Netti sekoilee ja NT Kernel & System.

pietila · 30.06.2008

Netti on alkanut toimiin hitaasti selaimella, muuten toimii.
Esim. Mese ja torentti pelittää.
Mutta joillekki sivuille jos koittaa mennä ei saa ladattua tai lataa puoleksi. Valittaa että palvelin vastaa liian hitaasti pyyntöihin.

Toinen mikä on on System NT Kernel & System joka välillä vie melkeen kaiken suorittimen tehoista, joilloin kaikki muu pätkii, musiikit yms

Että näkyiskö logista mitää, mitä ei pitäs olla.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:01:23, on 30.6.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files (x86)\ATITool\ATITool.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: RocketDock.lnk = C:\Program Files (x86)\RocketDock\RocketDock.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: ATITool.lnk = C:\Program Files (x86)\ATITool\ATITool.exe
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgwlx64 - C:\Windows\
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - Unknown owner - E:\VMware Worsktation\vmware-ufad.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware DHCP Service (VMnetDHCP) - Unknown owner - C:\Windows\system32\vmnetdhcp.exe (file missing)
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9705 bytes

AfterDawn

kalminen · 30.06.2008

*************************************
Toimenpiteet Vistassa suoritetaan Järjestelmänvalvojana
(tarkista älä oleta)
-------------------------
Käynnistä vikasietotilaan:
Käynnistä tietokone ja painele sitten F8-näppäintä.
Valitse Käynnistyksen lisäasetukset tai Safe mode -näytössä Vikasietotila
ja paina sitten ENTER-näppäintä.
----------------------------
Mene > Ohjauspaneliin > Kansion asetukset > Näytä

Poista tiedosto:
C:\Program Files (x86)\Java\jre1.6.0_03\bin\jucheck.exe
Tarkkana tiedoston nimessä.
********************

Kun käynnistät HijackThis =(HJT) ohjelman tee se hiiren oikealla napilla
ja valitset Suorita Järjestelmänvalvojana
Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis (HJT):ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O13 - Gopher Prefix:
O20 - Winlogon Notify: avgwlx64 - C:\Windows\

----------------------------------
Lataa Malwarebytes' Anti-Malware työpöydällesi.

* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
* Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt

* Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.
.

pietila · 01.07.2008

Noni, nelisen tuntia tuosa melkeen meni ja kyllähä se jotaki löys.

HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:28:14, on 1.7.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ATITool\ATITool.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: RocketDock.lnk = C:\Program Files (x86)\RocketDock\RocketDock.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: ATITool.lnk = C:\Program Files (x86)\ATITool\ATITool.exe
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - Unknown owner - E:\VMware Worsktation\vmware-ufad.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware DHCP Service (VMnetDHCP) - Unknown owner - C:\Windows\system32\vmnetdhcp.exe (file missing)
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8273 bytes

Malwarebytes' Anti-Malware 1.19
Database version: 910
Windows 6.0.6001 Service Pack 1

18:25:42 1.7.2008
mbam-log-7-1-2008 (18-25-42).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|S:\|T:\|V:\|W:\|X:\|Y:\|Z:\|)
Objects scanned: 420569
Time elapsed: 3 hour(s), 48 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
F:\Mp3\Musa4\Xilisoft.3GP.Video.Converter.v2.1.15.1201.WinALL.Incl.Keymaker-CORE\CORE10k.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{51D51C3C-7D98-450A-B9A2-17A356E75842}\RP783\A0486464.exe (Spyware.Delf) -> Quarantined and deleted successfully.
H:\HD\HD Leffat\Cyberlink.PowerDVD.Ultra.Deluxe.v7.3.3516.Multilingual.Keymaker.Only-CORE\cr-aaay5\CORE10k.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
H:\Testi paskaa\BS.Player.Pro.v2.22.952.Multilingual.Incl.Keymaker-CORE\cr-aaab0\CORE10k.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
H:\Testi paskaa\BS.Player.Pro.v2.24.954.Multilingual.Incl.Keymaker-CORE\cr-aaakb\CORE10k.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
H:\Testi paskaa\Cyberlink.PowerDVD.Ultra.Deluxe.v7.3.3304.Multilingual.Incl.Keymaker-CORE\cr-aaakp\CORE10k.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
Y:\Softa\softaa\softaa\Photoshop 8\Adobe Photoshop 8.0 CS - keygen.exe (Spyware.Delf) -> Quarantined and deleted successfully.

kalminen · 01.07.2008

Laita varmuudeksi Windowsin palomuuri päälle Ohjauspanelin => tietoturvakeskuksesta.

Asenna AVG uudelleen.

Ohjelmat ja toiminnot valikosta poista nuo toistaiseksi.
RocketDock
YahooWidgets

Javan päivitys ja välimuistin tyhjennys:

1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
(Windows Vista: Käynnistä -> [kirjoita hakukenttään] Ohjelmat ja toiminnot ja Enter)

2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä:
3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..

http://java.sun.com/javase/downloads/index.jsp

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6 Update 6

Paina Download

Laita Platform -kohtaan Windows

Ruksaa I agree to the Java SE Runtime Environment 6 License Agreement ja paina Continue

Paina Windows Offline Installationin alapuolella jre-6u4-windows-i586-p.exe

Tallenna tiedosto vaikka työpöydälle ja asenna se.

5. Käynnistä kone uudelleen asennuksen jälkeen.

6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).

7. General-välilehdellä klikkaa Settings. Vedä liukusäädintä (Disk Space) pienemmälle.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Klikkaa Delete Files -nappia. Varmista että kaikki kaksi valintaa ovat rastitettuja:

* Applications and Applets

* Trace and Log Files

Ja paina OK -nappia
Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA.

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.

10. Välilehti Update: ota ruksi pois kohdasta Check for Updates automatically

Valitse Never check

11. Klikkaa Apply ja OK jättääksesi Java asetusikkunasi.

--------------------------------------------------------------

Lataa Deckard's System Scanner Työpöydällesi.

Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman.

* Sulje kaikki avoimet ikkunat ja ohjelmat.
* Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita.
* Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt
* Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V )
* kopioi ja liitä Extra.txt & Main.txt sisältö seuraavaan vastaukseesi.
.

pietila · 01.07.2008

Vähäsen vaikuttaisin jo, että ei tee enää, mutta pitää vielä enempi testailla. Kiitoksia, että joku jaksaa vaivautua. =)

Tässä

Main.txt

Deckard's System Scanner v20071014.68
Run by Bietro on 2008-07-01 20:51:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 2 Restore Point(s) --
2: 2008-07-01 17:43:51 UTC - RP221 - Installed Java(TM) 6 Update 6
1: 2008-07-01 17:41:59 UTC - RP220 - Removed Java(TM) SE Runtime Environment 6 Update 6

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Bietro.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:53:05, on 1.7.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ATITool\ATITool.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Users\Bietro\Downloads\dss.exe
C:\Windows\SysWOW64\conime.exe
C:\PROGRA~2\TRENDM~1\HIJACK~1\Bietro.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: RocketDock.lnk = C:\Program Files (x86)\RocketDock\RocketDock.exe
O4 - Global Startup: ATITool.lnk = C:\Program Files (x86)\ATITool\ATITool.exe
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - Unknown owner - E:\VMware Worsktation\vmware-ufad.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware DHCP Service (VMnetDHCP) - Unknown owner - C:\Windows\system32\vmnetdhcp.exe (file missing)
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8032 bytes

