c:\windows\2575t9ief16z4.cpl
c:\windows\257839irus6z4.bin
c:\windows\25792not-z-5irus174.exe
c:\windows\25929virus9zb.cpl
c:\windows\25bcspy9are1z52.dll
c:\windows\2604stzal5689.dll
c:\windows\2632z5roj9f9.bin
c:\windows\26358not-9-viruszd5.bin
c:\windows\26d5spywar92869z.exe
c:\windows\26z119pambot597.cpl
c:\windows\27018no5-azvirus759.cpl
c:\windows\27140no5-9-viruszc3.dll
c:\windows\2728z5irus439.ocx
c:\windows\27833spambzt59a.cpl
c:\windows\27z825ac9tool662.exe
c:\windows\28050no9-a-virzs132.ocx
c:\windows\28091spy35z.exe
c:\windows\280no9-a-viruz735.exe
c:\windows\287289ir5s5zd.dll
c:\windows\28fethief295z.ocx
c:\windows\28z29spy57.bin
c:\windows\290659orm5zf.cpl
c:\windows\29466s9ambotza5.cpl
c:\windows\2950steal21z9.cpl
c:\windows\29533not-a-v5zus5e8.cpl
c:\windows\29826spambo5107z.ocx
c:\windows\2989zwo5m4f9.bin
c:\windows\29zfthreat10564.exe
c:\windows\2abcb9czd5or2900.exe
c:\windows\2b09baczdoor2589.ocx
c:\windows\2b26spyw95z3092.exe
c:\windows\2b679pyware5726z.dll
c:\windows\2c4ezp5rs91078.cpl
c:\windows\2de2thie53z269.exe
c:\windows\2e0asteal29z15.bin
c:\windows\2z05downloader1392.exe
c:\windows\2z10sp9mbo574a.cpl
c:\windows\2z591not-a-virus4.bin
c:\windows\2z5aaddware3960.dll
c:\windows\2z819h5cktool75c.dll
c:\windows\2zb8back95or1661.ocx
c:\windows\30939spambot745z.dll
c:\windows\30e0d5wnloa9erz520.cpl
c:\windows\30z2spambot595.exe
c:\windows\3138z5pambot6159.dll
c:\windows\31445wormz99.exe
c:\windows\31509troz955.ocx
c:\windows\31992v9ruz35c.bin
c:\windows\31z05p953b.dll
c:\windows\3239ad9wzre753.cpl
c:\windows\32696sp5mbot5bz.dll
c:\windows\32758sp515z9.dll
c:\windows\32b9bazkdoor2558.ocx
c:\windows\3359acktool520z.exe
c:\windows\3550zorm49f.ocx
c:\windows\3599z5eal2426.dll
c:\windows\35e4virz1925.exe
c:\windows\364zspar5e2499.ocx
c:\windows\369ir5s18z.bin
c:\windows\3835tzrea581229.dll
c:\windows\3918vzru950f.exe
c:\windows\39264ha5ktool30z.dll
c:\windows\39621hac5toolzf3.ocx
c:\windows\3965t9rzat2062.dll
c:\windows\39f65ownloader178z.ocx
c:\windows\3bz8backdoor2579.bin
c:\windows\3c0b95zdoor1056.bin
c:\windows\3c64z5r2695.exe
c:\windows\3eb5sz5al9919.cpl
c:\windows\3ffbt9ief757z.ocx
c:\windows\3z477t9o5480.ocx
c:\windows\3z591s59mbot593.ocx
c:\windows\3z594virus195.dll
c:\windows\407ft9reat23z035.exe
c:\windows\408f9hze534.bin
c:\windows\42f9thi5f28z5.bin
c:\windows\452ddownload95z86.bin
c:\windows\4559s5ywaze2701.cpl
c:\windows\45c395dwzre1970.dll
c:\windows\45fs5ywa9e2z23.cpl
c:\windows\460wzrm659.ocx
c:\windows\48e0s9eal5836z.bin
c:\windows\4947spy91z5.exe
c:\windows\499cthze5188.cpl
c:\windows\49afthre5z28704.bin
c:\windows\49d5bacz5oor1594.dll
c:\windows\4a25spars931z25.ocx
c:\windows\4a5z5parse9240.dll
c:\windows\4a8dsparz93532.exe
c:\windows\4abethrza9224455.ocx
c:\windows\4accsp5rze26269.bin
c:\windows\4af5vir9z50.cpl
c:\windows\4b69thie521z9.dll
c:\windows\4b7fad5war9156z.bin
c:\windows\4b99paz5e741.dll
c:\windows\4f0cstzal9055.exe
c:\windows\4f169zeal5968.exe
c:\windows\4fz5spyw9re956.exe
c:\windows\4z1bbackdoor3059.ocx
c:\windows\50179zirus7ef.dll
c:\windows\5095zhief919.dll
c:\windows\50fdspyware3z039.dll
c:\windows\52674noz-a-virus499.dll
c:\windows\52835rojz9.bin
c:\windows\5289spamboz49c.ocx
c:\windows\52934hacztool11.ocx
c:\windows\52949spam9oz408.bin
c:\windows\5299backdoor2915z.exe
c:\windows\535znot-a-vir5s59a.bin
c:\windows\53b4thz9f1334.bin
c:\windows\53eds59waze586.cpl
c:\windows\547czownloa9er1.exe
c:\windows\54800v9rus23z.dll
c:\windows\5511zpy9are23395.ocx
c:\windows\551zt95ef29.dll
c:\windows\5522zroj4019.bin
c:\windows\5578t5rezt19499.cpl
c:\windows\5590backdoo519z5.bin
c:\windows\55d7dowzloade91475.ocx
c:\windows\55z1troj519.ocx
c:\windows\55z8sp980.exe
c:\windows\5611troj793z.dll
c:\windows\5675hazktoo59e2.exe
c:\windows\56z9tro9401.ocx
c:\windows\57509p562z.dll
c:\windows\5799thzef25985.ocx
c:\windows\5853a9dzare2961.bin
c:\windows\590z4worm3f5.cpl
c:\windows\592za9dware5690.bin
c:\windows\59445z9rse2388.bin
c:\windows\5966st5az1562.dll
c:\windows\5968not-a-5iruszdb.bin
c:\windows\596fthief9987z.bin
c:\windows\59z54virus291.cpl
c:\windows\5a1fzddw9re29005.bin
c:\windows\5b00spyware598z9.exe
c:\windows\5b88down5oazer9212.dll
c:\windows\5baz5dd9are1591.bin
c:\windows\5bz9b5ckdoor1623.exe
c:\windows\5c89addware2z94.cpl
c:\windows\5dc59ddware311z.exe
c:\windows\5e54t9iez327.exe
c:\windows\5f63bac9door258z.exe
c:\windows\5f89downlozder1269.dll
c:\windows\5z49downl5ad9r3010.bin
c:\windows\5z69tr9j250.exe
c:\windows\5z8e9hief723.bin
c:\windows\5zabdownloader908.bin
c:\windows\5zbbs5ars9613.bin
c:\windows\5ze9ddware2879.dll
c:\windows\6237n9t-5-zirus662.bin
c:\windows\628cviz1596.dll
c:\windows\634cste951208z.ocx
c:\windows\639cvirz450.bin
c:\windows\652vz9135.cpl
c:\windows\6595zddware1214.bin
c:\windows\65995zief1721.dll
c:\windows\65a4zir1919.ocx
c:\windows\65zesteal139.cpl
c:\windows\6653zownload9r530.dll
c:\windows\6683szarse25259.dll
c:\windows\66e5thre95z56.bin
c:\windows\6889sparsz29355.exe
c:\windows\6945threzt17602.bin
c:\windows\6b86downloadez2395.cpl
c:\windows\6c69azdware3532.ocx
c:\windows\6dz7spyw5re294.exe
c:\windows\6e3fth5zf2994.cpl
c:\windows\6z03not-5-virus2869.cpl
c:\windows\6z7ddownlo59er645.exe
c:\windows\72c95ir102z.exe
c:\windows\7559szyware2507.bin
c:\windows\7595baczdoor5869.ocx
c:\windows\75z5downloa9er2222.bin
c:\windows\7629backdozr26305.ocx
c:\windows\7694not95-virzs79f.bin
c:\windows\775zacktoo5919.bin
c:\windows\7760thizf52889.cpl
c:\windows\78zvi59951.ocx
c:\windows\79f7spaz9e2945.ocx
c:\windows\79f8tz95f2546.bin
c:\windows\79z1spy495.bin
c:\windows\7b70back59orz916.cpl
c:\windows\7c53spa9se29z5.bin
c:\windows\7dbbthreatz9575.exe
c:\windows\7e5d9ack5ozr965.ocx
c:\windows\7f66do9nzoad5r958.ocx
c:\windows\7z3c95ckdoor2852.dll
c:\windows\7ze7back9oor5340.exe
c:\windows\81z9hacktoole5.exe
c:\windows\8284not-z-vir5s59a.ocx
c:\windows\8295virus4z95.cpl
c:\windows\8379worm548z.exe
c:\windows\8519t9oj46cz.dll
c:\windows\8596tr9jz12.dll
c:\windows\8859wzrm543.cpl
c:\windows\88fbackdoo913z25.exe
c:\windows\8955worz65a.bin
c:\windows\904zworm59.ocx
c:\windows\9143zroj575.bin
c:\windows\92425tzoj6e7.exe
c:\windows\9253addwarz2514.bin
c:\windows\9349do5nzoader1198.bin
c:\windows\93525pazse2147.bin
c:\windows\94233spyzf5.exe
c:\windows\94347trzj265.ocx
c:\windows\9449spam9otza65.dll
c:\windows\95088noz5a-virus365.exe
c:\windows\9511zspambotf9.cpl
c:\windows\952bspyware1z8.ocx
c:\windows\9545h5cktool55z.cpl
c:\windows\95660vi5uz176.dll
c:\windows\95z9troj65c.exe
c:\windows\962z5ir1652.exe
c:\windows\9653threat2z598.dll
c:\windows\9764zspy59.cpl
c:\windows\97925spy25z.ocx
c:\windows\9905spambot1za.ocx
c:\windows\9907thizf31045.cpl
c:\windows\993zh5eat23734.dll
c:\windows\9954zorm653.cpl
c:\windows\99603not5a-virus5zc.ocx
c:\windows\9c19st5al15z2.bin
c:\windows\9c55add5are311z.exe
c:\windows\9c84thr5az25250.ocx
c:\windows\9ca8zhreat453.ocx
c:\windows\9f16stealz415.exe
c:\windows\9f5bbackdooz5125.bin
c:\windows\9fbs5arse28z9.exe
c:\windows\9z2ad5ware3172.cpl
c:\windows\9z49spa5bot3a3.exe
c:\windows\a509hief55z.ocx
c:\windows\af25hief1z19.ocx
c:\windows\b59steaz1546.exe
c:\windows\b75down9oade51758z.exe
c:\windows\bb5thiez390.dll
c:\windows\cf5th9ez779.bin
c:\windows\dfdt9ie523z9.exe
c:\windows\dzaaddw95e1549.dll
c:\windows\e54vi9295z.dll
c:\windows\e73z5dwa9e978.dll
c:\windows\e9t5iefz69.bin
c:\windows\f12v5rz908.cpl
c:\windows\f95ownzoa9er994.bin
c:\windows\fb9zteal1455.exe
c:\windows\system32\10389spam9oz53b5.bin
c:\windows\system32\10711hacktoz59b6.ocx
c:\windows\system32\1094zhre5t19957.cpl
c:\windows\system32\11341woz9475.cpl
c:\windows\system32\1178znot-a-9iru565e.exe
c:\windows\system32\119z9w5rm5ec.exe
c:\windows\system32\11f0addwar5z379.ocx
c:\windows\system32\1249szy9d5.bin
c:\windows\system32\12894hacktzo9557.exe
c:\windows\system32\12966t5oz96.ocx
c:\windows\system32\12bthiz91835.bin
c:\windows\system32\1320zspambot4599.bin
c:\windows\system32\1449szyw59e841.ocx
c:\windows\system32\14596zacktoo93f0.exe
c:\windows\system32\148z7spam9o51f5.bin
c:\windows\system32\14baa9dw5rez950.exe
c:\windows\system32\15126w9zm795.exe
c:\windows\system32\15189zacktool621.cpl
c:\windows\system32\15266nzt-5-viru9525.exe
c:\windows\system32\15590sp5mbotz16.exe
c:\windows\system32\155999ormz05.cpl
c:\windows\system32\15805worm9z8.exe
c:\windows\system32\1580vi93z53.cpl
c:\windows\system32\15947worm4zc.dll
c:\windows\system32\1597threat52558z.dll
c:\windows\system32\15988tzoj258.bin
c:\windows\system32\16129hacktozl75b.cpl
c:\windows\system32\16228hac5t9ol7z7.dll
c:\windows\system32\1649zspambot57e.dll
c:\windows\system32\1696addwa5e7z4.bin
c:\windows\system32\16a3zpyw5re9182.bin
c:\windows\system32\17418no5-9-virzs558.cpl
c:\windows\system32\1755worm5z9.exe
c:\windows\system32\17912not-a-vi5u9zfc.cpl
c:\windows\system32\17ft5reatz02389.exe
c:\windows\system32\180zstea91555.cpl
c:\windows\system32\18158sp942z5.ocx
c:\windows\system32\1822zroj5cb9.cpl
c:\windows\system32\18315z59us719.cpl
c:\windows\system32\18968w9rz5d2.bin
c:\windows\system32\189z3hacktool5df.bin
c:\windows\system32\19109t5zj4be.dll
c:\windows\system32\19123t5oz87.ocx
c:\windows\system32\192545zruse9.dll
c:\windows\system32\19775szy52c.cpl
c:\windows\system32\199989ack5ozl1c4.cpl
c:\windows\system32\19hackzoo5966.ocx
c:\windows\system32\1c14zi95251.dll
c:\windows\system32\1c39zteal2577.cpl
c:\windows\system32\1d95az5ware2673.bin
c:\windows\system32\1d95sparze995.exe
c:\windows\system32\1dff5hief2z94.bin
c:\windows\system32\1e32bazk5oo9504.cpl
c:\windows\system32\1e79zhie52824.bin
c:\windows\system32\1e90spywa9z8825.bin
c:\windows\system32\1e95vi51z32.ocx
c:\windows\system32\1eb5parse9527z.ocx
c:\windows\system32\1z240troj395.ocx
c:\windows\system32\1z782worm259.exe
c:\windows\system32\1z94viru95cd.bin
c:\windows\system32\1zb0ba9k5oor270.cpl
c:\windows\system32\2029szywa5e1614.bin
c:\windows\system32\20815virus957z.exe
c:\windows\system32\209z0s5962.ocx
c:\windows\system32\209z3h5cktool982.bin
c:\windows\system32\21t9o53zc.ocx
c:\windows\system32\21z17no5-a-vi9usc5.bin
c:\windows\system32\22492ha9kt5olzc4.bin
c:\windows\system32\2251b5ckdozr1589.dll
c:\windows\system32\22534no5-a-viruz5c49.bin
c:\windows\system32\229ft5reat19z7.bin
c:\windows\system32\22e5thz9f5243.cpl
c:\windows\system32\22z15hreat68209.cpl
c:\windows\system32\23275virzs699.dll
c:\windows\system32\23562trzj5609.ocx
c:\windows\system32\23571t5oj49z.cpl
c:\windows\system32\24338sp95z6.exe
c:\windows\system32\24389ozm5e.exe
c:\windows\system32\24935hzcktool729.ocx
c:\windows\system32\24993v95zs634.exe
c:\windows\system32\24bfstea9z085.dll
c:\windows\system32\24z92t9oj1b35.bin
c:\windows\system32\25059zarse5953.cpl
c:\windows\system32\25410sp5mbot9z4.cpl
c:\windows\system32\255zv9r2412.bin
c:\windows\system32\25845viru91z5.dll
c:\windows\system32\25895s9azbot33b.ocx
c:\windows\system32\25959spy5z4.exe
c:\windows\system32\2599zreat5425.exe
c:\windows\system32\259zsteal912.dll
c:\windows\system32\26953z9oj625.ocx
c:\windows\system32\26z04vi5us955.cpl
c:\windows\system32\27795wormz9e.dll
c:\windows\system32\27859spzm9ot2e2.dll
c:\windows\system32\28036not-az59rus53d.dll
c:\windows\system32\28656no5-a-viru91za.dll
c:\windows\system32\29052wormz9f.bin
c:\windows\system32\290z45ot-a-virus345.exe
c:\windows\system32\29135trzj21d.dll
c:\windows\system32\29355n5t-9-zirus358.bin
c:\windows\system32\29529worm1dz.dll
c:\windows\system32\296689ackz5ol455.bin
c:\windows\system32\29680vi9us45z.cpl
c:\windows\system32\29946not-a-vzrusc55.ocx
c:\windows\system32\2995addwzre566.cpl
c:\windows\system32\29a85pywzre18859.ocx
c:\windows\system32\2c39thiefz551.bin
c:\windows\system32\2d92zp5ware432.exe
c:\windows\system32\2da1sp95se869z.exe
c:\windows\system32\2ed5ste5l19z6.exe
c:\windows\system32\2efbback5oz9348.dll
c:\windows\system32\2faz5ir9392.ocx
c:\windows\system32\2z118wo9m6b5.exe
c:\windows\system32\2z308troj509.bin
c:\windows\system32\2z59roj255.bin
c:\windows\system32\2z719viru5d9.cpl
c:\windows\system32\2z759spy758.dll
c:\windows\system32\2z8965py918.exe
c:\windows\system32\2z977tr5j420.dll
c:\windows\system32\30258t59j5za.dll
c:\windows\system32\30341vi9u5zca.cpl
c:\windows\system32\3059not-a-vi5us6az9.cpl
c:\windows\system32\30867h59ktool74z.ocx
c:\windows\system32\30905hre9t29z4.exe
c:\windows\system32\309thizf5614.ocx
c:\windows\system32\30z40spambot9155.ocx
c:\windows\system32\30z5spywa9e671.dll
c:\windows\system32\316steal2095z.dll
c:\windows\system32\31z09h9c5tool82.cpl
c:\windows\system32\3206vir91z65.dll
c:\windows\system32\3229zspambo529f.ocx
c:\windows\system32\32317not5a-virus9fz.exe
c:\windows\system32\3299vi5us1c6z.bin
c:\windows\system32\3328s9ambo5655z.ocx
c:\windows\system32\33ae5zreat1719.ocx
c:\windows\system32\33c5backdooz9531.bin
c:\windows\system32\33e25paz9e3033.cpl
c:\windows\system32\34a7spzr9e5553.dll
c:\windows\system32\34b3spyz5re22419.exe
c:\windows\system32\35099irz361.bin
c:\windows\system32\3558spy96bz.cpl
c:\windows\system32\39215py40z9.exe
c:\windows\system32\39425troj5az.ocx
c:\windows\system32\39656hackzool6ba.exe
c:\windows\system32\39985ownloader271z.bin
c:\windows\system32\3b9asteal21z5.ocx
c:\windows\system32\3cb9thi9f3256z.bin
c:\windows\system32\3dbfzh5eat9779.exe
c:\windows\system32\3ec1downloaz5r1939.bin
c:\windows\system32\3f0cthrea924z245.exe
c:\windows\system32\3f65d9wnlo5der3z0.dll
c:\windows\system32\3z3975py38b.cpl
c:\windows\system32\3z519troj9ac.cpl
c:\windows\system32\3z556spambot95a.bin
c:\windows\system32\3zd9thief9105.exe
c:\windows\system32\4015zr9at18946.dll
c:\windows\system32\40e9tzie51347.cpl
c:\windows\system32\419dthief5z139.dll
c:\windows\system32\4231steaz5595.exe
c:\windows\system32\4289th9zf459.dll
c:\windows\system32\43b7szea5629.bin
c:\windows\system32\45059pyware2531z.ocx
c:\windows\system32\4509addw9re215z.ocx
c:\windows\system32\450ath9zat7859.bin
c:\windows\system32\450cbackz95r2957.exe
c:\windows\system32\454bspzware1069.dll
c:\windows\system32\459dszyware2564.exe
c:\windows\system32\45cfsteaz1981.exe
c:\windows\system32\45fdsp9ware277z.dll
c:\windows\system32\46369ow5loazer889.ocx
c:\windows\system32\4655vi9168z.exe
c:\windows\system32\48z75ddware1937.exe
c:\windows\system32\4953spambzt209.exe
c:\windows\system32\4990t5zeat31233.bin
c:\windows\system32\4997addware45z.exe
c:\windows\system32\49c8st5zl599.ocx
c:\windows\system32\4azbsteal90815.dll
c:\windows\system32\4b28d5wzl9ader1508.dll
c:\windows\system32\4b825zyware1389.cpl
c:\windows\system32\4cz5sparse3059.bin
c:\windows\system32\4d51ad5wa9e291z.dll
c:\windows\system32\4dd8spa95e1z51.bin
c:\windows\system32\4fd69hr5at81z8.dll
c:\windows\system32\4z4059ief2044.cpl
c:\windows\system32\5005sp5rsz97.cpl
c:\windows\system32\502thief8z9.exe
c:\windows\system32\5066spywaze9553.cpl
c:\windows\system32\50csze9l105.bin
c:\windows\system32\50ebdownl95der770z.cpl
c:\windows\system32\51577szambo9567.dll
c:\windows\system32\519fbackdooz20025.dll
c:\windows\system32\5246addwaz91222.cpl
c:\windows\system32\52bastea52z92.bin
c:\windows\system32\5386thzef2392.bin
c:\windows\system32\53f2threat1z7659.dll
c:\windows\system32\54406szambot495.bin
c:\windows\system32\5525zormc29.ocx
c:\windows\system32\555steal2z98.cpl
c:\windows\system32\555zdownloader3195.bin
c:\windows\system32\55bthie920z2.dll
c:\windows\system32\55z9hac9tool7c1.exe
c:\windows\system32\562ezown5oad9r2821.ocx
c:\windows\system32\56362spazbot239.dll
c:\windows\system32\56452spambotz9f.exe
c:\windows\system32\5659st5az2591.exe
c:\windows\system32\5699threat1z292.dll
c:\windows\system32\5699tr5j1zd.ocx
c:\windows\system32\56z9threat293775.dll
c:\windows\system32\58299hiefz859.dll
c:\windows\system32\58494zpy3b19.cpl
c:\windows\system32\585d5dz9are862.ocx
c:\windows\system32\5876doznload9r3250.bin
c:\windows\system32\58802spy3d9z.exe
c:\windows\system32\5889zpy9d9.cpl
c:\windows\system32\58d3spy9aze1539.exe
c:\windows\system32\5905t9ief1z515.dll
c:\windows\system32\5915threaz1942.ocx
c:\windows\system32\5943thre9t201z6.bin
c:\windows\system32\5956zno9-a-virus118.cpl
c:\windows\system32\5958down9oadzr343.cpl
c:\windows\system32\595downloader9z29.bin
c:\windows\system32\597bvzr3248.bin
c:\windows\system32\5995thief22z6.dll
c:\windows\system32\5a99tz9ef662.dll
c:\windows\system32\5a9sparze1659.exe
c:\windows\system32\5b09tzief743.dll
c:\windows\system32\5b58down9oadez2931.ocx
c:\windows\system32\5b92vir651z.ocx
c:\windows\system32\5b92zir2431.ocx
c:\windows\system32\5b94thi5z1657.dll
c:\windows\system32\5cddbackdozr15955.bin
c:\windows\system32\5d59szeal194.ocx
c:\windows\system32\5ddthreat19z979.ocx
c:\windows\system32\5dz9down5oader1737.exe
c:\windows\system32\5e9athrzat20656.bin
c:\windows\system32\5f0zs5ea92029.ocx
c:\windows\system32\5z359p5ware1215.cpl
c:\windows\system32\5z54spa59ot534.exe
c:\windows\system32\5z7spy9are144.ocx
c:\windows\system32\5zcdsp59se192.ocx
c:\windows\system32\5zd4threat157819.cpl
c:\windows\system32\6017addza9e5998.dll
c:\windows\system32\60cbste593z0.ocx
c:\windows\system32\61945pamzot6b9.cpl
c:\windows\system32\6199tzoj56.cpl
c:\windows\system32\61fbdownloader9z35.cpl
c:\windows\system32\6256zownloader9158.exe
c:\windows\system32\6345t9rezt256085.bin
c:\windows\system32\634et9z5at8200.bin
c:\windows\system32\6415sp9rse2193z.ocx
c:\windows\system32\6521back9oorz1045.exe
c:\windows\system32\6796spyware5501z.dll
c:\windows\system32\68f5th95z1819.ocx
c:\windows\system32\6c4z95eal3024.dll
c:\windows\system32\6ca99parze2596.cpl
c:\windows\system32\6dazs9ars51987.exe
c:\windows\system32\6e539ddwarz1713.bin
c:\windows\system32\6zf5vir2179.exe
c:\windows\system32\7039zpy358.exe
c:\windows\system32\7095ad5wzre2229.cpl
c:\windows\system32\7266hazkto5l5ed9.bin
c:\windows\system32\726dztea930415.ocx
c:\windows\system32\7275spzw9re263.bin
c:\windows\system32\72e9back9o5r1z83.exe
c:\windows\system32\7368down9oader5109z.dll
c:\windows\system32\7378spam5oz1289.exe
c:\windows\system32\740bstzal16295.cpl
c:\windows\system32\759a9hrezt1450.ocx
c:\windows\system32\75e4s9zal2927.cpl
c:\windows\system32\7665backdo9r52z.bin
c:\windows\system32\7799tzreat54705.ocx
c:\windows\system32\7832zorm915.bin
c:\windows\system32\785bthizf5947.cpl
c:\windows\system32\78709p51z7.dll
c:\windows\system32\787bdoznload952155.cpl
c:\windows\system32\7934down5oader625z.bin
c:\windows\system32\7955s5arse797z.dll
c:\windows\system32\795zvir613.ocx
c:\windows\system32\7964za5kdoor1524.exe
c:\windows\system32\79dabaz5door2525.dll
c:\windows\system32\7ad8back5oor3916z.bin
c:\windows\system32\7ae8add9arz28025.dll
c:\windows\system32\7b56s9eal5z95.bin
c:\windows\system32\7c0aspz95e1174.bin
c:\windows\system32\7d25vir2059z.dll
c:\windows\system32\7e95vz51416.cpl
c:\windows\system32\7z82spar9e6065.ocx
c:\windows\system32\7zaa9d5ware1952.exe
c:\windows\system32\811downloaz5r9077.dll
c:\windows\system32\813not-5-virus169z.dll
c:\windows\system32\8203zo5-a-vi9us36a.exe
c:\windows\system32\86b9zdware1755.bin
c:\windows\system32\8751spamboz6499.dll
c:\windows\system32\879859rzs3a.exe
c:\windows\system32\90305iz9s351.ocx
c:\windows\system32\9179thre5tz9979.cpl
c:\windows\system32\94459spam5oz47f.exe
c:\windows\system32\945a5pywaze2773.cpl
c:\windows\system32\9464sp5warz725.bin
c:\windows\system32\954zp9666.ocx
c:\windows\system32\9557tr9z51.ocx
c:\windows\system32\956dsparsz1354.dll
c:\windows\system32\95835parsz2985.exe
c:\windows\system32\9593vi523z0.cpl
c:\windows\system32\965thief195z.exe
c:\windows\system32\96d8thizf2052.exe
c:\windows\system32\98747wor5683z.exe
c:\windows\system32\9955noz-a-virus13c.bin
c:\windows\system32\9969dow5loadzr1504.bin
c:\windows\system32\9c59thzef2983.cpl
c:\windows\system32\9d5bzpyware759.bin
c:\windows\system32\9z75v5r1443.cpl
c:\windows\system32\9z92vir5s76b.ocx
c:\windows\system32\dc295ezl2858.ocx
c:\windows\system32\debdo9nload5r3179z.ocx
c:\windows\system32\e669ir59z.dll
c:\windows\system32\ec65hrz9t18507.dll
c:\windows\system32\f37backdoor89z5.ocx
c:\windows\system32\msconfig.exe
c:\windows\system32\z0499not-a5virus9a1.dll
c:\windows\system32\z146spam95t299.ocx
c:\windows\system32\z2es9arse1595.ocx
c:\windows\system32\z342t5oj901.ocx
c:\windows\system32\z351w9rm611.exe
c:\windows\system32\z35thie9243.cpl
c:\windows\system32\z47vir99885.dll
c:\windows\system32\z5398spambot79f.dll
c:\windows\system32\z541not-a-vir5s3f99.ocx
c:\windows\system32\z555spywar91624.exe
c:\windows\system32\z56addware8579.dll
c:\windows\system32\z5933spy3925.exe
c:\windows\system32\z5bac5door987.exe
c:\windows\system32\z619h5cktool91.cpl
c:\windows\system32\z67095roj641.dll
c:\windows\system32\z69downlo5d9r2478.exe
c:\windows\system32\z7938hacktool1f5.ocx
c:\windows\system32\z795backdoor59.dll
c:\windows\system32\z90b9teal5193.exe
c:\windows\system32\z96evir2599.ocx
c:\windows\system32\z988sp57f9.bin
c:\windows\system32\za82b9ckdoor254.exe
c:\windows\system32\zbfbv9r5199.dll
c:\windows\system32\zc86thief9508.dll
c:\windows\z008steal22509.dll
c:\windows\z0259not-a-5irus39b.ocx
c:\windows\z0273wor95f7.exe
c:\windows\z02db9c5door3127.dll
c:\windows\z031backd9or1659.dll
c:\windows\z0450s5a9bot4f5.exe
c:\windows\z067wo9m11b5.exe
c:\windows\z0e9download5r3194.ocx
c:\windows\z0ethrea9168585.cpl
c:\windows\z1395spy266.bin
c:\windows\z1412h59ktool2e1.dll
c:\windows\z1879w9rm1f5.exe
c:\windows\z195downloader1965.cpl
c:\windows\z211download5r1690.dll
c:\windows\z279worm3159.exe
c:\windows\z310thie92352.cpl
c:\windows\z3564troj349.ocx
c:\windows\z4344s5ambo978c.ocx
c:\windows\z46669pambot795.exe
c:\windows\z5069ir358.ocx
c:\windows\z53s5ea9594.cpl
c:\windows\z5653spamb9t9f.ocx
c:\windows\z5888t5oj549.bin
c:\windows\z5999vir9s2a8.exe
c:\windows\z704s9y5are67.exe
c:\windows\z85evi92959.bin
c:\windows\z90159orm9.exe
c:\windows\z9038h9cktool15d.bin
c:\windows\z9685py55b.exe
c:\windows\z995659y539.dll
c:\windows\z9d5threat4289.cpl
c:\windows\zd92spyware2115.bin
c:\windows\zdb3threa915858.exe
c:\windows\ze73threat52921.bin