-- HijackThis Fixed Entries (C:\PROGRA~2\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080701-140932-133 O20 - Winlogon Notify: avgwlx64 - C:\Windows\
backup-20080701-140932-175 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
backup-20080701-140932-265 O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
backup-20080701-140932-361 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe"
backup-20080701-140932-464 O13 - Gopher Prefix:
backup-20080701-140932-937 O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
backup-20080701-140932-966 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080701-140932-998 O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 ACPI (Microsoft ACPI Driver) - c:\windows\system32\drivers\acpi.sys (file missing)
R0 atapi (IDE Channel) - c:\windows\system32\drivers\atapi.sys (file missing)
R0 CLFS (Common Log (CLFS)) - c:\windows\system32\clfs.sys (file missing)
R0 crcdisk (Crcdisk Filter Driver) - c:\windows\system32\drivers\crcdisk.sys (file missing)
R0 disk (Disk Driver) - c:\windows\system32\drivers\disk.sys (file missing)
R0 Ecache (ReadyBoost Caching Driver) - c:\windows\system32\drivers\ecache.sys (file missing)
R0 FileInfo (File Information FS MiniFilter) - c:\windows\system32\drivers\fileinfo.sys (file missing)
R0 FltMgr - c:\windows\system32\drivers\fltmgr.sys (file missing)
R0 fvevol (BitLocker Drive Encryption Filter Driver) - c:\windows\system32\drivers\fvevol.sys (file missing)
R0 KSecDD - c:\windows\system32\drivers\ksecdd.sys (file missing)
R0 MountMgr (Mount Point Manager) - c:\windows\system32\drivers\mountmgr.sys (file missing)
R0 msisadrv (ISA/EISA Class Driver) - c:\windows\system32\drivers\msisadrv.sys (file missing)
R0 Mup - c:\windows\system32\drivers\mup.sys (file missing)
R0 NDIS (NDIS System Driver) - c:\windows\system32\drivers\ndis.sys (file missing)
R0 partmgr (Partition Manager) - c:\windows\system32\drivers\partmgr.sys (file missing)
R0 pci (PCI Bus Driver) - c:\windows\system32\drivers\pci.sys (file missing)
R0 pciide - c:\windows\system32\drivers\pciide.sys (file missing)
R0 spldr (Security Processor Loader Driver) - c:\windows\system32\drivers\spldr.sys (file missing)
R0 Tcpip (TCP/IP Protocol Driver) - c:\windows\system32\drivers\tcpip.sys (file missing)
R0 Wdf01000 (Kernel Mode Driver Frameworks service) - c:\windows\system32\drivers\wdf01000.sys (file missing)
R0 volmgr (Volume Manager Driver) - c:\windows\system32\drivers\volmgr.sys (file missing)
R0 volmgrx (Dynamic Volume Manager) - c:\windows\system32\drivers\volmgrx.sys (file missing)
R0 volsnap (Storage volumes) - c:\windows\system32\drivers\volsnap.sys (file missing)
R1 AFD (Ancilliary Function Driver for Winsock) - c:\windows\system32\drivers\afd.sys (file missing)
R1 AvgLdx64 (AVG AVI Loader Driver x64) - c:\windows\system32\drivers\avgldx64.sys (file missing)
R1 AvgMfx64 (AVG On-access Scanner Minifilter Driver x64) - c:\windows\system32\drivers\avgmfx64.sys (file missing)
R1 cdrom (CD-ROM Driver) - c:\windows\system32\drivers\cdrom.sys (file missing)
R1 CSC (Offline Files Driver) - c:\windows\system32\drivers\csc.sys (file missing)
R1 DfsC (DFS Namespace Client Driver) - c:\windows\system32\drivers\dfsc.sys (file missing)
R1 i8042prt (i8042 Keyboard and PS/2 Mouse Port Driver) - c:\windows\system32\drivers\i8042prt.sys (file missing)
R1 kbdclass (Keyboard Class Driver) - c:\windows\system32\drivers\kbdclass.sys (file missing)
R1 kbdhid (Keyboard HID Driver) - c:\windows\system32\drivers\kbdhid.sys (file missing)
R1 mouclass (Mouse Class Driver) - c:\windows\system32\drivers\mouclass.sys (file missing)
R1 Msfs - c:\windows\system32\drivers\msfs.sys (file missing)
R1 NetBIOS (NetBIOS Interface) - c:\windows\system32\drivers\netbios.sys (file missing)
R1 netbt - c:\windows\system32\drivers\netbt.sys (file missing)
R1 Npfs - c:\windows\system32\drivers\npfs.sys (file missing)
R1 nsiproxy (NSI proxy service) - c:\windows\system32\drivers\nsiproxy.sys (file missing)
R1 Null - c:\windows\system32\drivers\null.sys (file missing)
R1 PSched (QoS Packet Scheduler) - c:\windows\system32\drivers\pacer.sys (file missing)
R1 RasAcd (Remote Access Auto Connection Driver) - c:\windows\system32\drivers\rasacd.sys (file missing)
R1 rdbss (Redirected Buffering Sub Sysytem) - c:\windows\system32\drivers\rdbss.sys (file missing)
R1 RDPCDD - c:\windows\system32\drivers\rdpcdd.sys (file missing)
R1 RDPENCDD (RDP Encoder Mirror Driver) - c:\windows\system32\drivers\rdpencdd.sys (file missing)
R1 Serial (Serial port driver) - c:\windows\system32\drivers\serial.sys (file missing)
R1 Smb (Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)) - c:\windows\system32\drivers\smb.sys (file missing)
R1 tdx (NetIO Legacy TDI Support Driver) - c:\windows\system32\drivers\tdx.sys (file missing)
R1 TermDD (Terminal Device Driver) - c:\windows\system32\drivers\termdd.sys (file missing)
R1 Wanarpv6 (Remote Access IPv6 ARP Driver) - c:\windows\system32\drivers\wanarp.sys (file missing)
R1 VgaSave - c:\windows\system32\drivers\vga.sys (file missing)
R2 lltdio (Link-Layer Topology Discovery Mapper I/O Driver) - c:\windows\system32\drivers\lltdio.sys (file missing)
R2 luafv (UAC File Virtualization) - c:\windows\system32\drivers\luafv.sys (file missing)
R2 PEAUTH - c:\windows\system32\drivers\peauth.sys (file missing)
R2 RMCAST (RMCAST (Pgm) Protocol Driver) - c:\windows\system32\drivers\rmcast.sys (file missing)
R2 rspndr (Link-Layer Topology Discovery Responder) - c:\windows\system32\drivers\rspndr.sys (file missing)
R2 secdrv (Security Driver) - c:\windows\system32\drivers\secdrv.sys (file missing)
R2 tcpipreg (TCP/IP Registry Compatibility) - c:\windows\system32\drivers\tcpipreg.sys (file missing)
R2 VMnetBridge (VMware Bridge Protocol) - c:\windows\system32\drivers\vmnetbridge.sys (file missing)
R2 VMnetuserif (VMware Network Application Interface) - c:\windows\system32\drivers\vmnetuserif.sys (file missing)
R3 AtcL001 (NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller) - c:\windows\system32\drivers\l160x64.sys (file missing)
R3 atikmdag - c:\windows\system32\drivers\atikmdag.sys (file missing)
R3 ATITool (ATITool Overclocking Utility) - c:\windows\system32\drivers\atitool64.sys (file missing)
R3 AvgWfpA (AVG8 Firewall Driver x64) - c:\windows\system32\drivers\avgwfpa.sys (file missing)
R3 bowser - c:\windows\system32\drivers\bowser.sys (file missing)
R3 DXGKrnl (LDDM Graphics Subsystem) - c:\windows\system32\drivers\dxgkrnl.sys (file missing)
R3 fdc (Floppy Disk Controller Driver) - c:\windows\system32\drivers\fdc.sys (file missing)
R3 flpydisk (Floppy Disk Driver) - c:\windows\system32\drivers\flpydisk.sys (file missing)
R3 HdAudAddService (Microsoft 1.1 UAA Function Driver for High Definition Audio Service) - c:\windows\system32\drivers\hdaudio.sys (file missing)
R3 HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - c:\windows\system32\drivers\hdaudbus.sys (file missing)
R3 HidUsb (Microsoft HID Class Driver) - c:\windows\system32\drivers\hidusb.sys (file missing)
R3 HTTP - c:\windows\system32\drivers\http.sys (file missing)
R3 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)
R3 iScsiPrt (iScsiPort Driver) - c:\windows\system32\drivers\msiscsi.sys (file missing)
R3 ksthunk (Kernel Streaming Thunks) - c:\windows\system32\drivers\ksthunk.sys (file missing)
R3 monitor (Microsoft Monitor Class Function Driver Service) - c:\windows\system32\drivers\monitor.sys (file missing)
R3 mouhid (Mouse HID Driver) - c:\windows\system32\drivers\mouhid.sys (file missing)
R3 mpsdrv (Windows Firewall Authorization Driver) - c:\windows\system32\drivers\mpsdrv.sys (file missing)
R3 MRxDAV (WebDav Client Redirector Driver) - c:\windows\system32\drivers\mrxdav.sys (file missing)
R3 mrxsmb (SMB MiniRedirector Wrapper and Engine) - c:\windows\system32\drivers\mrxsmb.sys (file missing)
R3 mrxsmb10 (SMB 1.x MiniRedirector) - c:\windows\system32\drivers\mrxsmb10.sys (file missing)
R3 mrxsmb20 (SMB 2.0 MiniRedirector) - c:\windows\system32\drivers\mrxsmb20.sys (file missing)
R3 MSPQM (Microsoft Streaming Quality Manager Proxy) - c:\windows\system32\drivers\mspqm.sys (file missing)
R3 mssmbios (Microsoft System Management BIOS Driver) - c:\windows\system32\drivers\mssmbios.sys (file missing)
R3 MTsensor (ATK0110 ACPI UTILITY) - c:\windows\system32\drivers\asacpi.sys (file missing)
R3 NdisTapi (Remote Access NDIS TAPI Driver) - c:\windows\system32\drivers\ndistapi.sys (file missing)
R3 NdisWan (Remote Access NDIS WAN Driver) - c:\windows\system32\drivers\ndiswan.sys (file missing)
R3 NDProxy (NDIS Proxy) - c:\windows\system32\drivers\ndproxy.sys (file missing)
R3 Ntfs - c:\windows\system32\drivers\ntfs.sys (file missing)
R3 ohci1394 (VIA OHCI Compliant IEEE 1394 Host Controller) - c:\windows\system32\drivers\ohci1394.sys (file missing)
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys (file missing)
R3 PptpMiniport (WAN Miniport (PPTP)) - c:\windows\system32\drivers\raspptp.sys (file missing)
R3 Rasl2tp (WAN Miniport (L2TP)) - c:\windows\system32\drivers\rasl2tp.sys (file missing)
R3 RasPppoe (Remote Access PPPOE Driver) - c:\windows\system32\drivers\raspppoe.sys (file missing)
R3 RasSstp (WAN Miniport (SSTP)) - c:\windows\system32\drivers\rassstp.sys (file missing)
R3 rdpdr (Terminal Server Device Redirector Driver) - c:\windows\system32\drivers\rdpdr.sys (file missing)
R3 RTL8023x64 (Realtek 10/100 NIC Family NDIS x64 Driver) - c:\windows\system32\drivers\rtnic64.sys (file missing)
R3 Serenum (Serenum Filter Driver) - c:\windows\system32\drivers\serenum.sys (file missing)
R3 srv - c:\windows\system32\drivers\srv.sys (file missing)
R3 srv2 - c:\windows\system32\drivers\srv2.sys (file missing)
R3 srvnet - c:\windows\system32\drivers\srvnet.sys (file missing)
R3 swenum (Software Bus Driver) - c:\windows\system32\drivers\swenum.sys (file missing)
R3 ttBudget2_NTAMD64 (TechnoTrend BDA/DVB (BDA)) - c:\windows\system32\drivers\ttbudget2_amd64.sys (file missing)
R3 tunmp (Microsoft Tun Miniport Adapter Driver) - c:\windows\system32\drivers\tunmp.sys (file missing)
R3 tunnel (Microsoft IPv6 Tunnel Miniport Adapter Driver) - c:\windows\system32\drivers\tunnel.sys (file missing)
R3 umbus (UMBus Enumerator Driver) - c:\windows\system32\drivers\umbus.sys (file missing)
R3 usbccgp (Microsoft USB Generic Parent Driver) - c:\windows\system32\drivers\usbccgp.sys (file missing)
R3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - c:\windows\system32\drivers\usbehci.sys (file missing)
R3 usbhub (Microsoft USB Standard Hub Driver) - c:\windows\system32\drivers\usbhub.sys (file missing)
R3 USBSTOR (USB Mass Storage Driver) - c:\windows\system32\drivers\usbstor.sys (file missing)
R3 usbuhci (Microsoft USB Universal Host Controller Miniport Driver) - c:\windows\system32\drivers\usbuhci.sys (file missing)
R3 vmkbd (VMware kbd) - c:\windows\system32\drivers\vmkbd.sys (file missing)
R3 WUDFRd - c:\windows\system32\drivers\wudfrd.sys (file missing)
R4 cdfs (CD/DVD File System Reader) - c:\windows\system32\drivers\cdfs.sys (file missing)