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2011-01-15 to 2011-02-15 )))))))))))))))))
.

2011-02-15 17:40 . 2011-02-15 17:40 -------- d-----w- C:\AVGTemp
2011-02-15 10:27 . 2010-05-07 08:52 238944 ----a-w- c:\windows\system32\RaCoInst.dll
2011-02-15 10:27 . 2010-05-06 15:35 829152 ----a-w- c:\windows\system32\drivers\Drt2870.sys
2011-02-14 22:27 . 2011-02-14 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-02-14 22:27 . 2011-02-14 22:27 -------- d-----w- c:\documents and settings\Järjestelmänvalvoja\Application Data\SUPERAntiSpyware.com
2011-02-14 20:41 . 2008-04-14 07:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-02-14 20:41 . 2008-04-14 06:46 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-02-14 20:41 . 2008-04-13 09:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-02-09 15:40 . 2011-02-09 15:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-02-09 15:38 . 2011-02-09 15:38 -------- d-----w- c:\program files\Kaspersky Security Scan
2011-02-09 15:38 . 2011-02-09 15:38 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2011-02-09 15:35 . 2011-02-12 01:41 -------- d-----w- c:\documents and settings\Järjestelmänvalvoja\Local Settings\Application Data\Temp
2011-02-09 15:35 . 2011-02-09 15:35 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 16:09 . 2010-08-15 12:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 16:08 . 2010-08-15 12:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-29 15:38 . 2010-11-29 15:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 15:38 . 2010-11-29 15:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

------- Sigcheck -------


[-] 2009-05-31 . 2399A41D8B1798D49DAA21310CF3A4E9 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

c:\windows\System32\wscntfy.exe ... puuttuu !!
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-28 61440]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2010-04-28 647528]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240]

c:\documents and settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Philips SA011 Device Manager.lnk - c:\program files\Philips\GoGear SA011 Device Manager\main.exe [2010-12-9 119296]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 06:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-06-08 16:23 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\B2BPOKER\\Pokerihuone\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8.6.2009 18:32 721904]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [4.6.2010 10:55 229312]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1.6.2010 18:00 25240]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\JRJEST~1\LOCALS~1\Temp\HBCD\SuperAntiSpyware\SASDIFSV.SYS --> c:\docume~1\JRJEST~1\LOCALS~1\Temp\HBCD\SuperAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\JRJEST~1\LOCALS~1\Temp\HBCD\SuperAntiSpyware\SASKUTIL.SYS --> c:\docume~1\JRJEST~1\LOCALS~1\Temp\HBCD\SuperAntiSpyware\SASKUTIL.SYS [?]
S2 gupdate;Google-päivityspalvelu (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9.2.2011 17:35 135664]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2.12.2009 15:19 1181328]
S4 SBO;SBO;c:\docume~1\JRJEST~1\LOCALS~1\Temp\SBO.exe --> c:\docume~1\JRJEST~1\LOCALS~1\Temp\SBO.exe [?]
.
'Ajoitetut tehtävät'-kansion sisältö

2011-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

2011-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-09 15:35]

2011-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-09 15:35]

2011-02-10 c:\windows\Tasks\Norton Security Scan for Järjestelmänvalvoja.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-16 02:14]

2011-02-15 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 12:07]
.
.
------- Täydentävä tarkistus -------
.
IE: Vie Microsoft E&xceliin - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} - hxxp://fika-web.ifolor.net/ORDERINGGENERAL/LowRes/app_support/_2_1_2/ActiveX/IfolorUploader_fika.cab
FF - ProfilePath - c:\documents and settings\Järjestelmänvalvoja\Application Data\Mozilla\Firefox\Profiles\k66fiiwa.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1814311&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.fi
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - POISTETUT JÄMÄRIVIT - - - -

Notify-avgrsstarter - avgrsstx.dll
MSConfigStartUp-fivhqlce - c:\documents and settings\Järjestelmänvalvoja\Local Settings\Application Data\ixlhbhcum\livmyieshdw.exe
MSConfigStartUp-Gkacinewuno - c:\windows\psvrdr.dll
AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\program files\NOS\bin\getPlus_Helper_3004.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-15 20:22
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_HD161HJ rev.JF100-19 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x88EF0EC5]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x88730872; SUB DWORD [EBP-0x4], 0x8873012e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x89D70AB8]
3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000006c[0x89E58030]
5 ACPI[0xB9E66620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x89D1B940]
[0x897CF8E8] -> IRP_MJ_CREATE -> 0x88EF0EC5
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskSAMSUNG_HD161HJ_________________________JF100-19#30533356394a5141303332303439202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x88EF0AEA
user & kernel MBR OK
sectors 312581806 (+255): user != kernel
Warning: possible TDL3 rootkit infection !

**************************************************************************
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------

[HKEY_USERS\S-1-5-21-1078081533-688789844-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,73,a1,24,da,82,50,4e,86,f2,24,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,73,a1,24,da,82,50,4e,86,f2,24,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"

[HKEY_LOCAL_MACHINE\software\Philips]
@DACL=(02 0000)
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'winlogon.exe'(896)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2708)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Muut prosessit ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Valmistumisajankohta: 2011-02-15 20:28:17 - kone käynnistettiin uudelleen
ComboFix-quarantined-files.txt 2011-02-15 18:28

Ennen ajoa: 50 684 923 904 tavua vapaana
Ajon jälkeen: 50 667 782 144 tavua vapaana

WindowsXP-KB310994-SP2-Pro-BootDisk-FIN.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - B142DE88DC90E6D45AD2747564A09CE7

___---___

HijackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:31:08, on 15.2.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
D:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - Global Startup: Philips SA011 Device Manager.lnk = C:\Program Files\Philips\GoGear SA011 Device Manager\main.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Unibet - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\unibetpokerMPP\MPPoker.exe (HKCU)
O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} (IfolorUploader Control) - http://fika-web.ifolor.net/ORDERINGGENERAL/LowRes/app_support/_2_1_2/ActiveX/IfolorUploader_fika.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google-päivityspalvelu (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\system32\tlntsvr.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 7698 bytes

___---___

COMODO:

http://paste2.org/p/1248061

 

.
Aja tämä ja jatketaan huomenna =>

Lataa SystemLook by. jpshortstuff TÄÄLTÄ. ja tallenna se työpöydälle.

Maalaa Kopioi(CTRL+C) alla olevasta laatikosta kaikki teksti.

Koodi:

:filefind
wscntfy.exe
data.dat

:dir
C:\WINDOWS\system32\drivers\etc /s

Tupla-klikkaa SystemLook.exe käynnistääksesi sen.

Liitä kopioitu texti Ctrl + V ohjelman tekstialueeseen.

Klikkaa nappulaa Look aloittaaksesi skannauksen.

Kun skannaus on valmis avautuu muistio joka sisältää lokitiedot
Klikkaa lokia hiiren oikealla painikkeella ja valitse "Valitse kaikki"
Kopio ja liitä se seuraavaan viestiisi.
(Loki löytyy myös työpöydältäsi nimellä SystemLook.txt)

 

Heips!

Jotain nyt on kyl viel vikana koska aika moneen paikkaan ei tunnu olevan lupaa
Jopa msconfig ei enään hallunut aueta vaan sanoi että jokin osa puuttuu :/
Tässä on tämä SystemLook logi mutta eipä siinä mitään luettavaa ole.


SystemLook 04.09.10 by jpshortstuff
Log created at 21:37 on 15/02/2011 by Järjestelmänvalvoja
Administrator - Elevation successful

========== filefind ==========

Searching for "wscntfy.exe"
No files found.

Searching for "data.dat"
C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat ------- 1372 bytes [17:04 08/06/2009] [17:04 08/06/2009] 81C1668D1318BD2160C3891F9E6AFA0B
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage\data\data.dat --a---- 3130 bytes [13:26 08/06/2009] [07:41 30/11/2010] DBD690AAC20CE32DCD6F01EA5CDCBFEB

========== dir ==========

C:\WINDOWS\system32\drivers\etc - Parameters: "/s"

---Files---
hosts --a---- 27 bytes [12:00 09/10/2001] [18:22 15/02/2011]
hosts.20100815-145859.backup --a---- 665 bytes [11:58 15/08/2010] [12:00 09/10/2001]
hosts.20110215-124111.backup -ra---- 416550 bytes [10:41 15/02/2011] [11:58 15/08/2010]
hosts.msn --a---- 665 bytes [04:27 14/06/2009] [12:00 09/10/2001]
lmhosts.sam --a---- 3705 bytes [12:00 09/10/2001] [12:00 09/10/2001]
networks --a---- 416 bytes [12:00 09/10/2001] [12:00 09/10/2001]
protocol --a---- 829 bytes [12:00 09/10/2001] [12:00 09/10/2001]
services --a---- 7151 bytes [12:00 09/10/2001] [12:00 09/10/2001]

No folders found.