S3 agp440 (Intel AGP Bus Filter) - c:\windows\system32\drivers\agp440.sys (file missing)
S3 AsyncMac (RAS Asynchronous Media Driver) - c:\windows\system32\drivers\asyncmac.sys (file missing)
S3 BrFiltLo (Brother USB Mass-Storage Lower Filter Driver) - c:\windows\system32\drivers\brfiltlo.sys (file missing)
S3 BrFiltUp (Brother USB Mass-Storage Upper Filter Driver) - c:\windows\system32\drivers\brfiltup.sys (file missing)
S3 Bridge (MAC Bridge) - c:\windows\system32\drivers\bridge.sys (file missing)
S3 BridgeMP (MAC Bridge Miniport) - c:\windows\system32\drivers\bridge.sys (file missing)
S3 BrUsbSer (Brother MFC USB Serial WDM Driver) - c:\windows\system32\drivers\brusbser.sys (file missing)
S3 drmkaud (Microsoft Kernel DRM Audio Descrambler) - c:\windows\system32\drivers\drmkaud.sys (file missing)
S3 e1express (Intel(R) PRO/1000 PCI Express Network Connection Driver) - c:\windows\system32\drivers\e1e6032e.sys (file missing)
S3 E1G60 (Intel(R) PRO/1000 NDIS 6 Adapter Driver) - c:\windows\system32\drivers\e1g6032e.sys (file missing)
S3 ENTECH64 - \??\c:\windows\system32\drivers\entech64.sys
S3 exfat (exFAT File System Driver) - c:\windows\system32\drivers\exfat.sys (file missing)
S3 fastfat (FAT12/16/32 File System Driver) - c:\windows\system32\drivers\fastfat.sys (file missing)
S3 Filetrace - c:\windows\system32\drivers\filetrace.sys (file missing)
S3 gagp30kx (Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms) - c:\windows\system32\drivers\gagp30kx.sys (file missing)
S3 IpFilterDriver (IP Traffic Filter Driver) - c:\windows\system32\drivers\ipfltdrv.sys (file missing)
S3 IPNAT (IP Network Address Translator) - c:\windows\system32\drivers\ipnat.sys (file missing)
S3 IRENUM (IR Bus Enumerator) - c:\windows\system32\drivers\irenum.sys (file missing)
S3 Modem - c:\windows\system32\drivers\modem.sys (file missing)
S3 MSKSSRV (Microsoft Streaming Service Proxy) - c:\windows\system32\drivers\mskssrv.sys (file missing)
S3 MSPCLOCK (Microsoft Streaming Clock Proxy) - c:\windows\system32\drivers\mspclock.sys (file missing)
S3 MsRPC - c:\windows\system32\drivers\msrpc.sys (file missing)
S3 MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - c:\windows\system32\drivers\mstee.sys (file missing)
S3 NativeWifiP (NativeWiFi Filter) - c:\windows\system32\drivers\nwifi.sys (file missing)
S3 Ndisuio (NDIS Usermode I/O Protocol) - c:\windows\system32\drivers\ndisuio.sys (file missing)
S3 nmwcdcx64 (Nokia USB Generic) - c:\windows\system32\drivers\ccdcmbox64.sys (file missing)
S3 nmwcdx64 (Nokia USB Phone Parent) - c:\windows\system32\drivers\ccdcmbx64.sys (file missing)
S3 nv_agp (NVIDIA nForce AGP Bus Filter) - c:\windows\system32\drivers\nv_agp.sys (file missing)
S3 pccsmcfd (PCCS Mode Change Filter Driver) - c:\windows\system32\drivers\pccsmcfdx64.sys (file missing)
S3 QWAVEdrv (QWAVE driver) - c:\windows\system32\drivers\qwavedrv.sys (file missing)
S3 RDPWD (RDP Winstation Driver) - c:\windows\system32\drivers\rdpwd.sys (file missing)
S3 sffp_mmc (SFF Storage Protocol Driver for MMC) - c:\windows\system32\drivers\sffp_mmc.sys (file missing)
S3 sffp_sd (SFF Storage Protocol Driver for SDBus) - c:\windows\system32\drivers\sffp_sd.sys (file missing)
S3 Tcpip6 (Microsoft IPv6 Protocol Driver) - c:\windows\system32\drivers\tcpip.sys (file missing)
S3 TDPIPE - c:\windows\system32\drivers\tdpipe.sys (file missing)
S3 TDTCP - c:\windows\system32\drivers\tdtcp.sys (file missing)
S3 tssecsrv (Terminal Services Security Filter Driver) - c:\windows\system32\drivers\tssecsrv.sys (file missing)
S3 uagp35 (Microsoft AGPv3.5 Filter) - c:\windows\system32\drivers\uagp35.sys (file missing)
S3 uliagpkx (Uli AGP Bus Filter) - c:\windows\system32\drivers\uliagpkx.sys (file missing)
S3 upperdev - c:\windows\system32\drivers\usbser_lowerfltx64.sys (file missing)
S3 usbser (Nokia USB Serial Port) - c:\windows\system32\drivers\usbser.sys (file missing)
S3 UsbserFilt - c:\windows\system32\drivers\usbser_lowerfltx64j.sys (file missing)
S3 Wanarp (Remote Access IP ARP Driver) - c:\windows\system32\drivers\wanarp.sys (file missing)
S3 vga - c:\windows\system32\drivers\vgapnp.sys (file missing)
S3 VMnetAdapter (VMware Virtual Ethernet Adapter Driver) - c:\windows\system32\drivers\vmnetadapter.sys (file missing)
S4 adp94xx - c:\windows\system32\drivers\adp94xx.sys (file missing)
S4 adpahci - c:\windows\system32\drivers\adpahci.sys (file missing)
S4 adpu160m - c:\windows\system32\drivers\adpu160m.sys (file missing)
S4 adpu320 - c:\windows\system32\drivers\adpu320.sys (file missing)
S4 aic78xx - c:\windows\system32\drivers\djsvs.sys (file missing)
S4 aliide - c:\windows\system32\drivers\aliide.sys (file missing)
S4 amdide - c:\windows\system32\drivers\amdide.sys (file missing)
S4 AmdK8 (AMD K8 Processor Driver) - c:\windows\system32\drivers\amdk8.sys (file missing)
S4 arc - c:\windows\system32\drivers\arc.sys (file missing)
S4 arcsas - c:\windows\system32\drivers\arcsas.sys (file missing)
S4 Brserid (Brother MFC Serial Port Interface Driver (WDM)) - c:\windows\system32\drivers\brserid.sys (file missing)
S4 BrSerWdm (Brother WDM Serial driver) - c:\windows\system32\drivers\brserwdm.sys (file missing)
S4 BrUsbMdm (Brother MFC USB Fax Only Modem) - c:\windows\system32\drivers\brusbmdm.sys (file missing)
S4 BTHMODEM (Bluetooth Serial Communications Driver) - c:\windows\system32\drivers\bthmodem.sys (file missing)
S4 circlass (Consumer IR Devices) - c:\windows\system32\drivers\circlass.sys (file missing)
S4 cmdide - c:\windows\system32\drivers\cmdide.sys (file missing)
S4 Compbatt (Microsoft Composite Battery Driver) - c:\windows\system32\drivers\compbatt.sys (file missing)
S4 elxstor - c:\windows\system32\drivers\elxstor.sys (file missing)
S4 HidBth (Microsoft Bluetooth HID Miniport) - c:\windows\system32\drivers\hidbth.sys (file missing)
S4 HidIr (Microsoft Infrared HID Driver) - c:\windows\system32\drivers\hidir.sys (file missing)
S4 HpCISSs - c:\windows\system32\drivers\hpcisss.sys (file missing)
S4 i2omp - c:\windows\system32\drivers\i2omp.sys (file missing)
S4 iaStorV (Intel RAID Controller Vista) - c:\windows\system32\drivers\iastorv.sys (file missing)
S4 iirsp - c:\windows\system32\drivers\iirsp.sys (file missing)
S4 intelide - c:\windows\system32\drivers\intelide.sys (file missing)
S4 IPMIDRV - c:\windows\system32\drivers\ipmidrv.sys (file missing)
S4 isapnp (PnP ISA/EISA Bus Driver) - c:\windows\system32\drivers\isapnp.sys (file missing)
S4 iteatapi (ITEATAPI_Service_Install) - c:\windows\system32\drivers\iteatapi.sys (file missing)
S4 iteraid (ITERAID_Service_Install) - c:\windows\system32\drivers\iteraid.sys (file missing)
S4 LSI_FC - c:\windows\system32\drivers\lsi_fc.sys (file missing)
S4 LSI_SAS - c:\windows\system32\drivers\lsi_sas.sys (file missing)
S4 LSI_SCSI - c:\windows\system32\drivers\lsi_scsi.sys (file missing)
S4 megasas - c:\windows\system32\drivers\megasas.sys (file missing)
S4 mpio (Microsoft Multi-Path Bus Driver) - c:\windows\system32\drivers\mpio.sys (file missing)
S4 Mraid35x - c:\windows\system32\drivers\mraid35x.sys (file missing)
S4 msahci - c:\windows\system32\drivers\msahci.sys (file missing)
S4 msdsm (Microsoft Multi-Path Device Specific Module) - c:\windows\system32\drivers\msdsm.sys (file missing)
S4 nfrd960 - c:\windows\system32\drivers\nfrd960.sys (file missing)
S4 nvraid - c:\windows\system32\drivers\nvraid.sys (file missing)
S4 nvstor - c:\windows\system32\drivers\nvstor.sys (file missing)
S4 Parport (Parallel port driver) - c:\windows\system32\drivers\parport.sys (file missing)
S4 pcmcia - c:\windows\system32\drivers\pcmcia.sys (file missing)
S4 Processor (Processor Driver) - c:\windows\system32\drivers\processr.sys (file missing)
S4 ql2300 (QLogic Fibre Channel Miniport Driver) - c:\windows\system32\drivers\ql2300.sys (file missing)
S4 ql40xx (QLogic iSCSI Miniport Driver) - c:\windows\system32\drivers\ql40xx.sys (file missing)
S4 sbp2port (SBP-2 Transport/Protocol Bus Driver) - c:\windows\system32\drivers\sbp2port.sys (file missing)
S4 sermouse (Serial Mouse Driver) - c:\windows\system32\drivers\sermouse.sys (file missing)
S4 sffdisk (SFF Storage Class Driver) - c:\windows\system32\drivers\sffdisk.sys (file missing)
S4 sfloppy (High-Capacity Floppy Disk Drive) - c:\windows\system32\drivers\sfloppy.sys (file missing)
S4 SiSRaid2 - c:\windows\system32\drivers\sisraid2.sys (file missing)
S4 SiSRaid4 - c:\windows\system32\drivers\sisraid4.sys (file missing)
S4 Sym_hi - c:\windows\system32\drivers\sym_hi.sys (file missing)
S4 Sym_u3 - c:\windows\system32\drivers\sym_u3.sys (file missing)
S4 Symc8xx - c:\windows\system32\drivers\symc8xx.sys (file missing)
S4 udfs - c:\windows\system32\drivers\udfs.sys (file missing)
S4 uliahci - c:\windows\system32\drivers\uliahci.sys (file missing)
S4 UlSata - c:\windows\system32\drivers\ulsata.sys (file missing)
S4 ulsata2 - c:\windows\system32\drivers\ulsata2.sys (file missing)
S4 usbcir (eHome Infrared Receiver (USBCIR)) - c:\windows\system32\drivers\usbcir.sys (file missing)
S4 usbohci (Microsoft USB Open Host Controller Miniport Driver) - c:\windows\system32\drivers\usbohci.sys (file missing)
S4 usbprint (Microsoft USB PRINTER Class) - c:\windows\system32\drivers\usbprint.sys (file missing)
S4 WacomPen (Wacom Serial Pen HID Driver) - c:\windows\system32\drivers\wacompen.sys (file missing)
S4 Wd (Microsoft Watchdog Timer Driver) - c:\windows\system32\drivers\wd.sys (file missing)
S4 viaide - c:\windows\system32\drivers\viaide.sys (file missing)
S4 WmiAcpi (Microsoft Windows Management Interface for ACPI) - c:\windows\system32\drivers\wmiacpi.sys (file missing)
S4 ws2ifsl (Winsock IFS driver) - c:\windows\system32\drivers\ws2ifsl.sys (file missing)
S4 vsmraid - c:\windows\system32\drivers\vsmraid.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Ati External Event Utility - c:\windows\system32\ati2evxx.exe (file missing)
R2 Nero BackItUp Scheduler 3 - c:\program files (x86)\nero\nero8\nero backitup\nbservice.exe
R2 SamSs (Security Accounts Manager) - c:\windows\system32\lsass.exe (file missing)
R2 SBSDWSCService (SBSD Security Center Service) - c:\program files (x86)\spybot - search & destroy\sdwinsec.exe
R2 slsvc (Software Licensing) - c:\windows\system32\slsvc.exe (file missing)
R2 Spooler (Print Spooler) - c:\windows\system32\spoolsv.exe (file missing)
R2 StarWindServiceAE (StarWind AE Service) - c:\program files (x86)\alcohol soft\alcohol 120\starwind\starwindserviceae.exe
R3 VSS (Volume Shadow Copy) - c:\windows\system32\vssvc.exe (file missing)