-= EOF =-

 

.
Kyllä siellä on vielä.
Tämmöinen sun pitäisi imuroida jostain => wscntfy.exe

http://dllexedown.com/bbs/board.php?bo_table=03_xp32&wr_id=3558

filepath :
C:\WINDOWS\system32\wscntfy.exe
download : Down

Laita se tuonne => G:\WINDOWS\system32\

*************************************************************

Näitäkin taitaa olla =>

Ole hyvä ja lataa TDSSKiller.exe ja pura ohjelma työpöydällesi.

* Tuplaklikkaa TDSSKiller.exe Käynnistääksesi ohjelman.
* Paina Start Scan, aloittaaksesi scannauksen.
* Älä muuta näitä asetuksia:
* Jos saastunut tiedosto on havaittu,Oletus toiminto on Cure,sitten paina Continue.
* Jos epäilyttävä tiedosto on havaittu,Oletus toiminto on Skip, sitten paina Continue.
* Sinua saatetaan pyytää käynnistämään kone uudelleen saattaaksesi puhdistus loppuun, Paina Reboot now.
* Nähdäksesi tulos raportin :
* Paina Report nappia ja kopioi sekä Liitä sisältö seuraavaan vastaukseesi.

 

Haha et pystynyt pitämään näppejäs erossa. Sanoit että huomenna jatkuu
Joo eli tässä olis TDSSKiller logi.

Niin avustaisitko minkä palomuuri ja virustorjunta ohjelman asennan. Nyt ei ole virustorjuntaa ollenkaan kun AVG poistettu ainaostaan COMODO on pyörimässä.

___---___

2011/02/15 22:36:32.0843 2360 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
2011/02/15 22:36:33.0234 2360 ================================================================================
2011/02/15 22:36:33.0234 2360 SystemInfo:
2011/02/15 22:36:33.0234 2360
2011/02/15 22:36:33.0234 2360 OS Version: 5.1.2600 ServicePack: 3.0
2011/02/15 22:36:33.0234 2360 Product type: Workstation
2011/02/15 22:36:33.0234 2360 ComputerName: JULMAJUU
2011/02/15 22:36:33.0234 2360 UserName: Järjestelmänvalvoja
2011/02/15 22:36:33.0234 2360 Windows directory: C:\WINDOWS
2011/02/15 22:36:33.0234 2360 System windows directory: C:\WINDOWS
2011/02/15 22:36:33.0234 2360 Processor architecture: Intel x86
2011/02/15 22:36:33.0234 2360 Number of processors: 2
2011/02/15 22:36:33.0234 2360 Page size: 0x1000
2011/02/15 22:36:33.0234 2360 Boot type: Normal boot
2011/02/15 22:36:33.0234 2360 ================================================================================
2011/02/15 22:36:33.0656 2360 Initialize success
2011/02/15 22:36:39.0125 2456 ================================================================================
2011/02/15 22:36:39.0125 2456 Scan started
2011/02/15 22:36:39.0125 2456 Mode: Manual;
2011/02/15 22:36:39.0125 2456 ================================================================================
2011/02/15 22:36:39.0578 2456 ACPI (86eba3468d103fc807adcf6ae577f203) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/15 22:36:39.0609 2456 ACPIEC (9322a12c6362fd4ce1f6adca40edeced) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/15 22:36:39.0671 2456 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/02/15 22:36:39.0703 2456 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/02/15 22:36:39.0781 2456 amdide (6e58654cb25730b2579e45e1fd116a47) C:\WINDOWS\system32\DRIVERS\amdide.sys
2011/02/15 22:36:39.0796 2456 AmdK8 (54da779918ae24577b40b3f777b726b7) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/02/15 22:36:39.0828 2456 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
2011/02/15 22:36:39.0859 2456 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/02/15 22:36:39.0937 2456 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/15 22:36:39.0953 2456 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/15 22:36:40.0078 2456 ati2mtag (8e54c76db5d88bf8b4e82b37e1322671) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/02/15 22:36:40.0140 2456 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/15 22:36:40.0156 2456 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/15 22:36:40.0187 2456 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/15 22:36:40.0234 2456 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/15 22:36:40.0265 2456 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/15 22:36:40.0296 2456 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/15 22:36:40.0312 2456 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/15 22:36:40.0375 2456 cmdGuard (d7c17cc5038773aa717864a5555465de) C:\WINDOWS\system32\DRIVERS\cmdguard.sys
2011/02/15 22:36:40.0406 2456 cmdHlp (81ceedf3501cd5ccae3dceb204af1634) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
2011/02/15 22:36:40.0500 2456 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/15 22:36:40.0531 2456 dmboot (a94bf38d74a8b8cdc4609c5b5546c9a1) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/15 22:36:40.0562 2456 dmio (dc6e20600717b7be7709f6bbeb5f1e35) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/15 22:36:40.0578 2456 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/15 22:36:40.0609 2456 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/15 22:36:40.0656 2456 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/15 22:36:40.0703 2456 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/15 22:36:40.0734 2456 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/02/15 22:36:40.0750 2456 Fips (fbafbfbacc14405393edbaa5ac3a41eb) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/15 22:36:40.0765 2456 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/02/15 22:36:40.0796 2456 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/02/15 22:36:40.0843 2456 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2011/02/15 22:36:40.0859 2456 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/15 22:36:40.0890 2456 Ftdisk (30e0982506281508703c99115cee520c) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/15 22:36:40.0921 2456 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/02/15 22:36:40.0953 2456 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/15 22:36:40.0968 2456 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/02/15 22:36:41.0015 2456 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/15 22:36:41.0078 2456 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/15 22:36:41.0140 2456 i8042prt (328779b03d621cd6d0c13a2dde5477f5) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/15 22:36:41.0156 2456 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/15 22:36:41.0203 2456 Inspect (bf141304f251563b63e64cb3c036de74) C:\WINDOWS\system32\DRIVERS\inspect.sys
2011/02/15 22:36:41.0328 2456 IntcAzAudAddService (b2957d6c1226f029230dac2c46d34286) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/02/15 22:36:41.0421 2456 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/02/15 22:36:41.0453 2456 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/15 22:36:41.0468 2456 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/15 22:36:41.0484 2456 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/15 22:36:41.0515 2456 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/15 22:36:41.0546 2456 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/15 22:36:41.0593 2456 isapnp (48c2901a6a32e30fadf1d883b2969cf1) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/15 22:36:41.0625 2456 Kbdclass (2aa4d6f99f0b25c0c25def5ae25b4d31) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/15 22:36:41.0656 2456 kbdhid (094dc160044617960c58f7c08d6da5e3) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/02/15 22:36:41.0703 2456 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/15 22:36:41.0734 2456 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/15 22:36:41.0812 2456 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/15 22:36:41.0828 2456 Modem (35837340d4c14a27988195dd67398c85) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/15 22:36:41.0843 2456 Mouclass (e9fc0706d6973c9777bdee2147ef87e8) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/15 22:36:41.0875 2456 mouhid (cecbfa0343e2a9c7cfef3b999e7ba52c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/15 22:36:41.0890 2456 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/15 22:36:41.0937 2456 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/15 22:36:41.0968 2456 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/15 22:36:42.0000 2456 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/15 22:36:42.0031 2456 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/15 22:36:42.0046 2456 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/15 22:36:42.0062 2456 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/15 22:36:42.0093 2456 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/15 22:36:42.0109 2456 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/15 22:36:42.0125 2456 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/15 22:36:42.0156 2456 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/15 22:36:42.0171 2456 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/15 22:36:42.0187 2456 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/15 22:36:42.0203 2456 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/15 22:36:42.0218 2456 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/15 22:36:42.0250 2456 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/15 22:36:42.0281 2456 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/02/15 22:36:42.0296 2456 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/15 22:36:42.0328 2456 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/15 22:36:42.0468 2456 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/15 22:36:42.0515 2456 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/15 22:36:42.0578 2456 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/15 22:36:42.0640 2456 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/02/15 22:36:42.0687 2456 Parport (a28a0c29a02a5fa2f75fa229e70e64b7) C:\WINDOWS\system32\drivers\Parport.sys
2011/02/15 22:36:42.0718 2456 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/15 22:36:42.0765 2456 ParVdm (4eadd72430fffe9046353e9b5c733871) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/15 22:36:42.0781 2456 PCI (feb531dc1d3c5d1fe9ca7d144fc8cc22) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/15 22:36:42.0828 2456 PCIIde (468ecf7914201569c34d64bd54bf3eb1) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/15 22:36:42.0859 2456 Pcmcia (6c0558ae897715dd67a2cbca290306c3) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/15 22:36:43.0031 2456 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/15 22:36:43.0046 2456 Processor (4a1b365371ba3c24de657fb72ea08fb2) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/02/15 22:36:43.0078 2456 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/15 22:36:43.0109 2456 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/15 22:36:43.0125 2456 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/02/15 22:36:43.0234 2456 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/15 22:36:43.0250 2456 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/15 22:36:43.0265 2456 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/15 22:36:43.0281 2456 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/15 22:36:43.0328 2456 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/15 22:36:43.0343 2456 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/15 22:36:43.0390 2456 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/02/15 22:36:43.0437 2456 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/15 22:36:43.0468 2456 redbook (91b5ec87d728940ff72fcd21e582cee9) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/15 22:36:43.0546 2456 rt2870 (861fda9771c4eb75f17aec4cd171c9b6) C:\WINDOWS\system32\DRIVERS\Drt2870.sys
2011/02/15 22:36:43.0593 2456 RTLE8023xp (00fd6811350e175585abcf7d4a61dd90) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/02/15 22:36:43.0703 2456 SCDEmu (f441ba47bd8610cb9536965bd7d1f943) C:\WINDOWS\system32\drivers\SCDEmu.sys
2011/02/15 22:36:43.0750 2456 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/15 22:36:43.0781 2456 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/02/15 22:36:43.0812 2456 Serial (e6c01d131904fe42580c4f9d19c7d292) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/02/15 22:36:43.0828 2456 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/15 22:36:43.0921 2456 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/15 22:36:44.0031 2456 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
2011/02/15 22:36:44.0031 2456 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
2011/02/15 22:36:44.0031 2456 sptd - detected Locked file (1)
2011/02/15 22:36:44.0062 2456 sr (fed2cba52dea63891c1e22ec3c72ed47) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/15 22:36:44.0109 2456 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/15 22:36:44.0156 2456 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/15 22:36:44.0187 2456 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/15 22:36:44.0281 2456 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/15 22:36:44.0343 2456 Tcpip (f910000143031ed2c0bf501c47f9c45e) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/15 22:36:44.0343 2456 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\tcpip.sys. Real md5: f910000143031ed2c0bf501c47f9c45e, Fake md5: 9aefa14bd6b182d61e3119fa5f436d3d
2011/02/15 22:36:44.0343 2456 Tcpip - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/02/15 22:36:44.0375 2456 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/15 22:36:44.0390 2456 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/15 22:36:44.0437 2456 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/15 22:36:44.0500 2456 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/15 22:36:44.0562 2456 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/15 22:36:44.0609 2456 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/02/15 22:36:44.0640 2456 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/15 22:36:44.0671 2456 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/15 22:36:44.0687 2456 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/15 22:36:44.0703 2456 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/02/15 22:36:44.0765 2456 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/15 22:36:44.0796 2456 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/15 22:36:44.0812 2456 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/02/15 22:36:44.0875 2456 VolSnap (ae449a0f2fde17a61390049d30849c8d) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/15 22:36:44.0906 2456 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/15 22:36:44.0953 2456 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/15 22:36:45.0062 2456 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/02/15 22:36:45.0125 2456 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/02/15 22:36:45.0156 2456 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/02/15 22:36:45.0312 2456 ================================================================================
2011/02/15 22:36:45.0312 2456 Scan finished
2011/02/15 22:36:45.0312 2456 ================================================================================
2011/02/15 22:36:45.0312 2380 Detected object count: 2
2011/02/15 22:37:29.0453 2380 Locked file(sptd) - User select action: Skip
2011/02/15 22:37:29.0515 2380 Tcpip (f910000143031ed2c0bf501c47f9c45e) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/15 22:37:29.0515 2380 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\tcpip.sys. Real md5: f910000143031ed2c0bf501c47f9c45e, Fake md5: 9aefa14bd6b182d61e3119fa5f436d3d
2011/02/15 22:37:29.0812 2380 Backup copy found, using it..
2011/02/15 22:37:29.0828 2380 C:\WINDOWS\system32\DRIVERS\tcpip.sys - will be cured after reboot
2011/02/15 22:37:29.0828 2380 Rootkit.Win32.TDSS.tdl3(Tcpip) - User select action: Cure
2011/02/15 22:37:34.0406 2332 Deinitialize success


EDIT:

Windows\PCHealth\HelpCtr\Binaries kansiosta ei löydy MSCONFIG.exeä eli sen takia se ei ainakaan käynnisty :/

EDIT 2:
Ei se MSCONFIG aukea kun tuo ComboFix poisti sen "c:\windows\system32\msconfig.exe "

 

.
En malttanut en !!!