S2 VMnetDHCP (VMware DHCP Service) - c:\windows\system32\vmnetdhcp.exe (file missing)
S3 ALG (Application Layer Gateway Service) - c:\windows\system32\alg.exe (file missing)
S3 DFSR (DFS Replication) - c:\windows\system32\dfsr.exe (file missing)
S3 Fax - c:\windows\system32\fxssvc.exe (file missing)
S3 KeyIso (CNG Key Isolation) - c:\windows\system32\lsass.exe (file missing)
S3 MSDTC (Distributed Transaction Coordinator) - c:\windows\system32\msdtc.exe (file missing)
S3 Netlogon - c:\windows\system32\lsass.exe (file missing)
S3 ProtectedStorage (Protected Storage) - c:\windows\system32\lsass.exe (file missing)
S3 RpcLocator (Remote Procedure Call (RPC) Locator) - c:\windows\system32\locator.exe (file missing)
S3 ServiceLayer - "c:\program files (x86)\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
S3 SNMPTRAP (SNMP Trap) - c:\windows\system32\snmptrap.exe (file missing)
S3 Steam Client Service - c:\program files (x86)\common files\steam\steamservice.exe /runasservice
S3 ufad-ws60 (VMware Agent Service) - "e:\vmware worsktation\vmware-ufad.exe" -d "e:\vmware worsktation\\" -s ufad-p2v.xml (file missing)
S3 UI0Detect (Interactive Services Detection) - c:\windows\system32\ui0detect.exe (file missing)
S3 wbengine (Block Level Backup Engine Service) - "c:\windows\system32\wbengine.exe" (file missing)
S3 vds (Virtual Disk) - c:\windows\system32\vds.exe (file missing)
S3 wmiApSrv (WMI Performance Adapter) - c:\windows\system32\wbem\wmiapsrv.exe (file missing)

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standardi PS/2-näppäimistö
Device ID: ACPI\PNP0303\4&20D7719E&0
Manufacturer: (Standardinäppäimistöt)
Name: Standardi PS/2-näppäimistö
PNP Device ID: ACPI\PNP0303\4&20D7719E&0
Service: i8042prt

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: MAC Bridge Miniport
Device ID: ROOT\MS_BRIDGEMP\0000
Manufacturer: Microsoft
Name: MAC Bridge Miniport
PNP Device ID: ROOT\MS_BRIDGEMP\0000
Service: BridgeMP

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet1
Device ID: ROOT\VMWARE\0000
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet1
PNP Device ID: ROOT\VMWARE\0000
Service: VMnetAdapter

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet8
Device ID: ROOT\VMWARE\0001
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet8
PNP Device ID: ROOT\VMWARE\0001
Service: VMnetAdapter

-- Files created between 2008-06-01 and 2008-07-01 -----------------------------

2008-07-01 20:44:02 0 d-------- C:\Program Files (x86)\Common Files\Java
2008-07-01 20:21:32 0 d-------- C:\Program Files (x86)\AVG
2008-07-01 14:15:45 0 d-------- C:\Users\All Users\Malwarebytes
2008-07-01 14:15:44 0 d-------- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2008-06-30 20:32:02 0 d-------- C:\Users\Bietro\Tracing
2008-06-30 17:59:14 0 d-------- C:\Program Files (x86)\VMware
2008-06-30 17:59:14 0 d-------- C:\Program Files (x86)\Common Files\VMware
2008-06-25 20:27:28 0 d--h----- C:\$AVG8.VAULT$
2008-06-25 19:59:13 0 d-------- C:\Users\All Users\avg8
2008-06-22 23:49:28 356352 --a------ C:\Windows\eSellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine>
2008-06-22 23:43:42 0 d-------- C:\Program Files (x86)\QO Labs
2008-06-22 22:02:33 0 d-------- C:\Program Files (x86)\URUSoft
2008-06-22 16:16:02 0 d-------- C:\Users\All Users\ATI
2008-06-22 16:13:37 0 d-------- C:\Program Files (x86)\ATI Technologies
2008-06-19 16:43:37 0 d-------- C:\temp
2008-06-11 17:08:35 60273 --a------ C:\Windows\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; >
2008-06-11 17:08:35 7680 --a------ C:\Windows\system32\ff_vfw.dll
2008-06-11 17:08:35 0 d-------- C:\Program Files (x86)\ffdshow
2008-06-03 18:06:29 0 d-------- C:\Program Files (x86)\CyberLink

-- Find3M Report ---------------------------------------------------------------

2008-07-01 20:45:14 0 d-------- C:\Program Files (x86)\Java
2008-07-01 20:44:02 0 d-------- C:\Program Files (x86)\Common Files
2008-07-01 20:24:38 0 d-------- C:\Program Files (x86)\Yahoo!
2008-07-01 20:24:14 0 d-------- C:\Program Files (x86)\RocketDock
2008-07-01 14:15:47 0 d-------- C:\Users\Bietro\AppData\Roaming\Malwarebytes
2008-06-30 20:49:24 0 d-------- C:\Program Files (x86)\Windows Live
2008-06-30 20:25:48 0 d-------- C:\Program Files (x86)\Messenger Plus! Live
2008-06-30 19:11:55 0 d-------- C:\Program Files (x86)\Mozilla Firefox 3 Beta 4
2008-06-30 19:11:44 0 d-------- C:\Program Files (x86)\Mozilla Firefox 3 Beta 3
2008-06-30 15:36:43 0 d-------- C:\Users\Bietro\AppData\Roaming\uTorrent
2008-06-29 20:57:24 0 d-------- C:\Program Files (x86)\Winamp
2008-06-29 20:49:19 0 d-------- C:\Users\Bietro\AppData\Roaming\Winamp
2008-06-29 20:43:07 0 d-------- C:\Users\Bietro\AppData\Roaming\mIRC
2008-06-29 20:43:05 0 d-------- C:\Program Files (x86)\Apple Software Update
2008-06-27 17:40:46 0 d-------- C:\Program Files (x86)\mIRC
2008-06-25 20:27:28 0 d-------- C:\Program Files (x86)\DAEMON Tools Lite
2008-06-24 17:38:45 0 d-------- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2008-06-14 04:01:05 0 d-------- C:\Program Files (x86)\Common Files\Steam
2008-06-11 15:24:19 0 d-------- C:\Program Files (x86)\Webteh
2008-06-11 03:07:20 0 d-------- C:\Program Files (x86)\Windows Mail
2008-06-03 17:56:01 0 d--h----- C:\Program Files (x86)\InstallShield Installation Information
2008-05-30 23:43:34 0 d-------- C:\Users\Bietro\AppData\Roaming\InterVideo
2008-05-30 23:41:37 0 d-------- C:\Program Files (x86)\InterVideo Information Service
2008-05-30 23:41:37 0 d-------- C:\Program Files (x86)\Common Files\Ulead
2008-05-30 23:32:53 0 d-------- C:\Program Files (x86)\InterVideo
2008-05-30 23:32:53 0 d-------- C:\Program Files (x86)\Common Files\InterVideo
2008-05-30 23:31:58 0 d-------- C:\Program Files (x86)\Common Files\InstallShield
2008-05-30 23:17:25 0 d-------- C:\Users\Bietro\AppData\Roaming\CyberLink
2008-05-29 16:18:10 0 d-------- C:\Program Files (x86)\Microsoft Silverlight
2008-05-28 23:21:18 0 d-------- C:\Users\Bietro\AppData\Roaming\BSplayer PRO
2008-05-26 18:12:06 0 d-------- C:\Users\Bietro\AppData\Roaming\VMware
2008-05-25 15:39:52 0 d-------- C:\Program Files (x86)\Stardock
2008-05-25 15:39:52 0 d-------- C:\Program Files (x86)\Common Files\Stardock
2008-05-25 00:28:31 0 d-------- C:\Users\Bietro\AppData\Roaming\Vso
2008-05-22 19:09:34 0 d-------- C:\Users\Bietro\AppData\Roaming\GTek
2008-05-14 19:35:21 0 d-------- C:\Program Files (x86)\DC++
2008-05-14 19:31:41 0 d-------- C:\Program Files (x86)\RevConnect
2008-05-14 19:25:47 0 d-------- C:\Program Files (x86)\No-IP
2008-05-13 18:41:07 0 d-------- C:\Program Files (x86)\Ajokorttikoulu
2008-05-06 22:10:14 0 d-------- C:\Program Files (x86)\Trend Micro
2008-05-06 22:06:36 0 d-------- C:\Program Files (x86)\MessengerDiscovery
2008-05-06 22:06:35 0 d-------- C:\Program Files (x86)\MSN Messenger
2008-05-06 22:06:14 0 d-------- C:\Program Files (x86)\Fake Webcam
2008-05-05 14:25:52 0 d-------- C:\Program Files (x86)\QuickTime
2008-04-05 18:21:57 34 --a------ C:\Users\Bietro\AppData\Roaming\pcouffin.log
2008-04-05 18:21:16 7859 --a------ C:\Users\Bietro\AppData\Roaming\pcouffin.cat

-- Registry Dump ---------------------------------------------------------------

-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8300 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-07-01 20:54:29 ------------

pietila · 01.07.2008

Extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Ultimate (build 6001) SP 1.0
Architecture: X64; Language: English

CPU 0: Intel(R) Core(TM)2 CPU 4400 @ 2.00GHz
Percentage of Memory in Use: 23%
Physical Memory (total/avail): 6142.18 MiB / 4692.16 MiB
Pagefile Memory (total/avail): 12397.39 MiB / 10924.7 MiB
Virtual Memory (total/avail): 4095.88 MiB / 3937.97 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 43.95 GiB total, 9.87 GiB free.
D: is Fixed (NTFS) - 465.76 GiB total, 1.61 GiB free.
E: is Fixed (NTFS) - 29.29 GiB total, 3.59 GiB free.
F: is Fixed (NTFS) - 149.04 GiB total, 3.86 GiB free.
G: is Fixed (NTFS) - 4.88 GiB total, 0.38 GiB free.
H: is Fixed (NTFS) - 377.86 GiB total, 0.31 GiB free.
I: is Fixed (NTFS) - 9.77 GiB total, 2.24 GiB free.
J: is CDROM (CDFS)
K: is CDROM (CDFS)
M: is Removable (No Media)
N: is Removable (No Media)
O: is CDROM (No Media)
P: is CDROM (CDFS)
Q: is Removable (No Media)
R: is Removable (No Media)
S: is Network (NTFS)
T: is Network (NTFS)
V: is Network (NTFS)
W: is Network (NTFS)
X: is Network (NTFS)
Y: is Network (NTFS)
Z: is Network (NTFS)

\\.\PHYSICALDRIVE1 - SAMSUNG HD501LJ ATA Device - 465.76 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 465.76 GiB - D:

\\.\PHYSICALDRIVE2 - SAMSUNG HD501LJ ATA Device - 465.76 GiB - 5 partitions
\PARTITION0 - Installable File System - 29.29 GiB - E:
\PARTITION1 - Installable File System - 9.77 GiB - I:
\PARTITION2 - Extended w/Extended Int 13 - 426.69 GiB - C: - G: - H:

\\.\PHYSICALDRIVE0 - ST3160023A ATA Device - 149.05 GiB - 1 partition
\PARTITION0 - Installable File System - 149.04 GiB - F:

\\.\PHYSICALDRIVE3 - OTi CF CARD Reader USB Device

\\.\PHYSICALDRIVE6 - OTi MS CARD Reader USB Device

\\.\PHYSICALDRIVE5 - OTi SD CARD Reader USB Device

\\.\PHYSICALDRIVE4 - OTi SM CARD Reader USB Device

-- Security Center -------------------------------------------------------------

Windows Internal Firewall is enabled.

AV: AVG Anti-Virus v8.0 (AVG Technologies)
AS: AVG Anti-Virus v8.0 (AVG Technologies) Disabled
AS: Spybot - Search and Destroy v1.0.0.5 (Safer Networking Ltd.) Disabled Outdated
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Bietro\AppData\Roaming
CLASSPATH=.;C:\Program Files (x86)\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files (x86)\Common Files
CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
CommonProgramW6432=C:\Program Files\Common Files
COMPUTERNAME=BIETRO-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Bietro
LOCALAPPDATA=C:\Users\Bietro\AppData\Local
LOGONSERVER=\\BIETRO-PC
MOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Users\Bietro\AppData\Roaming\Mozilla\Firefox\Crash Reports
MOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files (x86)\Mozilla Firefox\firefox.exe
MOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files (x86)\Mozilla Firefox\crashreporter-override.ini
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files (x86)\Mozilla Firefox;C:\Program Files (x86)\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\AVG\AVG8
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_ARCHITEW6432=AMD64
PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f02
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files (x86)
ProgramFiles(x86)=C:\Program Files (x86)
ProgramW6432=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files (x86)\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Bietro\AppData\Local\Temp
TMP=C:\Users\Bietro\AppData\Local\Temp
USERDOMAIN=Bietro-PC
USERNAME=Bietro
USERPROFILE=C:\Users\Bietro
windir=C:\Windows