Kyllä nuo sun virus ohjelmat oli ihan hyvät !!!
AVG ja COMODO

Poista vanha AVG kokonaan ja asenna tutka vaikka =>
(ohjeet sinulle ollenee turhan yksityiskohtaiset("SW" sanoi Lipponen)

1) Antivir PersonalEdition Classic - Ilmainen anti-virus Windowsille. Ilmainen tuki.
1.1Asennus ja käyttöohjeet edelliseen Antti-Viiri TÄÄLTÄ

-----------------------------------------------------------------

Täältä => MSConfig koneellesi =>
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=9689F6E9-ADED-44B8-BBBB-BEAE1B4A4BC9

------------------------------------------------------------------------

Tämän job tiedoston voit käydä poistamassa =>
c:\windows\Tasks\Norton Security Scan for Järjestelmänvalvoja.job

------------------------------------------------------------------------

Korvaa tuokin terveellä => C:\WINDOWS\system32\sfcfiles.dll

http://www.dlldump.com/download-dll...es/S/sfcfiles.dll/5.1.2600.2180/download.html

-------------------------------------------------------------------------

Laita piilotiedostot näkyviin => OHJE

Klikkaa => TÄNNE

Paina yläreunassa selaa nappia.
Etsi koneeltasi ==>> C:\WINDOWS\system32\DRIVERS\tcpip.sys
Klikkaa tiedostoa ja paina Avaa nappia.
Painele sitten Upload nappia.
Scan nappia ja odottelet hetken.
Kun raportti on valmistunut sivun alareunassa painat
nappia Copy to clipboard
Avaa Muistio/Notebad ja kopioit leikepöydältä raportin sinne (Ctlr+V)
Lähetä sitten raportti tänne viesti ketjuusi.

Varmista vielä tcpip.sys => Ominaisuudet => versio (tiedostoversio)

Pitäisi olla =>
5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)

---------------------------------------------------------------

Lataa screen317:n Security Check TÄSTÄ tai TÄSTÄ.
* Tuplaklikkaa SecurityCheck.exe ja seuraa ikkunan ohjeita.
* Kun ohjelma on valmis, se avaa checkup.txt tiedoston.
* Lähetä sen sisältö seuraavassa viestissäsi.

----------------------------------------------------------------

Lähetäpä tietova =>
tcpip.sys ???
checkup.txt
Uusi HJT logi

 

Allright! Eli ongelmana vielä se että mikään ohjelma ohjauspaneelissa ei toimi.
Tuota msconfigia en voi asentaa kun ei löydy FI versiota ja ei tuota englanti versiota antanut asentaa :/
Muuten kone tuntuu about puhtaalta että käynnistyy ihan ok ja pyörii tasaiseen tahtiin.

Aviran pyöritin kans läpi niin laitan siitä kanssa login tähän.




Avira AntiVir Personal
Report file date: 16. helmikuuta 2011 17:14

Scanning for 2408978 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : JULMAJUU

Version information:
BUILD.DAT : 10.0.0.611 31824 Bytes 14.1.2011 13:42:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 10.1.2011 12:23:31
AVSCAN.DLL : 10.0.3.0 46440 Bytes 1.4.2010 10:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 10.1.2011 12:23:40
LUKERES.DLL : 10.0.0.1 12648 Bytes 10.2.2010 21:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 6.11.2009 07:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 12:23:50
VBASE002.VDF : 7.11.3.0 1950720 Bytes 9.2.2011 15:12:12
VBASE003.VDF : 7.11.3.1 2048 Bytes 9.2.2011 15:12:12
VBASE004.VDF : 7.11.3.2 2048 Bytes 9.2.2011 15:12:12
VBASE005.VDF : 7.11.3.3 2048 Bytes 9.2.2011 15:12:12
VBASE006.VDF : 7.11.3.4 2048 Bytes 9.2.2011 15:12:12
VBASE007.VDF : 7.11.3.5 2048 Bytes 9.2.2011 15:12:12
VBASE008.VDF : 7.11.3.6 2048 Bytes 9.2.2011 15:12:12
VBASE009.VDF : 7.11.3.7 2048 Bytes 9.2.2011 15:12:12
VBASE010.VDF : 7.11.3.8 2048 Bytes 9.2.2011 15:12:13
VBASE011.VDF : 7.11.3.9 2048 Bytes 9.2.2011 15:12:13
VBASE012.VDF : 7.11.3.10 2048 Bytes 9.2.2011 15:12:13
VBASE013.VDF : 7.11.3.59 157184 Bytes 14.2.2011 15:12:13
VBASE014.VDF : 7.11.3.97 120320 Bytes 16.2.2011 15:12:13
VBASE015.VDF : 7.11.3.98 2048 Bytes 16.2.2011 15:12:13
VBASE016.VDF : 7.11.3.99 2048 Bytes 16.2.2011 15:12:13
VBASE017.VDF : 7.11.3.100 2048 Bytes 16.2.2011 15:12:13
VBASE018.VDF : 7.11.3.101 2048 Bytes 16.2.2011 15:12:13
VBASE019.VDF : 7.11.3.102 2048 Bytes 16.2.2011 15:12:13
VBASE020.VDF : 7.11.3.103 2048 Bytes 16.2.2011 15:12:13
VBASE021.VDF : 7.11.3.104 2048 Bytes 16.2.2011 15:12:13
VBASE022.VDF : 7.11.3.105 2048 Bytes 16.2.2011 15:12:14
VBASE023.VDF : 7.11.3.106 2048 Bytes 16.2.2011 15:12:14
VBASE024.VDF : 7.11.3.107 2048 Bytes 16.2.2011 15:12:14
VBASE025.VDF : 7.11.3.108 2048 Bytes 16.2.2011 15:12:14
VBASE026.VDF : 7.11.3.109 2048 Bytes 16.2.2011 15:12:14
VBASE027.VDF : 7.11.3.110 2048 Bytes 16.2.2011 15:12:14
VBASE028.VDF : 7.11.3.111 2048 Bytes 16.2.2011 15:12:14
VBASE029.VDF : 7.11.3.112 2048 Bytes 16.2.2011 15:12:14
VBASE030.VDF : 7.11.3.113 2048 Bytes 16.2.2011 15:12:14
VBASE031.VDF : 7.11.3.117 23040 Bytes 16.2.2011 15:12:14
Engineversion : 8.2.4.166
AEVDF.DLL : 8.1.2.1 106868 Bytes 10.1.2011 12:23:26
AESCRIPT.DLL : 8.1.3.53 1282427 Bytes 16.2.2011 15:12:17
AESCN.DLL : 8.1.7.2 127349 Bytes 10.1.2011 12:23:26
AESBX.DLL : 8.1.3.2 254324 Bytes 10.1.2011 12:23:26
AERDL.DLL : 8.1.9.2 635252 Bytes 10.1.2011 12:23:25
AEPACK.DLL : 8.2.4.9 512374 Bytes 16.2.2011 15:12:17
AEOFFICE.DLL : 8.1.1.16 205179 Bytes 16.2.2011 15:12:17
AEHEUR.DLL : 8.1.2.76 3273078 Bytes 16.2.2011 15:12:16
AEHELP.DLL : 8.1.16.1 246134 Bytes 16.2.2011 15:12:15
AEGEN.DLL : 8.1.5.2 397683 Bytes 16.2.2011 15:12:15
AEEMU.DLL : 8.1.3.0 393589 Bytes 10.1.2011 12:23:18
AECORE.DLL : 8.1.19.2 196983 Bytes 16.2.2011 15:12:14
AEBB.DLL : 8.1.1.0 53618 Bytes 10.1.2011 12:23:18
AVWINLL.DLL : 10.0.0.0 19304 Bytes 10.1.2011 12:23:32
AVPREF.DLL : 10.0.0.0 44904 Bytes 10.1.2011 12:23:30
AVREP.DLL : 10.0.0.8 62209 Bytes 17.6.2010 12:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 10.1.2011 12:23:31
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 10.1.2011 12:23:31
AVARKT.DLL : 10.0.22.6 231784 Bytes 10.1.2011 12:23:27
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 10.1.2011 12:23:28
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17.6.2010 12:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 10.1.2011 12:23:31
NETNT.DLL : 10.0.0.0 11624 Bytes 17.6.2010 12:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.1.2010 11:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 10.1.2011 12:23:52

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Start of the scan: 16. helmikuuta 2011 17:14

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dhcp\Parameters\{84db5c01-7b63-4ad2-bad2-c9faaa68e601}
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'msdtc.exe' - '42' Module(s) have been scanned
Scan process 'dllhost.exe' - '63' Module(s) have been scanned
Scan process 'dllhost.exe' - '47' Module(s) have been scanned
Scan process 'vssvc.exe' - '50' Module(s) have been scanned
Scan process 'avscan.exe' - '70' Module(s) have been scanned
Scan process 'avcenter.exe' - '66' Module(s) have been scanned
Scan process 'avgnt.exe' - '54' Module(s) have been scanned
Scan process 'sched.exe' - '47' Module(s) have been scanned
Scan process 'avshadow.exe' - '27' Module(s) have been scanned
Scan process 'avguard.exe' - '57' Module(s) have been scanned
Scan process 'alg.exe' - '35' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '36' Module(s) have been scanned
Scan process 'SeaPort.exe' - '46' Module(s) have been scanned
Scan process 'ccc.exe' - '179' Module(s) have been scanned
Scan process 'mscorsvw.exe' - '28' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '36' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '47' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'MOM.exe' - '55' Module(s) have been scanned
Scan process 'ctfmon.exe' - '29' Module(s) have been scanned
Scan process 'cfp.exe' - '57' Module(s) have been scanned
Scan process 'Explorer.EXE' - '119' Module(s) have been scanned
Scan process 'spoolsv.exe' - '55' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '161' Module(s) have been scanned
Scan process 'cmdagent.exe' - '70' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '30' Module(s) have been scanned
Scan process 'lsass.exe' - '60' Module(s) have been scanned
Scan process 'services.exe' - '37' Module(s) have been scanned
Scan process 'winlogon.exe' - '72' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1666' files ).


Starting the file scan:

Begin scan in 'C:\' <Windows>
C:\MicroGaming\Poker\unibetpokerMPP\install.exe
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
C:\MicroGaming\Casino\Unibet\res-da.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
C:\MicroGaming\Casino\Unibet\res-de.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
C:\MicroGaming\Casino\Unibet\res-es.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
C:\MicroGaming\Casino\Unibet\res-fi.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
C:\MicroGaming\Casino\Unibet\res-fr.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
C:\MicroGaming\Casino\Unibet\res-it.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
C:\MicroGaming\Casino\Unibet\res-nl.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
C:\MicroGaming\Casino\Unibet\res-no.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
C:\MicroGaming\Casino\Unibet\res-ru.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
C:\MicroGaming\Casino\Unibet\res-sv.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
C:\MicroGaming\Casino\Unibet\res.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
C:\MicroGaming\Poker\unibetpokerMPP\install.exe
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
C:\MicroGaming\Poker\unibetpokerMPP\local\en\common\commonres.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
C:\MicroGaming\Poker\unibetpokerMPP\local\fi\common\commonres.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
C:\MicroGaming\Poker\unibetpokerMPP\theme\unibetpoker\local\en\clientconfig\operatorres.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
C:\MicroGaming\Poker\unibetpokerMPP\theme\unibetpoker\local\fi\clientconfig\operatorres.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\testtar.tar
[0] Archive type: TAR (tape archiver)
--> gnu/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/longname
[WARNING] Internal error!
[WARNING] Internal error!
C:\System Volume Information\_restore{7C80F20F-EA6C-4699-B654-3A0E1D078355}\RP332\A0290731.sys
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{7C80F20F-EA6C-4699-B654-3A0E1D078355}\RP346\A0294250.exe
[0] Archive type: NSIS
--> unknown7
[1] Archive type: CAB (Microsoft)
--> testtar.tar
[2] Archive type: TAR (tape archiver)
--> gnu/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/longname
[WARNING] Internal error!
C:\WINDOWS\abidapesanukukub.dll
[DETECTION] Contains recognition pattern of the HTML/Fraud.DI HTML script virus
C:\WINDOWS\exoxohayerid.dll
[DETECTION] Contains recognition pattern of the HTML/Fraud.DI HTML script virus
C:\WINDOWS\ibepediwihe.dll
[DETECTION] Contains recognition pattern of the HTML/Fraud.DI HTML script virus
C:\WINDOWS\oxikamos.dll
[DETECTION] Contains recognition pattern of the HTML/Fraud.DI HTML script virus
C:\WINDOWS\ozavubomu.dll
[DETECTION] Contains recognition pattern of the HTML/Fraud.DI HTML script virus
C:\WINDOWS\ugepupiyeciferab.dll
[DETECTION] Contains recognition pattern of the HTML/Fraud.DI HTML script virus
C:\WINDOWS\upupiban.dll
[DETECTION] Contains recognition pattern of the HTML/Fraud.DI HTML script virus
C:\WINDOWS\uzuluqotiwuvu.dll
[DETECTION] Contains recognition pattern of the HTML/Fraud.DI HTML script virus
Begin scan in 'D:\' <Tiedostot>