-- User Profiles ---------------------------------------------------------------

Bietro (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files (x86)\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe" REMOVEALL --u:{F37167DD-4436-4641-90B6-329D60632DDA}
--> C:\Program Files (x86)\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
--> MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-040B-0000-0000000FF1CE} /uninstall {E2697EE8-D953-4482-8A30-D6A4D07DE5FB}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-040B-0000-0000000FF1CE} /uninstall {E2697EE8-D953-4482-8A30-D6A4D07DE5FB}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-040B-0000-0000000FF1CE} /uninstall {E2697EE8-D953-4482-8A30-D6A4D07DE5FB}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-040B-0000-0000000FF1CE} /uninstall {E2697EE8-D953-4482-8A30-D6A4D07DE5FB}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-040B-0000-0000000FF1CE} /uninstall {E2697EE8-D953-4482-8A30-D6A4D07DE5FB}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-040B-0000-0000000FF1CE} /uninstall {E2697EE8-D953-4482-8A30-D6A4D07DE5FB}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040B-0000-0000000FF1CE} /uninstall {F14C929B-E0E6-4EB5-8BFD-FC71AAC7D39C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-041D-0000-0000000FF1CE} /uninstall {A8626CEF-CB0A-4BC2-8F51-210A43B6158D}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {00C5525B-3CB3-467D-8100-2E6FB306CD86}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-002A-040B-1000-0000000FF1CE} /uninstall {E8865B68-C2A1-4B9D-BBA7-782E8FC2E52F}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-040B-0000-0000000FF1CE} /uninstall {E2697EE8-D953-4482-8A30-D6A4D07DE5FB}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-040B-0000-0000000FF1CE} /uninstall {E8865B68-C2A1-4B9D-BBA7-782E8FC2E52F}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-040B-0000-0000000FF1CE} /uninstall {E2697EE8-D953-4482-8A30-D6A4D07DE5FB}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-040B-0000-0000000FF1CE} /uninstall {E2697EE8-D953-4482-8A30-D6A4D07DE5FB}
3DMark Vantage --> C:\Program Files (x86)\InstallShield Installation Information\{C40C3C3D-97CF-44B5-836C-766E374464B3}\setup.exe -runfromtemp -l0x0009 -removeonly
3DMark06 --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}\setup.exe" -l0x9 -removeonly
Adobe Flash Player ActiveX --> C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 - Suomi --> MsiExec.exe /I{AC76BA86-7AD7-1035-7B44-A81200000003}
AGEIA PhysX v7.09.13 --> MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
Ajokorttikoulu --> C:\Program Files (x86)\Ajokorttikoulu\Uninstall.exe
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ASUSUpdate --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\Setup.exe" -l0x9
ATITool Overclocking Utility --> "C:\Program Files (x86)\ATITool\Uninstall.exe"
µTorrent --> "C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL
Attansic Ethernet Utility --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{1F698102-5739-441E-96F0-74F4EA540F06}\setup.exe" -l0x9 -removeonly
Attansic L1 Gigabit Ethernet Driver --> rundll32.exe C:\Windows\SysWOW64\Attansic\L1\atcInst.dll,VisUninst C:\Windows\SysWOW64\Attansic\L1 x64 pci\ven_1969&dev_1048
AudioBurst FX Engine --> C:\Program Files (x86)\QO Labs\AudioBurst\uninstall.exe
AVG 8.0 --> C:\Program Files (x86)\AVG\AVG8\setup.exe /UNINSTALL
BS.Player PRO --> "C:\Program Files (x86)\Webteh\BSplayerPro\uninstall.exe"
BSPlayer --> "C:\Program Files (x86)\Webteh\BSplayernormi\uninstall.exe"
Call of Duty(R) 4 - Modern Warfare(TM) --> C:\Program Files (x86)\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
CCleaner (remove only) --> "C:\Program Files (x86)\CCleaner\uninst.exe"
ConvertXtoDVD 2.2.3.258h --> "C:\Program Files (x86)\VSO\ConvertXtoDVD\unins000.exe"
Counter-Strike: Source --> "H:\Steam\steam.exe" steam://uninstall/240
DC++ 0.705 --> "C:\Program Files (x86)\DC++\uninstall.exe"
Dev-C++ 5 beta 9 release (4.9.9.2) --> "C:\Dev-Cpp\uninstall.exe"
DFX 8 for Winamp --> "C:\Program Files (x86)\Winamp\uninstall_dfx.exe"
DVBViewer Pro versio 3.6.1.2 --> "C:\Program Files (x86)\TESTIDVBViewer\unins000.exe"
EVEREST Ultimate Edition v4.20 --> "C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\unins000.exe"
ffdshow [rev 1993] [2008-06-09] --> "C:\Program Files (x86)\ffdshow\unins000.exe"
Futuremark SystemInfo --> C:\Program Files (x86)\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe -runfromtemp -l0x0009 -removeonly
GorbTrack 0.4 --> MsiExec.exe /I{F868B421-3F6C-466D-818C-48F49204866A}
Haali Media Splitter --> "C:\Program Files (x86)\Haali\MatroskaSplitter\uninstall.exe"
HD Tune 2.55 --> "C:\Program Files (x86)\HD Tune\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe" /uninstall
InterVideo WinDVD 8 --> C:\Program Files (x86)\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x040b
IsoBuster 2.3 --> "C:\Program Files (x86)\Smart Projects\IsoBuster\Uninst\unins000.exe"
Java(TM) 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
MagicDisc 2.6.93 --> C:\PROGRA~2\MAGICD~1\UNWISE.EXE C:\PROGRA~2\MAGICD~1\INSTALL.LOG
Malwarebytes' Anti-Malware --> "C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live --> "C:\Program Files (x86)\Messenger Plus! Live\Uninstall.exe"
Microsoft Office Access MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-0015-040B-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-0016-040B-0000-0000000FF1CE}
Microsoft Office Groove MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-00BA-040B-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-0044-040B-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-00A1-040B-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-001A-040B-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-0018-040B-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (Finnish) 2007 --> MsiExec.exe /X{90120000-001F-040B-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Swedish) 2007 --> MsiExec.exe /X{90120000-001F-041D-0000-0000000FF1CE}
Microsoft Office Proofing (Finnish) 2007 --> MsiExec.exe /X{90120000-002C-040B-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-0019-040B-0000-0000000FF1CE}
Microsoft Office Shared MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-006E-040B-0000-0000000FF1CE}
Microsoft Office Word MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-001B-040B-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft WorldWide Telescope --> MsiExec.exe /I{A5C16084-032F-4A6D-B19A-2E700421F9FB}
mIRC --> C:\Program Files (x86)\mIRC\uninstall.exe _?=C:\Program Files (x86)\mIRC
Mozilla Firefox (3.0) --> C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSN Messenger --> C:\Program Files (x86)\MSN Messenger\uninstall.exe
MSVC80_x86 --> MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Nero 8 --> MsiExec.exe /X{5FCCD531-1B38-4A94-924C-127F722F1035}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
No-IP.com DUC (remove only) --> "C:\Program Files (x86)\No-IP\DUC20.exe" -uninstall
Nokia Connectivity Cable Driver --> MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1}
Nokia PC Suite --> C:\ProgramData\Installations\{0FC76B71-2534-4354-B255-3468578E3F47}\Nokia_PC_Suite_rel_6_86_9_0_fin_web.exe
Nokia PC Suite --> MsiExec.exe /I{0FC76B71-2534-4354-B255-3468578E3F47}
ObjectDock --> C:\PROGRA~2\Stardock\OBJECT~1\UNWISE.EXE C:\PROGRA~2\Stardock\OBJECT~1\INSTALL.LOG
PC Connectivity Solution --> MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
PowerDVD Ultra --> "C:\Program Files (x86)\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -l0x000409 /z-uninstall
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RevConnect --> "C:\Program Files (x86)\RevConnect\uninstall.exe"
RivaTuner v2.08 --> "C:\Program Files (x86)\RivaTuner v2.08\uninstall.exe"
San Andreas Mod Installer --> "C:\Windows\San Andreas Mod Installer\uninstall.exe" "/U:H:\Pelit\Gta\GTA San Andreas\Uninstall\uninstall.xml"
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SimCity™ Societies --> MsiExec.exe /X{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}
Spybot - Search & Destroy --> "C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe"
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
StuffPlug 3 --> C:\Program Files (x86)\StuffPlug3\Uninstall.exe
Subtitle Workshop 2.51 --> "C:\Program Files (x86)\URUSoft\Subtitle Workshop\uninstall.exe"
UltraVNC 1.0.4 RC8 --> "C:\Program Files (x86)\UltraVNC\unins000.exe"
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VideoLAN VLC media player 0.8.6e --> C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Winamp --> "C:\Program Files (x86)\Winamp\UninstWA.exe"
Windows Live installer --> MsiExec.exe /X{5C29C5F5-A9C9-4E89-A606-13E165E7C55F}
Windows Live Messenger --> MsiExec.exe /X{A9174A72-1B46-445B-B3CF-90ED2C63D83B}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver --> C:\Program Files (x86)\WinRAR\uninstall.exe
Visual C++ 8.0 Runtime Setup Package (x64) --> MsiExec.exe /I{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}
VMware Workstation --> MsiExec.exe /I{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}
Yahoo! Install Manager --> C:\Windows\system32\regsvr32 /u C:\PROGRA~2\Yahoo!\Common\YINSTH~1.DLL

-- Application Event Log -------------------------------------------------------

Event Record #/Type21682 / Success
Event Submitted/Written: 07/01/2008 08:48:20 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type21676 / Success
Event Submitted/Written: 07/01/2008 08:47:44 PM
Event ID/Source: 5617 / WinMgmt
Event Description:

Event Record #/Type21675 / Success
Event Submitted/Written: 07/01/2008 08:47:43 PM
Event ID/Source: 5615 / WinMgmt
Event Description:

Event Record #/Type21671 / Success
Event Submitted/Written: 07/01/2008 08:47:01 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
Ohjelmistojen käyttöoikeuspalvelu käynnistyi.

Event Record #/Type21660 / Warning
Event Submitted/Written: 07/01/2008 08:45:35 PM
Event ID/Source: 1530 / profsvc
Event Description:
Windows havaitsi, että rekisteritiedostosi on yhä toisten sovellusten tai palvelujen käytössä. Tiedosto poistetaan nyt. Rekisteritietoasi käyttävät sovellukset tai palvelut eivät ehkä toimi oikein tämän jälkeen.

TIEDOT -
1 user registry handles leaked from \Registry\User\S-1-5-21-1126564061-1714491539-2309438651-1000_Classes:
Process 904 (\Device\HarddiskVolume5\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1126564061-1714491539-2309438651-1000_CLASSES

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type54292 / Warning
Event Submitted/Written: 07/01/2008 08:53:23 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%%8271.1.1600.0{83D128F8-E0AA-4E99-B46B-19BAED098B70}Bietro-PCBietroS-1-5-21-1126564061-1714491539-2309438651-1000Unknown%%832driver:xpdt0%%807

Event Record #/Type54291 / Warning
Event Submitted/Written: 07/01/2008 08:53:23 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%%8271.1.1600.0{947A0230-1811-4A5C-BE57-1AD359D0ADD6}Bietro-PCBietroS-1-5-21-1126564061-1714491539-2309438651-1000Unknown%%832service:xpdt0%%807

Event Record #/Type54290 / Warning
Event Submitted/Written: 07/01/2008 08:53:23 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%%8271.1.1600.0{EE1C353B-153C-4254-BCD1-7411DEEF8310}Bietro-PCBietroS-1-5-21-1126564061-1714491539-2309438651-1000Unknown%%832driver:huy320%%807

Event Record #/Type54289 / Warning
Event Submitted/Written: 07/01/2008 08:53:21 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%%8271.1.1600.0{45370183-514E-4686-BEAB-1EDC9924022D}Bietro-PCBietroS-1-5-21-1126564061-1714491539-2309438651-1000Unknown%%832servicee3860%%807

Event Record #/Type54288 / Warning
Event Submitted/Written: 07/01/2008 08:53:21 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%%8271.1.1600.0{9B2CFF05-F9F5-4049-98E5-6F7600F041CF}Bietro-PCBietroS-1-5-21-1126564061-1714491539-2309438651-1000Unknown%%832service:huy320%%807

-- End of Deckard's System Scanner: finished at 2008-07-01 20:54:29 ------------

kalminen · 02.07.2008

Olisko mahdillista että sulla olis koneella 32 ja 64 bittisen Vistan
ohjelmia asennettuna samaan käyttikseen ???? (kunpiko vista sulla on ???)
Koneen kokoonpano on minunmielestä mystinen.

-----------------------------------------------------

* Siirrä Dss.exe työpöydällesi, jossei se ole jo valmiiksi sielä.
* Mene Käynnistä --> Suorita, kirjoita riville:"%userprofile%\Työpöytä\dss.exe" /daft (jos on englanninkielinen windows, niin korvaa Työpöytä = Desktop)
* Merkkaa nämä seuraavat boxit:
.scr
.reg
* Klikkaa Fix.

* Skannaa nyt uudestaan Deckard's system scannerilla, kuten ohjeen alussa teimme.
* Tallenna saamasi lokitiedosto työpöydälle.
* Jos kaikki on kunnossa, pitäisi tulla "all associations ok message".
* Lähetä avautuvan tiedoston sisältö tänne.(daft.txt)

Fixaa tämäkin HJT:llä
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

------------------------------------------------------------

Poista tämäkin toistaiseksi:
AS: Spybot - Search and Destroy v1.0.0.5 (Safer Networking Ltd.) Disabled Outdated

----------------------------------------------

1. Lataa combofix.exe työpöydällesi mistä tahansa alla olevasta linkistä:
Linkki 1
Linkki 2
Linkki 3

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

(C:\ComboFix.txt) Lähetä tämä loki + uusi HJT logi
.

pietila · 02.07.2008

Eli käyttöjärjestelmä on vista 64bittinen, mutta koneella on myös vista 32bit ja xp 32bit.

Tuota Combofix ei anna ajaa, valittaa, että only 32bit.

Deckard's system scanneri antaa vain nyt main.txt:n

Ehtiin asentaa widgetin ja rocketdockin uudestaa, mahtoikohan haitata tätä operaatiota?

Deckard's System Scanner v20071014.68
Run by Bietro on 2008-07-02 17:08:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Bietro.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:08:30, on 2.7.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ATITool\ATITool.exe
C:\Windows\SysWOW64\conime.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Users\Bietro\Desktop\dss.exe
C:\PROGRA~2\TRENDM~1\HIJACK~1\Bietro.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: RocketDock.lnk = C:\Program Files (x86)\RocketDock\RocketDock.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: ATITool.lnk = C:\Program Files (x86)\ATITool\ATITool.exe
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - Unknown owner - E:\VMware Worsktation\vmware-ufad.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware DHCP Service (VMnetDHCP) - Unknown owner - C:\Windows\system32\vmnetdhcp.exe (file missing)
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8580 bytes

-- Files created between 2008-06-02 and 2008-07-02 -----------------------------

2008-07-01 20:44:02 0 d-------- C:\Program Files (x86)\Common Files\Java
2008-07-01 20:21:32 0 d-------- C:\Program Files (x86)\AVG
2008-07-01 14:15:45 0 d-------- C:\Users\All Users\Malwarebytes
2008-07-01 14:15:44 0 d-------- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2008-06-30 20:32:02 0 d-------- C:\Users\Bietro\Tracing
2008-06-30 17:59:14 0 d-------- C:\Program Files (x86)\VMware
2008-06-30 17:59:14 0 d-------- C:\Program Files (x86)\Common Files\VMware
2008-06-25 20:27:28 0 d--h----- C:\$AVG8.VAULT$
2008-06-25 19:59:13 0 d-------- C:\Users\All Users\avg8
2008-06-22 23:49:28 356352 --a------ C:\Windows\eSellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine>
2008-06-22 23:43:42 0 d-------- C:\Program Files (x86)\QO Labs
2008-06-22 22:02:33 0 d-------- C:\Program Files (x86)\URUSoft
2008-06-22 16:16:02 0 d-------- C:\Users\All Users\ATI
2008-06-22 16:13:37 0 d-------- C:\Program Files (x86)\ATI Technologies
2008-06-19 16:43:37 0 d-------- C:\temp
2008-06-11 17:08:35 60273 --a------ C:\Windows\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; >
2008-06-11 17:08:35 7680 --a------ C:\Windows\system32\ff_vfw.dll
2008-06-11 17:08:35 0 d-------- C:\Program Files (x86)\ffdshow
2008-06-03 18:06:29 0 d-------- C:\Program Files (x86)\CyberLink

-- Find3M Report ---------------------------------------------------------------

2008-07-01 21:36:30 0 d-------- C:\Program Files (x86)\Yahoo!
2008-07-01 21:31:11 0 d-------- C:\Program Files (x86)\RocketDock
2008-07-01 20:45:14 0 d-------- C:\Program Files (x86)\Java
2008-07-01 20:44:02 0 d-------- C:\Program Files (x86)\Common Files
2008-07-01 14:15:47 0 d-------- C:\Users\Bietro\AppData\Roaming\Malwarebytes
2008-06-30 20:49:24 0 d-------- C:\Program Files (x86)\Windows Live
2008-06-30 20:25:48 0 d-------- C:\Program Files (x86)\Messenger Plus! Live
2008-06-30 19:11:55 0 d-------- C:\Program Files (x86)\Mozilla Firefox 3 Beta 4
2008-06-30 19:11:44 0 d-------- C:\Program Files (x86)\Mozilla Firefox 3 Beta 3
2008-06-30 15:36:43 0 d-------- C:\Users\Bietro\AppData\Roaming\uTorrent
2008-06-29 20:57:24 0 d-------- C:\Program Files (x86)\Winamp
2008-06-29 20:49:19 0 d-------- C:\Users\Bietro\AppData\Roaming\Winamp
2008-06-29 20:43:07 0 d-------- C:\Users\Bietro\AppData\Roaming\mIRC
2008-06-29 20:43:05 0 d-------- C:\Program Files (x86)\Apple Software Update
2008-06-27 17:40:46 0 d-------- C:\Program Files (x86)\mIRC
2008-06-25 20:27:28 0 d-------- C:\Program Files (x86)\DAEMON Tools Lite
2008-06-24 17:38:45 0 d-------- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2008-06-14 04:01:05 0 d-------- C:\Program Files (x86)\Common Files\Steam
2008-06-11 15:24:19 0 d-------- C:\Program Files (x86)\Webteh
2008-06-11 03:07:20 0 d-------- C:\Program Files (x86)\Windows Mail
2008-06-03 17:56:01 0 d--h----- C:\Program Files (x86)\InstallShield Installation Information
2008-05-30 23:43:34 0 d-------- C:\Users\Bietro\AppData\Roaming\InterVideo
2008-05-30 23:41:37 0 d-------- C:\Program Files (x86)\InterVideo Information Service
2008-05-30 23:41:37 0 d-------- C:\Program Files (x86)\Common Files\Ulead
2008-05-30 23:32:53 0 d-------- C:\Program Files (x86)\InterVideo
2008-05-30 23:32:53 0 d-------- C:\Program Files (x86)\Common Files\InterVideo
2008-05-30 23:31:58 0 d-------- C:\Program Files (x86)\Common Files\InstallShield
2008-05-30 23:17:25 0 d-------- C:\Users\Bietro\AppData\Roaming\CyberLink
2008-05-29 16:18:10 0 d-------- C:\Program Files (x86)\Microsoft Silverlight
2008-05-28 23:21:18 0 d-------- C:\Users\Bietro\AppData\Roaming\BSplayer PRO
2008-05-26 18:12:06 0 d-------- C:\Users\Bietro\AppData\Roaming\VMware
2008-05-25 15:39:52 0 d-------- C:\Program Files (x86)\Stardock
2008-05-25 15:39:52 0 d-------- C:\Program Files (x86)\Common Files\Stardock
2008-05-25 00:28:31 0 d-------- C:\Users\Bietro\AppData\Roaming\Vso
2008-05-22 19:09:34 0 d-------- C:\Users\Bietro\AppData\Roaming\GTek
2008-05-14 19:35:21 0 d-------- C:\Program Files (x86)\DC++
2008-05-14 19:31:41 0 d-------- C:\Program Files (x86)\RevConnect
2008-05-14 19:25:47 0 d-------- C:\Program Files (x86)\No-IP
2008-05-13 18:41:07 0 d-------- C:\Program Files (x86)\Ajokorttikoulu
2008-05-06 22:10:14 0 d-------- C:\Program Files (x86)\Trend Micro
2008-05-06 22:06:36 0 d-------- C:\Program Files (x86)\MessengerDiscovery
2008-05-06 22:06:35 0 d-------- C:\Program Files (x86)\MSN Messenger
2008-05-06 22:06:14 0 d-------- C:\Program Files (x86)\Fake Webcam
2008-05-05 14:25:52 0 d-------- C:\Program Files (x86)\QuickTime
2008-04-05 18:21:57 34 --a------ C:\Users\Bietro\AppData\Roaming\pcouffin.log
2008-04-05 18:21:16 7859 --a------ C:\Users\Bietro\AppData\Roaming\pcouffin.cat

-- Registry Dump ---------------------------------------------------------------

-- End of Deckard's System Scanner: finished at 2008-07-02 17:08:40 ------------

kalminen · 02.07.2008

Logilla ei näy viruksia.

NT Kernel & System (liityy käyttöjärjestelmlmän ytimeen)
Jos siellä on ongelmia niin minä en hallitse vielä MBR:n sielun elämää
kunnolla edes yhdellä käyttiksellä. SRI

Tämän pitäis pyöriä mozillakin:

Skannaa koneesi Kaspersky Online Skannerilla

[*]Lue läpi vaatimukset ja yksityisyyssäännökset ja klikkaa Accept.
[*]Skannerin ja virustietokannan lataus alkaa. Sinulta kysytään sallitko Kasperskyltä tulevan ohjelman asentamisen. Klikkaa Aja/Run.
[*]Kun lataus on valmis, klikkaa Settings.
[*]Varmistu, että seuraavat kohdat on valittu. Jos ne eivät ole, valitse ne ja klikkaa Save: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases[*]Klikkaa Oma Tietokone, My Computer Scan-kohdan alapuolelta.
[*]Kun tarkistus on valmis, tulokset näytetään. Klikkaa View Scan Report.
[*]Näet listan saastuneista kohteista. Klikkaa Save Report As....
[*]Tallenna tiedosto työpöydällesi. Muuta Tiedostotyyppi/Files of type muotoon Tekstitiedosto/Text file(.txt) ennen kuin klikkaat Save.
[*]Kopioi ja liitä tiedoston sisältö seuraavaan vastaukseesi uuden HijackThis-lokin kera
.

pietila · 03.07.2008

Tällänen väli kysymys tässä, että ku tuossa kohta aattelin lähtä ostaa uuden kovon,

Tuo Kaspersky Online Scanner on nyt tästä koneelta skannannu, mutta skannaa vielä verkkoasemia, että voiko tuon lopettaa ja katto mitä se sanoo? Ainaki tuo on jotaki löytäny

Threat names 6
Infected objects 11

Ku on vähän hidasta tuo skannaaminen, 61% vasta ja aikaa menny 19h 33min

Paitsi, että sata2 levynhä vissiin saa lennosta nakata? Jos onnistuu, niin sit tarvi varmaan lopettaa.

kalminen · 03.07.2008

SATA II edottomasti jos emo sitä tukee.
IDE levyt on nykyään ongema jätettä
Mulla on Maxtorin 120 Gb IDE laskupinon painona HI
SATA ja IDE samassa koneessa saa aikaan vatsahaavan.
Toimivat kyllä, mutta ongelmia on lähinnä masteroinnissa.