Beginning disinfection:
C:\WINDOWS\uzuluqotiwuvu.dll
[DETECTION] Contains recognition pattern of the HTML/Fraud.DI HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '49f95293.qua'.
C:\WINDOWS\upupiban.dll
[DETECTION] Contains recognition pattern of the HTML/Fraud.DI HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '516e7eca.qua'.
C:\WINDOWS\ugepupiyeciferab.dll
[DETECTION] Contains recognition pattern of the HTML/Fraud.DI HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '03212429.qua'.
C:\WINDOWS\ozavubomu.dll
[DETECTION] Contains recognition pattern of the HTML/Fraud.DI HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '656a681e.qua'.
C:\WINDOWS\oxikamos.dll
[DETECTION] Contains recognition pattern of the HTML/Fraud.DI HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '20964526.qua'.
C:\WINDOWS\ibepediwihe.dll
[DETECTION] Contains recognition pattern of the HTML/Fraud.DI HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '5f8974a9.qua'.
C:\WINDOWS\exoxohayerid.dll
[DETECTION] Contains recognition pattern of the HTML/Fraud.DI HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '133b5b0d.qua'.
C:\WINDOWS\abidapesanukukub.dll
[DETECTION] Contains recognition pattern of the HTML/Fraud.DI HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '6f2d18b3.qua'.
C:\System Volume Information\_restore{7C80F20F-EA6C-4699-B654-3A0E1D078355}\RP332\A0290731.sys
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '423e37a8.qua'.
C:\MicroGaming\Poker\unibetpokerMPP\theme\unibetpoker\local\fi\clientconfig\operatorres.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
[NOTE] The file was moved to the quarantine directory under the name '5b1b0c72.qua'.
C:\MicroGaming\Poker\unibetpokerMPP\theme\unibetpoker\local\en\clientconfig\operatorres.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
[NOTE] The file was moved to the quarantine directory under the name '37472042.qua'.
C:\MicroGaming\Poker\unibetpokerMPP\local\fi\common\commonres.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
[NOTE] The file was moved to the quarantine directory under the name '46f619d4.qua'.
C:\MicroGaming\Poker\unibetpokerMPP\local\en\common\commonres.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
[NOTE] The file was moved to the quarantine directory under the name '48ec2913.qua'.
C:\MicroGaming\Casino\Unibet\res.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
[NOTE] The file was moved to the quarantine directory under the name '0dc35058.qua'.
C:\MicroGaming\Casino\Unibet\res-sv.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
[NOTE] The file was moved to the quarantine directory under the name '04c854f3.qua'.
C:\MicroGaming\Casino\Unibet\res-ru.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
[NOTE] The file was moved to the quarantine directory under the name '5c894d9a.qua'.
C:\MicroGaming\Casino\Unibet\res-no.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
[NOTE] The file was moved to the quarantine directory under the name '707d3456.qua'.
C:\MicroGaming\Casino\Unibet\res-nl.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
[NOTE] The file was moved to the quarantine directory under the name '4e83548c.qua'.
C:\MicroGaming\Casino\Unibet\res-it.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
[NOTE] The file was moved to the quarantine directory under the name '2d8d7fff.qua'.
C:\MicroGaming\Casino\Unibet\res-fr.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
[NOTE] The file was moved to the quarantine directory under the name '0b453fe2.qua'.
C:\MicroGaming\Casino\Unibet\res-fi.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
[NOTE] The file was moved to the quarantine directory under the name '39d14447.qua'.
C:\MicroGaming\Casino\Unibet\res-es.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
[NOTE] The file was moved to the quarantine directory under the name '33946f39.qua'.
C:\MicroGaming\Casino\Unibet\res-de.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
[NOTE] The file was moved to the quarantine directory under the name '0cc70b7c.qua'.
C:\MicroGaming\Casino\Unibet\res-da.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
[NOTE] The file was moved to the quarantine directory under the name '72eb075b.qua'.
C:\MicroGaming\Poker\unibetpokerMPP\install.exe
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
[NOTE] The file was moved to the quarantine directory under the name '27930399.qua'.


End of the scan: 16. helmikuuta 2011 18:04
Used time: 48:45 Minute(s)

The scan has been done completely.

13191 Scanned directories
381797 Files were scanned
26 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
25 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
381771 Files not concerned
2017 Archives were scanned
3 Warnings
25 Notes
588817 Objects were scanned with rootkit scan
1 Hidden objects were found