Infected objects 11 => Luultavasti Träkking Cookieita (keksejä)
Selaimen evästeitä.

pietila · 03.07.2008

Nii, että saa siis sata2 nakata kiinni, vaikka kone on päällä? Nii saa skannattua tuo tuon loppuu asti. =D

kalminen · 03.07.2008

Älä ihmeessä nakkaa !!!
Virrat pois koneesta ja kattelet emon rompun valmiiksi.
Sata levy tarvii omat ajurit.

pietila · 03.07.2008

On tuossa jo kaks sata2 levyä. Ja ne on ainaki menny ilman mitää sen kummempia ajureita.

Noni ostin Samsungin 1Tb kovon, niin saa viruksia laata urakalla.

Ja nyt muuten taas tuo NT Kernel & System alkoi vittuileen.
En tiedä, tuleeko se sit ainaku on ollu pari kymmentä tuntia putkeen päällä, nimittäin eilen se toimi aivan normaalisti.

Mikähä se mahtaa muuten olla virallinen buildi tuosta sp1?
Koska latasin muutama päivä ennemmin tuon, entä mircrosoftin sivuilta sai. Että voisko siinä olla jokin syy moisee, toisaalta tyhmältä tuntuu, ku se on kuitenki monta kuukautta pelannut.

Tossa nyt kuitenkin on tuo Kaspersky online.

Thursday, July 3, 2008
Operating System: Microsoft Windows Vista Ultimate Edition, 64-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, July 02, 2008 14:55:06
Records in database: 906431
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
M:\
N:\
O:\
P:\
Q:\
R:\
S:\
T:\
V:\
W:\
X:\
Y:\
Z:\
Scan statistics
Files scanned 391686
Threat name 12
Infected objects 23
Suspicious objects 0
Duration of the scan 23:20:31

File name Threat name Threats count
C:\Program Files (x86)\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.632 1
C:\Program Files (x86)\UltraVNC\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.i 1
C:\Users\Bietro\Downloads\mirc632.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.632 1
F:\Mp3\AVG Internet Security v8.0.93+Crack+Serial-HeartBug\Crack\crack.exe Infected: Trojan.Win32.Delf.czb 1
H:\Testi paskaa\Nero 8 Ultra Edition 8.2.8.0+Keymaker\Nero-8.2.8.0_eng_trial.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
S:\Linux\openSUSE-10.2-GM-i386-CD1.iso Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h 1
S:\Linux\openSUSE-10.2-GM-i386-CD1.iso Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b 1
S:\Linux\openSUSE-10.3-Alpha4-i386-CD1.iso Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h 1
S:\Linux\openSUSE-10.3-Alpha4-i386-CD1.iso Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b 1
V:\Nero 8 Ultra Edition 8.2.8.0+Keymaker\Nero-8.2.8.0_eng_trial.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
X:\Nero 8 Ultra Edition 8.2.8.0+Keymaker\Nero-8.2.8.0_eng_trial.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
Y:\Softa\DivX\DivXPro\DivXPro511Adware.exe Infected: not-a-virus:AdWare.Win32.Gator.3202 1
Y:\Softa\mirc\mirc616.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
Y:\Softa\Nero.8.Ultra.Edition.v.8.0.3.0.MULTiLANGUAGE-FiCKDiEBiATCH\nero8-fdb\nero8-fdb\Nero PhotoShow Express\nero_photoshow_express_5_setup.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
Y:\Softa\Nero.8.Ultra.Edition.v.8.0.3.0.MULTiLANGUAGE-FiCKDiEBiATCH\nero8-fdb\nero8-fdb\Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
Y:\Softa\Nero.8.Ultra.Edition.v.8.0.3.0.MULTiLANGUAGE-FiCKDiEBiATCH\nero8-fdb\nero8-fdb.iso Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 2
Y:\Softa\Real VNC\vnc-3.3.7-x86_win32.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c 2
Y:\Softa\softaa\softaa\ABC-win32-v2.6.9.exe Infected: Trojan.Win32.Zapchast 1
Y:\Softa\softaa\softaa\ABC-win32-v2.6.9.exe Infected: Trojan-Downloader.Win32.IstBar.er 1
Y:\Softa\Ultr@VNC\UltraVNC-100-RC18-Setup.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c 1
Y:\Softa\Ultr@VNC\UltraVNC-100-RC18-Setup.zip Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c 1
The scan was stopped by the user.

pietila · 03.07.2008

Niin ja HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:11:59, on 3.7.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\ATITool\ATITool.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\Users\Bietro\Desktop\Kuvakkeet\Core temp\Core Temp.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: RocketDock.lnk = C:\Program Files (x86)\RocketDock\RocketDock.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: ATITool.lnk = C:\Program Files (x86)\ATITool\ATITool.exe
O4 - Global Startup: ClientManagerV.lnk = C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
O23 - Service: BWH32S - BUFFALO INC. - C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - Unknown owner - E:\VMware Worsktation\vmware-ufad.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware DHCP Service (VMnetDHCP) - Unknown owner - C:\Windows\system32\vmnetdhcp.exe (file missing)
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8126 bytes

kalminen · 03.07.2008

Logilla ei näy ainakaan viruksia.

Minä jouduin poistamaan Vistasta kuukausi sitten SP1 asennuksen L/P ohjelmalla.
Oli liikaa ongelmia. (kokeile)

Tämä ei ole virus:
C:\Program Files (x86)\mIRC\mirc.exe

Nämä ovat tuhoon tuomittuja:
F:\Mp3\AVG Internet Security v8.0.93+Crack+Serial-HeartBug\Crack\crack.exe Infected: Trojan.Win32.Delf.czb 1
Y:\Softa\softaa\softaa\ABC-win32-v2.6.9.exe Infected: Trojan.Win32.Zapchast 1
Y:\Softa\softaa\softaa\ABC-win32-v2.6.9.exe Infected: Trojan-Downloader.Win32.IstBar.er 1

Ohjelma joka ei varmuudella ole 64 bittinen
sen exe tiedoston ominaisuuksista voi määritellä vaikka
XP emulaation.
.

pietila · 03.07.2008

Täytyypä yrittää sitä. Kiitoksia neuvoista. =)

pietila · 09.07.2008

Ongelma ei lähtenyt formatoinnilla ja käyttiksen uudelleen asentamisella.

Sama ongelma, eli tämä NT Kernel & System on varmaan jotenkin nettiin yhteydessä?

Koska esin enirossa, ku on se kartta juttu, jos siinä vaikka lähentää ja kauentaa, menee NT Kernel & System AINA isoksi prossun käytössä.

Ja nytki vuorokauden ollut kone päällä, lataa sivut puoleksi/ ei ollenkaan. Ongelmaan auttaa kun käynnistää koneen uusiksi.

Eli rauta pohjanen vika varmaan? Mutta mistä lähteä paikantamaan?

Emossa on verkkokortti, joka lopettu noin puolivuotta sitten toiminnan. Saa yhteyden kyllä lähiverkkoon, mutta nettiin ei yhdistä.

Nyt on sitten toisella pci paikkaan olevalla verkkokortilla.

kalminen · 09.07.2008

Ei tämä rauta ongelmalta vaikuta ???
NT Kernel & System => ntoskrnl.exe
Liittyy Bootti hommeleihin.

Mikä se sun kokoonpano oikein on ???
Mitä levyjä (IDE/SATA)
Mitä käyttiksiä boottailee mistäkin ???
.

pietila · 09.07.2008

Käyttis: Windows vista 64bit ( Asennettu uudestaa formatoidulle kovolle)
Emo: P5KC
Ram: 2x1Gb 2x2Gb Yht. 6Gb
Näyt: HD3850
Pros: Intel E4400 @3.1Ghz

1x IDE 160Gt (Pelkkää tavaraa, ei käyttistä)
2x sataII Samsung 500Gb ( Toisessa tavaraa, toinen osioitu vistalle yks, xp:lle yks. Loput tavaraa)
1x sataII Samsung 1000Gb

Jos voi IDE auheuttaa jotakin, lisäyksenä siihe on samsung polttava dvd asema. Se sai ainakin, jos poltti levyä, tilttaan polton ja osan ohjelmista.

En ole testannu tässä uudessa käyttöjärjestelmässä onko sama vika

Kirjaudu tai liity jäseneksi

Netti sekoilee ja NT Kernel & System.

pietila Regular member

kalminen Regular member

pietila Regular member

kalminen Regular member

pietila Regular member

pietila Regular member

kalminen Regular member

pietila Regular member

kalminen Regular member

pietila Regular member

kalminen Regular member

pietila Regular member

kalminen Regular member

pietila Regular member

pietila Regular member

kalminen Regular member

pietila Regular member

pietila Regular member

kalminen Regular member

pietila Regular member

Jaa tämä sivu

Kirjaudu tai liity jäseneksi

Netti sekoilee ja NT Kernel & System.

pietila Regular member

kalminen Regular member

pietila Regular member

kalminen Regular member

pietila Regular member

pietila Regular member

kalminen Regular member

pietila Regular member

kalminen Regular member

pietila Regular member

kalminen Regular member

pietila Regular member

kalminen Regular member

pietila Regular member

pietila Regular member

kalminen Regular member

pietila Regular member

pietila Regular member

kalminen Regular member

pietila Regular member

Jaa tämä sivu

Hyödyllisiä hakuja