___---___

Results of screen317's Security Check version 0.99.8
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Avira AntiVir Personal - Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
MVPS Hosts File
SpywareBlaster 4.4
Spybot - Search & Destroy
CCleaner
Java(TM) 6 Update 23
Adobe Flash Player 10.2.152.26
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
``````````End of Log````````````

___---___

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:38:17, on 16.2.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
D:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Unibet - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\unibetpokerMPP\MPPoker.exe (HKCU)
O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} (IfolorUploader Control) - http://fika-web.ifolor.net/ORDERINGGENERAL/LowRes/app_support/_2_1_2/ActiveX/IfolorUploader_fika.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google-päivityspalvelu (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\system32\tlntsvr.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 8008 bytes


EDIT: Se TCPIP oli ok. Kaikki skannit löi nollaa ja mätsäs tohon versio numeroon.

EDIT 2: Ohjauspaneeli toimii kyllä vikasietotilassa! Msconfig ei. Mutta jos vain tuon ohjauspaneelin saisi vielä toimimaan niin asiat saavat kelvata. Tuota msconfigia en nyt juuri mihinkään tarvi.

EDIT 3: Nyt kun kävi vikasietotilassa vähän säätmässä niin alko normi tilassakin toimimaan ohjauspaneeli! Msconfig ei toimi mutta sille ei nyt voida mitään. Pitäskö vielä jotain skanneja ajaa? Vai onko kone puhdas? Tai ainakin about

 

.
Torjuntaohjelmat vaikuttaisi olevan OK !!!

--------------------

Lataa tuolta FI =>

http://84.249.90.164:81/lataa/msconfig.exe

ja pudota C:\windows\system32\ kansioon sekä
C:\WINDOWS\pchealth\helpctr\binaries\
C:\WINDOWS\system32\dllcache\

--------------------------------------

Tämän voit fixata HJT:llä pois =>
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

------------------------------------------

Ohjauspaneelin asetukset Windows XP Professional versiossa
saattaisi löytyä ryhmäkäytännöstä.
Voi mennä hetki ennenkuin löydän sen sieltä "et ögon blik"

--------------------------------------------------------

Lataa työpöydälle => TÄMÄ
* Sulje kaikki päälläolevat ikkunat ja sovellukset.
* Tuplaklikkaa OTL.exeä käynnistääksesi OTListIt:n.
* laita ruxit kuvanmukaan =>



* Klikkaa Run Scan nappulaa.
* Kun tarkistus on valmis, OTListIt luo kaksi tekstitiedostoa työpöydälle, tai alapalkkiin OTListIt.Txt ja Extras.txt
* Kopioi ja lähetä tiedostojen sisältö tänne.

 

.
Lataa työpöydälle ja aja =>

http://84.249.90.164:81/lataa/ControllPanelXP.reg

Kerro kuulumiset ja jatketaan huomenna

PS.
Ei pöpöjä enään.

 

OTL logfile created on: 16.2.2011 21:19:25 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040B | Country: Suomi | Language: FIN | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 75,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 42,01 Gb Free Space | 43,02% Space Free | Partition Type: NTFS
Drive D: | 51,39 Gb Total Space | 51,18 Gb Free Space | 99,59% Space Free | Partition Type: NTFS

Computer Name: JULMAJUU | User Name: Järjestelmänvalvoja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.02.16 21:18:35 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä\OTL.exe
PRC - [2011.01.17 23:30:46 | 001,803,224 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011.01.17 23:30:16 | 002,548,552 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011.01.10 14:23:41 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.01.10 14:23:30 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.01.10 14:23:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.01.05 11:59:50 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.01.14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.05.19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008.04.14 08:12:12 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011.02.16 21:18:35 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä\OTL.exe
MOD - [2010.12.29 01:42:04 | 000,285,480 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2010.08.23 18:12:31 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wscsvc)
SRV - File not found [Disabled | Stopped] -- -- (SBO)
SRV - [2011.01.17 23:30:46 | 001,803,224 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011.01.10 14:23:41 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.01.10 14:23:30 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.01.05 11:59:50 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.04.28 06:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.05.19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (NTIOLib_1_0_4)
DRV - [2011.02.15 23:40:01 | 000,431,672 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011.01.27 01:34:30 | 006,406,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011.01.18 20:12:32 | 006,315,624 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2011.01.10 14:23:53 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.01.10 14:23:53 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.01.06 17:37:04 | 000,094,784 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2011.01.06 17:37:04 | 000,027,576 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011.01.06 17:37:02 | 000,239,368 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010.07.06 03:13:10 | 000,234,392 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010.06.17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010.05.10 10:44:42 | 000,025,912 | ---- | M] (Your Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\MSIWDev\msibios32_100507.sys -- (MSI_MSIBIOS_010507)
DRV - [2010.05.06 17:35:04 | 000,829,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Drt2870.sys -- (rt2870)
DRV - [2009.11.18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009.08.05 21:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009.03.15 12:25:46 | 000,056,268 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008.04.13 08:36:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) Microsoft UAA -väyläohjain (High Definition Audio)
DRV - [2007.10.12 08:40:12 | 000,009,096 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdide.sys -- (amdide)
DRV - [2007.04.16 20:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006.07.01 22:37:26 | 000,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1078081533-688789844-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fi.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1078081533-688789844-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fi
IE - HKU\S-1-5-21-1078081533-688789844-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F4 5D FC 72 53 CD CB 01 [binary data]
IE - HKU\S-1-5-21-1078081533-688789844-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaultthis.engineName: "P2P Max Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1814311&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.fi"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://www.google.co.in/search?btnG=Google+Search&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.02.15 23:44:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.02.15 23:51:53 | 000,000,000 | ---D | M]

[2009.07.01 15:50:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Mozilla\Extensions
[2011.02.16 19:41:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Mozilla\Firefox\Profiles\k66fiiwa.default\extensions
[2011.02.16 17:00:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Mozilla\Firefox\Profiles\k66fiiwa.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.02.16 00:06:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Mozilla\Firefox\Profiles\k66fiiwa.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.08.15 13:29:32 | 000,000,687 | ---- | M] () -- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Mozilla\Firefox\Profiles\k66fiiwa.default\searchplugins\ask.xml
[2009.07.16 13:04:02 | 000,000,876 | ---- | M] () -- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Mozilla\Firefox\Profiles\k66fiiwa.default\searchplugins\conduit.xml
[2010.08.15 13:29:40 | 000,000,362 | ---- | M] () -- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Mozilla\Firefox\Profiles\k66fiiwa.default\searchplugins\winamp-search.xml
[2011.02.16 19:41:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.02.16 19:23:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\JäRJESTELMäNVALVOJA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\K66FIIWA.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\JäRJESTELMäNVALVOJA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\K66FIIWA.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}
[2011.02.16 19:23:15 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.02.16 19:23:14 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011.02.16 18:20:18 | 000,429,281 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14803 more lines...
O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1078081533-688789844-682003330-500\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [fssui] C:\Program Files\Windows Live\Family Safety\fsui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-21-1078081533-688789844-682003330-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1078081533-688789844-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1078081533-688789844-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-1078081533-688789844-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-1078081533-688789844-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-1078081533-688789844-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\S-1-5-21-1078081533-688789844-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1
O7 - HKU\S-1-5-21-1078081533-688789844-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1078081533-688789844-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-21-1078081533-688789844-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-1078081533-688789844-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1078081533-688789844-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1078081533-688789844-682003330-500\..Trusted Domains: com ([www.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-1078081533-688789844-682003330-500\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-1078081533-688789844-682003330-500\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} http://fika-web.ifolor.net/ORDERINGGENERAL/LowRes/app_support/_2_1_2/ActiveX/IfolorUploader_fika.cab (IfolorUploader Control)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.241.198.245 62.241.198.246
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Nykyinen kotisivu) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.08 12:32:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.02.16 21:18:33 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä\OTL.exe
[2011.02.16 21:16:49 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msconfig.exe
[2011.02.16 21:16:23 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconfig.exe
[2011.02.16 20:59:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Järjestelmänvalvoja\Recent
[2011.02.16 20:58:54 | 000,000,000 | ---D | C] -- C:\Program Files\Setup Files
[2011.02.16 20:44:22 | 000,359,016 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2011.02.16 20:44:21 | 000,129,640 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2011.02.16 20:44:21 | 000,055,912 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtkCoInstXP.dll
[2011.02.16 20:44:18 | 001,395,800 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\Monfilt.sys
[2011.02.16 20:44:15 | 001,691,480 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2011.02.16 20:39:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Foxit Software
[2011.02.16 20:35:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2011.02.16 20:33:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Catalyst Control Center
[2011.02.16 20:33:02 | 002,673,280 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\dllcache\ativvaxx.dll
[2011.02.16 20:33:02 | 002,673,280 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2011.02.16 20:33:02 | 000,847,872 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2cqag.dll
[2011.02.16 20:33:02 | 000,847,872 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2011.02.16 20:33:02 | 000,462,848 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\ATIDEMGX.dll
[2011.02.16 20:33:02 | 000,017,408 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atitvo32.dll
[2011.02.16 20:33:01 | 017,252,352 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atioglxx.dll
[2011.02.16 20:33:01 | 006,406,656 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2011.02.16 20:33:01 | 006,406,656 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2mtag.sys
[2011.02.16 20:33:01 | 004,029,824 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ati3duag.dll
[2011.02.16 20:33:01 | 004,029,824 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2011.02.16 20:33:01 | 001,112,576 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\ativvamv.dll
[2011.02.16 20:33:01 | 000,651,264 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atikvmag.dll
[2011.02.16 20:33:01 | 000,483,328 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiok3x2.dll
[2011.02.16 20:33:01 | 000,311,296 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atiiiexx.dll
[2011.02.16 20:33:01 | 000,302,080 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2dvag.dll
[2011.02.16 20:33:01 | 000,302,080 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2011.02.16 20:33:01 | 000,212,992 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2011.02.16 20:33:01 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2erec.dll
[2011.02.16 20:33:01 | 000,053,248 | ---- | C] ( ATI Technologies Inc.) -- C:\WINDOWS\System32\ATIDDC.DLL
[2011.02.16 20:33:01 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2011.02.16 20:33:01 | 000,026,112 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2011.02.16 20:33:01 | 000,024,064 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ativcoxx.dll
[2011.02.16 20:32:38 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011.02.16 20:29:58 | 000,000,000 | ---D | C] -- C:\ATI
[2011.02.16 20:18:01 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011.02.16 20:14:01 | 000,000,000 | ---D | C] -- C:\Program Files\Phyxion.net
[2011.02.16 20:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\oZone3D
[2011.02.16 19:23:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.02.16 19:23:34 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011.02.16 19:23:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011.02.16 19:23:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011.02.16 19:23:34 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011.02.16 18:11:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\COMODO
[2011.02.16 18:11:01 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011.02.16 18:10:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2011.02.16 18:04:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011.02.16 17:13:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Avira
[2011.02.16 17:10:29 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011.02.16 17:10:27 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011.02.16 17:10:27 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011.02.16 17:10:27 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011.02.16 17:10:27 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011.02.16 17:10:26 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.02.16 17:10:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011.02.16 16:54:19 | 001,580,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sfcfiles.dll
[2011.02.16 16:50:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot\Downloads
[2011.02.16 00:04:51 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011.02.15 23:56:51 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko\Ohjelmat\OpenOffice.org 3.3
[2011.02.15 23:52:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011.02.15 23:51:53 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011.02.15 23:50:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\iTunes
[2011.02.15 23:49:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.02.15 23:49:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.02.15 23:39:54 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2011.02.15 23:38:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\DivX Plus
[2011.02.15 23:37:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2011.02.15 23:32:15 | 000,143,360 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiapfxx.exe
[2011.02.15 23:18:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011.02.15 23:03:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2011.02.15 23:03:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2011.02.15 23:03:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2011.02.15 22:58:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Philips Digital Audio Player
[2011.02.15 22:58:39 | 000,016,384 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\AdfuUd.sys
[2011.02.15 22:58:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\InstallShield
[2011.02.15 19:54:36 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011.02.15 19:50:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011.02.15 19:50:50 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011.02.15 19:50:50 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011.02.15 19:50:50 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011.02.15 19:50:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.02.15 12:49:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.02.15 12:27:23 | 000,829,152 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\Drt2870.sys
[2011.02.15 12:27:23 | 000,238,944 | ---- | C] (Ralink Technology, Inc.) -- C:\WINDOWS\System32\RaCoInst.dll
[2011.02.15 00:27:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011.02.15 00:27:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\SUPERAntiSpyware.com
[2011.02.09 17:40:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011.02.09 17:38:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\WinZip
[2011.02.09 17:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011.02.09 17:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2011.02.09 17:36:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Google Chrome
[2011.02.09 17:35:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Järjestelmänvalvoja\Local Settings\Application Data\Temp
[2011.02.09 17:35:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google

========== Files - Modified Within 30 Days ==========

[2011.02.16 21:18:35 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä\OTL.exe
[2011.02.16 21:15:59 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msconfig.exe
[2011.02.16 21:15:59 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msconfig.exe
[2011.02.16 21:08:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.02.16 21:08:09 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011.02.16 21:07:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.02.16 20:00:11 | 000,676,224 | ---- | M] () -- C:\WINDOWS\System32\ogacheckcontrol.dll
[2011.02.16 19:45:57 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Microsoft\Internet Explorer\Quick Launch\Käynnistä Microsoft Outlook.lnk
[2011.02.16 19:23:14 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011.02.16 19:23:14 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011.02.16 19:23:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011.02.16 19:23:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011.02.16 19:23:14 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011.02.16 18:20:18 | 000,429,281 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.02.16 16:54:20 | 001,580,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sfcfiles.dll
[2011.02.16 00:17:23 | 001,037,536 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.02.16 00:05:22 | 000,042,166 | ---- | M] () -- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot\cc_20110216_000516.reg
[2011.02.15 23:59:20 | 000,000,661 | ---- | M] () -- C:\Documents and Settings\All Users\Työpöytä\Pidgin.lnk
[2011.02.15 23:51:16 | 000,481,450 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.02.15 23:51:16 | 000,455,946 | ---- | M] () -- C:\WINDOWS\System32\perfh00B.dat
[2011.02.15 23:51:16 | 000,095,378 | ---- | M] () -- C:\WINDOWS\System32\perfc00B.dat
[2011.02.15 23:51:16 | 000,079,524 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.02.15 23:50:06 | 000,001,549 | ---- | M] () -- C:\Documents and Settings\All Users\Työpöytä\iTunes.lnk
[2011.02.15 23:44:04 | 000,001,627 | ---- | M] () -- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011.02.15 23:44:04 | 000,001,609 | ---- | M] () -- C:\Documents and Settings\All Users\Työpöytä\Mozilla Firefox.lnk
[2011.02.15 23:40:01 | 000,431,672 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2011.02.15 23:37:08 | 000,000,689 | ---- | M] () -- C:\Documents and Settings\All Users\Työpöytä\CCleaner.lnk
[2011.02.15 20:22:43 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110216-182018.backup
[2011.02.15 19:54:42 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2011.02.14 15:41:26 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[2011.02.09 17:36:37 | 000,001,798 | ---- | M] () -- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011.01.27 01:34:30 | 006,406,656 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2011.01.27 01:34:30 | 006,406,656 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2mtag.sys
[2011.01.27 01:05:56 | 017,252,352 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atioglxx.dll
[2011.01.27 01:01:00 | 000,057,344 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticalrt.dll
[2011.01.27 01:00:54 | 000,053,248 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticalcl.dll
[2011.01.27 00:59:36 | 004,636,672 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticaldd.dll
[2011.01.27 00:52:46 | 000,462,848 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\ATIDEMGX.dll
[2011.01.27 00:51:42 | 000,302,080 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2dvag.dll
[2011.01.27 00:51:42 | 000,302,080 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2011.01.27 00:42:00 | 004,029,824 | ---- | M] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ati3duag.dll
[2011.01.27 00:42:00 | 004,029,824 | ---- | M] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2011.01.27 00:41:32 | 000,311,296 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atiiiexx.dll
[2011.01.27 00:35:04 | 001,112,576 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\ativvamv.dll
[2011.01.27 00:32:12 | 000,212,992 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2011.01.27 00:31:58 | 000,155,648 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll
[2011.01.27 00:31:50 | 000,026,112 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2011.01.27 00:31:42 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2011.01.27 00:31:28 | 000,188,416 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2evxx.dll
[2011.01.27 00:28:44 | 000,053,248 | ---- | M] ( ATI Technologies Inc.) -- C:\WINDOWS\System32\ATIDDC.DLL
[2011.01.27 00:27:54 | 000,145,280 | ---- | M] () -- C:\WINDOWS\System32\atiapfxx.blb
[2011.01.27 00:27:50 | 000,143,360 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiapfxx.exe
[2011.01.27 00:27:06 | 002,673,280 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\dllcache\ativvaxx.dll
[2011.01.27 00:27:06 | 002,673,280 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2011.01.27 00:26:44 | 000,578,048 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2011.01.27 00:26:36 | 000,887,724 | ---- | M] () -- C:\WINDOWS\System32\ativva6x.dat
[2011.01.27 00:26:36 | 000,000,003 | ---- | M] () -- C:\WINDOWS\System32\ativva5x.dat
[2011.01.27 00:23:50 | 000,651,264 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atikvmag.dll
[2011.01.27 00:21:32 | 000,196,608 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiadlxx.dll
[2011.01.27 00:21:30 | 000,483,328 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiok3x2.dll
[2011.01.27 00:21:08 | 000,017,408 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atitvo32.dll
[2011.01.27 00:15:12 | 000,847,872 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2cqag.dll
[2011.01.27 00:15:12 | 000,847,872 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2011.01.27 00:12:58 | 000,064,512 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\atimpc32.dll
[2011.01.27 00:12:58 | 000,064,512 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\amdpcom32.dll
[2011.01.27 00:12:24 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2erec.dll
[2011.01.26 00:42:00 | 000,030,707 | ---- | M] () -- C:\WINDOWS\atiogl.xml
[2011.01.21 16:44:12 | 008,466,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2011.01.21 16:44:12 | 000,439,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll
[2011.01.18 20:12:32 | 006,315,624 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys

========== Files Created - No Company Name ==========

[2011.02.16 20:33:02 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011.02.16 20:33:01 | 000,578,048 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.cap
[2011.02.16 20:33:01 | 000,227,587 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011.02.16 20:33:01 | 000,030,707 | ---- | C] () -- C:\WINDOWS\atiogl.xml
[2011.02.16 20:33:01 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011.02.16 00:05:21 | 000,042,166 | ---- | C] () -- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot\cc_20110216_000516.reg
[2011.02.15 23:59:20 | 000,000,661 | ---- | C] () -- C:\Documents and Settings\All Users\Työpöytä\Pidgin.lnk
[2011.02.15 23:50:06 | 000,001,549 | ---- | C] () -- C:\Documents and Settings\All Users\Työpöytä\iTunes.lnk
[2011.02.15 23:44:04 | 000,001,627 | ---- | C] () -- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011.02.15 23:44:04 | 000,001,609 | ---- | C] () -- C:\Documents and Settings\All Users\Työpöytä\Mozilla Firefox.lnk
[2011.02.15 23:37:08 | 000,000,689 | ---- | C] () -- C:\Documents and Settings\All Users\Työpöytä\CCleaner.lnk
[2011.02.15 23:32:15 | 000,145,280 | ---- | C] () -- C:\WINDOWS\System32\atiapfxx.blb
[2011.02.15 22:58:39 | 000,004,301 | ---- | C] () -- C:\WINDOWS\System32\drivers\AdfuUpdate.inf
[2011.02.15 19:54:41 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2011.02.15 19:54:38 | 000,260,352 | RHS- | C] () -- C:\cmldr
[2011.02.15 19:50:50 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.02.15 19:50:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011.02.15 19:50:50 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.02.15 19:50:50 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011.02.15 19:50:50 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.02.15 12:27:23 | 000,014,051 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011.02.09 17:36:37 | 000,001,798 | ---- | C] () -- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010.08.15 14:19:39 | 000,000,176 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009.11.30 17:16:13 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Järjestelmänvalvoja\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.03 14:07:42 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\ogacheckcontrol.dll
[2009.06.08 19:04:06 | 000,000,413 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.06.08 18:39:13 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009.06.08 18:32:16 | 000,431,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.06.08 18:23:00 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.06.08 18:23:00 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.06.08 16:26:32 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.06.08 16:03:09 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\Järjestelmänvalvoja\Local Settings\Application Data\fusioncache.dat
[2009.06.08 15:27:23 | 000,004,381 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.06.08 15:20:51 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008.02.01 07:18:14 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys

========== LOP Check ==========

[2009.06.08 20:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2009.08.26 19:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2011.02.15 23:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011.02.16 21:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ifolor
[2010.07.05 17:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2010.07.05 17:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microgaming
[2011.02.16 00:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011.02.09 17:38:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010.12.21 13:33:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011.02.16 00:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\.purple
[2009.06.08 20:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\ACD Systems
[2011.02.16 20:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Azureus
[2009.06.08 18:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\DAEMON Tools Lite
[2009.06.08 16:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Foxit
[2011.02.16 20:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Foxit Software
[2009.06.08 19:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\fretsonfire
[2010.07.05 19:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\gtk-2.0
[2009.08.10 09:53:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\ifolor
[2009.08.26 17:15:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\LimeWire
[2010.07.23 17:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Microgaming
[2009.06.08 18:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\OpenOffice.org
[2010.10.14 13:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\TypingMasterIntra
[2011.02.16 20:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\uTorrent
[2011.02.16 21:08:09 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

___---___

OTL Extras logfile created on: 16.2.2011 21:19:25 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040B | Country: Suomi | Language: FIN | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 75,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 42,01 Gb Free Space | 43,02% Space Free | Partition Type: NTFS
Drive D: | 51,39 Gb Total Space | 51,18 Gb Free Space | 99,59% Space Free | Partition Type: NTFS

Computer Name: JULMAJUU | User Name: Järjestelmänvalvoja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1078081533-688789844-682003330-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"5985:TCP" = 5985:TCP:*isabled:Windowsin etähallinta
"80:TCP" = 80:TCP:*isabled:Windowsin etähallinta – yhteensopivuustila (saapuva HTTP)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\B2BPOKER\Pokerihuone\jre\bin\javaw.exe" = C:\Program Files\B2BPOKER\Pokerihuone\jre\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08
"{0C5A665C-EB82-237B-4703-88CACDE22C0C}" = Catalyst Control Center Graphics Previews Common
"{13A74C4A-1AA2-1BAC-99C0-876663ACB9CE}" = ccc-utility
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Liven lataustyökalu
"{2186E240-93C1-4D00-AAB2-E46A4D3DCE64}" = Windows Liven valokuvavalikoima
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = oZone3D.Net FurMark v1.8.2
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2D95950E-6D76-43E7-94A5-D9DBA2FD29E4}" = ACDSee Pro 2.5
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32DC3E9F-76CC-4867-83F1-4D039B247F91}" = Windows Live Writer
"{350C940b-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C1007F9-8AC4-4053-ACCA-A162D62888CE}" = Windows Liven sähköposti
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4538A1AF-6894-4F10-ABDA-6CB9E6ACF8B6}" = Microsoft .NET Framework 1.1 Finnish Language Pack
"{4898E382-6F35-4191-B3A4-F0AF384BE214}" = GoGear SA011 Device Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5CC0050F-83DB-4240-ABCC-1CBE935A9234}" = GoGear SA011 Device Manager
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{6707309D-7FBC-43C9-926F-A66C69054768}" = OpenOffice.org 3.3
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{751F4FE0-F69B-455F-A4F9-2BCD109CE7FB}" = Windows Live -perheturva
"{76B55683-1A17-CB8B-B1C4-A0A3F3C2D2D5}" = Catalyst Control Center InstallProxy
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{780262B9-4578-3727-97D3-62DE7B9F5F82}" = Microsoft .NET Framework 4 Client Profile FIN Language Pack
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ACF42DD-C998-ED3C-1446-93AFA65E823D}" = ATI Catalyst Install Manager
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{9028040B-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional ja FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{998152E5-B605-4BBB-9853-E749AEE02B21}" = Windows Liven kirjautumisavustaja
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B5C9072-939F-4249-A7E4-A197BA3A5746}" = Windows Live Sync
"{A0C2B76C-DD0E-FC4F-A5D4-C9F7970FB1CD}" = ccc-core-static
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5E9A73E-8FC0-387D-9CCE-8BAA6B042872}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FIN
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4C0345-2E31-4D99-B4E6-7351975E06F6}" = Windows Liven asennustyökalu
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA82F3D7-40E0-CB34-B682-ACC63E7E73B6}" = CCC Help English
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE31246F-EE1E-4CDA-B06B-661B4F0B7F1D}" = netanttila.com/download
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{E11274EB-B35F-4A35-BC5B-98823FFE7519}" = Windows Live Messenger
"{E369A040-E812-37B3-A5B9-311E5579FAC3}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fin
"{EDBD7706-300C-43BE-9DDC-3B1C2DF4244C}" = Windows Live Toolbar
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC97690A-90AD-3A67-BE73-50886A93CFF5}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FIN
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"{FEA3BE8A-67DB-4834-A2A8-D25A9D7F426D}" = Windows Live Call
"8461-7759-5462-8226" = Vuze
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B3653D937631B8E5281810AC4F31D44CA33FBFAA" = Windowsin ohjainpaketti - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Betsson" = Betsson (remove only)
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"FBL Gameplay Demo_is1" = FBL Gameplay Demo build 100126.2882)
"FBL Training session demo_is1" = FBL Training session demo (build 100126.2882)
"ffdshow_is1" = ffdshow [rev 2986] [2009-06-07]
"filehippo.com" = FileHippo.com Update Checker
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"Google Chrome" = Google Chrome
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (vain poisto)
"Hattrick Coach Professional" = Hattrick Coach Professional 2.9.80
"Hattrick Control_is1" = Hattrick Control 2.30
"Hattrick Forever_is1" = Hattrick Forever 4.4.0.88
"HattrickManager" = Hattrick Manager
"Hattrick's Helping Hand_is1" = Hattrick's Helping Hand v1.7.9
"ie8" = Windows Internet Explorer 8
"ifolor-OrderClient" = ifolor Tilausohjelma 3.7
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - fin" = Microsoft .NET Framework 3.5 SP1:n kielitukipaketti - FI
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FIN Language Pack" = Microsoft .NET Framework 4 Client Profilen suomen kielipaketti
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"OpenAL" = OpenAL
"Pidgin" = Pidgin
"PowerISO" = PowerISO
"QuicktimeAlt_is1" = QuickTime Alternative 2.9.0
"RealAlt_is1" = Real Alternative 1.9.0
"SpywareBlaster_is1" = SpywareBlaster 4.4
"unibetpoker (Poker)" = Unibet
"uTorrent" = µTorrent
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Liven asennustyökalu
"WinRAR archiver" = WinRAR archiver
"VLC media player" = VLC media player 0.9.9
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1078081533-688789844-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15.2.2011 11:15:50 | Computer Name = JULMAJUU | Source = crypt32 | ID = 131080
Description = Kolmannen osapuolen pääluettelojärjestyksen noutamista kohteesta <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ei voi päivittää automaattisesti. Virhe: The connection with the server was terminated
abnormally

Error - 15.2.2011 11:15:50 | Computer Name = JULMAJUU | Source = crypt32 | ID = 131080
Description = Kolmannen osapuolen pääluettelojärjestyksen noutamista kohteesta <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ei voi päivittää automaattisesti. Virhe: Verkkoyhteyttä ei ole.

Error - 15.2.2011 11:55:01 | Computer Name = JULMAJUU | Source = Application Hang | ID = 1002
Description = Lukkiutunut sovellus HijackThis.exe, versio 2.0.0.4, lukkiutumismoduuli
hungapp, versio 0.0.0.0, lukkiutumisosoite 0x00000000.

Error - 15.2.2011 13:16:56 | Computer Name = JULMAJUU | Source = crypt32 | ID = 131080
Description = Kolmannen osapuolen pääluettelojärjestyksen noutamista kohteesta <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ei voi päivittää automaattisesti. Virhe: The connection with the server was terminated
abnormally

Error - 15.2.2011 13:16:56 | Computer Name = JULMAJUU | Source = crypt32 | ID = 131080
Description = Kolmannen osapuolen pääluettelojärjestyksen noutamista kohteesta <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ei voi päivittää automaattisesti. Virhe: Verkkoyhteyttä ei ole.

Error - 15.2.2011 13:16:58 | Computer Name = JULMAJUU | Source = crypt32 | ID = 131080
Description = Kolmannen osapuolen pääluettelojärjestyksen noutamista kohteesta <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ei voi päivittää automaattisesti. Virhe: The connection with the server was terminated
abnormally

Error - 15.2.2011 13:16:58 | Computer Name = JULMAJUU | Source = crypt32 | ID = 131080
Description = Kolmannen osapuolen pääluettelojärjestyksen noutamista kohteesta <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ei voi päivittää automaattisesti. Virhe: Verkkoyhteyttä ei ole.

Error - 15.2.2011 13:55:56 | Computer Name = JULMAJUU | Source = crypt32 | ID = 131080
Description = Kolmannen osapuolen pääluettelojärjestyksen noutamista kohteesta <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ei voi päivittää automaattisesti. Virhe: The server name or address could not be
resolved

Error - 15.2.2011 13:59:18 | Computer Name = JULMAJUU | Source = crypt32 | ID = 131080
Description = Kolmannen osapuolen pääluettelojärjestyksen noutamista kohteesta <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ei voi päivittää automaattisesti. Virhe: The server name or address could not be
resolved

Error - 15.2.2011 15:14:00 | Computer Name = JULMAJUU | Source = PerfNet | ID = 2004
Description = Palvelinpalvelua ei voi avata. Palvelimen resurssitietoja ei palauteta.
Palautettu virhekoodi on ensimmäisessä DWORD-tavussa.

[ System Events ]
Error - 16.2.2011 14:47:21 | Computer Name = JULMAJUU | Source = Service Control Manager | ID = 7000
Description = Palvelua helpsvc ei voi käynnistää. Virhekoodi on %%2

Error - 16.2.2011 14:47:21 | Computer Name = JULMAJUU | Source = Service Control Manager | ID = 7000
Description = Palvelua wscsvc ei voi käynnistää. Virhekoodi on %%1083

Error - 16.2.2011 14:47:21 | Computer Name = JULMAJUU | Source = Service Control Manager | ID = 7026
Description = Seuraava käynnistys- tai järjestelmäkäynnistysohjain ei latautunut:
SASDIFSV SASKUTIL

Error - 16.2.2011 14:49:09 | Computer Name = JULMAJUU | Source = Windows Update Agent | ID = 20
Description = Asennus epäonnistui: Windows ei voinut asentaa seuraavaa päivitystä
ja palautti virheen 0x80070643: Microsoft .NET Framework 3.0: x86-kielipaketti
(KB928416).

Error - 16.2.2011 15:04:30 | Computer Name = JULMAJUU | Source = Service Control Manager | ID = 7000
Description = Palvelua helpsvc ei voi käynnistää. Virhekoodi on %%2

Error - 16.2.2011 15:04:30 | Computer Name = JULMAJUU | Source = Service Control Manager | ID = 7000
Description = Palvelua wscsvc ei voi käynnistää. Virhekoodi on %%1083

Error - 16.2.2011 15:04:30 | Computer Name = JULMAJUU | Source = Service Control Manager | ID = 7026
Description = Seuraava käynnistys- tai järjestelmäkäynnistysohjain ei latautunut:
SASDIFSV SASKUTIL

Error - 16.2.2011 15:09:18 | Computer Name = JULMAJUU | Source = Service Control Manager | ID = 7000
Description = Palvelua helpsvc ei voi käynnistää. Virhekoodi on %%2

Error - 16.2.2011 15:09:18 | Computer Name = JULMAJUU | Source = Service Control Manager | ID = 7000
Description = Palvelua wscsvc ei voi käynnistää. Virhekoodi on %%1083

Error - 16.2.2011 15:09:18 | Computer Name = JULMAJUU | Source = Service Control Manager | ID = 7026
Description = Seuraava käynnistys- tai järjestelmäkäynnistysohjain ei latautunut:
SASDIFSV SASKUTIL


< End of report >

 

.
Missä mennään ???

 

Mennään siinä että jos sulla on PayPal tili niin voin lähettää pinen kiitoksen kaikesta vaivasta!

Kiitos!

Nyt toivotaan että se pysyy puhtaana

Make

 

.
Kiitokset riittää hyvin !!!

Tämä vapaaehtoisuus on parasta voi itse
valita meneekö nukkumaan vai ei HI

************************************************************************

Kirjoita windowsin käynnistävalikon suorita-kenttään Combofix /uninstall paina OK

********************************************************

Lopuksi poistamme kaikki käytetyt työkalut roskineen.

* TuplaklikkaaOTL.exe.
* Klikkaa CleanUp!.
* Valitse Yes kun kysytään "Begin cleanup Process?".
* Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.
* OTL.exe poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.

***********************************************************

Tässä pieni ohje, kuinka pienennetään koneen saastumisriskiä
Laatinut www.virustorjunta.net

-> Tyhjennä järjestelmänpalautus -> Ohjeet Windows ME - XP
Ohjeet Windows Vista
Tyhjennä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä.

-> Käytä CCleaneria -> CCleaner
Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti. Ohjelman saa suomenkieliseksi.

-> Käytä Malwarebytes' Anti-Malwarea -> Malwarebytes' Anti-Malware
Lataa ja asenna Malwarebytes' Anti-Malware. Päivitä se ja skannaa konettasi sillä säännöllisesti. Ohjelman saa suomenkieliseksi.

-> Asenna SpywareBlaster -> SpywareBlaster
SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia!
Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas

-> Asenna MVPS Hosts tiedosto -> MVPS Hosts
Estää koneesi yhteyden haitallisiin sivustoihin. Ei kuluta muistia!
Opas saatavilla suomeksi! Nimimerkki Axelin opas

-> Vaihda selaimesi Firefoxiin -> Firefox
Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer.

-> Pidä järjestelmäsi ajantasalla. -> Windows Update
Vieraile Windows Updatessa säännöllisesti. Tai laita päivitys automaattiseksi.

-> Pidä palomuuri ja virustorjunta ajantasalla
Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi.

-> Nopeuta tietokonettasi -> Nopeuta tietokonetta -opas
Tietokoneen hidastuminen voi johtua monesta asiasta, mutta yleisesti Keskusmuistin määrästä, Automaattisesti käynnistyvien ohjelmien määrästä, liiallisesta suojauksesta, ylimääräisten tiedostojen poistamattomuudesta taikka levyn pirtoutuneisuudesta. Nekon ohjeista löytyvät helpot ohjeet koneesi kuntoutukseen.

Pysy puhtaana

 

Joo homma hanskassa
Nyt vaan tuli muuta ongelmaa mutta se onkin tähän ketjuun vähän offtopic

KIITOS!