Vundo plus jotain muuta

Mikäs tossa nyt on ku laitan scan my computer alkaa tarkistaa tiedostoi mut scanned folders pysyy 0 ja jos koitan scan folder ni tarkistaa pirun hitaasti.

 

ookos laitanut noi kohdat mitä ohjeessa on.

on sulla tota kamaakin koneella

 

Oon laittanu ja joo on vähäsen ku 2 tuntii meni malwarebytesil. Eilen viel kävi muutamas minuutis ton mut nyt ei vaa toimi.

 

scannaa uusi hjt:n loki

scannaa uusi combofix loki

Rupee pikku hiljaan tuntuun että vistan käyttöjärjestelmä on saanut siipeensä. Taitaa tulla pian eteen tuo Formatointi

Kai olet Valvojan oikeuksilla koneessa sisällä.

Montaas kieltä hallitset?

 

Joo oon valvojanoikeuksilla ja englanti menee suomen lisäks melko hyvin. Nyt kyl vaikuttaa et ei ois enää mitään virusta muuten paitsi mitä nyt vähän tökkii. Ponnahusikkunat kadonnu ainaki.

 

katelin vain tuota

Microsoft Office Proof
muutama turha kielipaketti silloin
muttta ei kannata poistaa voi vaikka ottaa siintä siipeeen.

======================

Tyhjennä Malwarebytes' Anti-Malware karanteeni

===================

Tyhjennä nortonin karanteeni

==================

Poista SmitfraudFix koneelta

==================

Kirjoita suorita kohtaan

Combofix.exe /u

paina Ok

==================

Poista roskat

 

combofix loki:

ComboFix 08-09-12.07 - eDy 2008-09-13 14:34:07.7 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1035.18.282 [GMT 3:00]
Sijainti: C:\Users\eDy\Desktop\Downloads\ComboFix.exe
* Uusi palautuspiste luotu
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-08-13 to 2008-09-13 )))))))))))))))))
.

2008-09-13 13:11 . 2008-09-13 13:13 <KANSIO> d-------- C:\Program Files\Java
2008-09-13 13:11 . 2008-09-13 13:11 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-09-12 21:56 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-09-12 19:48 . 2008-09-12 19:48 <KANSIO> d-------- C:\Program Files\CCleaner
2008-09-11 22:00 . 2008-09-11 22:00 691 --a------ C:\Users\eDy\AppData\Roaming\GetValue.vbs
2008-09-11 22:00 . 2008-09-11 22:00 35 --a------ C:\Users\eDy\AppData\Roaming\SetValue.bat
2008-09-11 17:02 . 2008-09-11 22:00 3,426 --a------ C:\Windows\System32\tmp.reg
2008-09-11 15:02 . 2008-09-11 15:29 <KANSIO> d-------- C:\Program Files\MicroAV
2008-09-11 15:01 . 2008-09-11 15:01 86,016 --a------ C:\Windows\System32\qfulihyl.exe
2008-09-10 21:51 . 2008-09-10 21:51 102,400 --a------ C:\Windows\System32\lidobmnk.exe
2008-09-10 21:07 . 2008-09-10 21:07 102,400 --a------ C:\Windows\System32\yjqnodoj.exe
2008-09-10 20:11 . 2008-09-13 00:47 <KANSIO> d-------- C:\ProgramData\nsfubuns
2008-09-10 20:11 . 2008-09-10 20:11 94,208 --a------ C:\Windows\System32\uhenoxgx.exe
2008-09-10 15:24 . 2008-08-02 04:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-10 15:24 . 2008-06-26 06:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-10 15:24 . 2008-06-26 06:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-10 15:24 . 2008-05-08 22:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-10 15:24 . 2008-05-20 05:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-10 15:24 . 2008-06-26 06:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-10 15:24 . 2008-08-02 06:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-10 15:23 . 2008-07-31 04:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-10 15:23 . 2008-07-31 06:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-09 23:04 . 2008-09-09 23:04 <KANSIO> d-------- C:\Program Files\QuickTime
2008-09-09 23:04 . 2008-09-09 23:04 <KANSIO> d-------- C:\Program Files\Common Files\Apple
2008-09-09 23:03 . 2008-09-09 23:03 <KANSIO> d-------- C:\ProgramData\Apple Computer
2008-09-07 16:31 . 2008-09-07 16:31 156 --a------ C:\Windows\Twunk001.MTX
2008-09-07 16:31 . 2008-09-07 16:31 2 --a------ C:\Windows\Twain001.Mtx
2008-09-07 16:31 . 2008-09-07 16:31 0 --a------ C:\Windows\Twunk002.MTX
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\Windows\System32\QuickTime.qts
2008-09-04 00:45 . 2008-09-04 00:47 <KANSIO> d-------- C:\Users\eDy\AppData\Roaming\SPORE
2008-09-03 14:59 . 2008-09-03 14:59 <KANSIO> d-------- C:\ProgramData\Electronic Arts
2008-09-03 14:59 . 2008-09-04 15:01 10,940 --a------ C:\Windows\System32\ealregsnapshot1.reg
2008-08-31 16:08 . 2008-08-31 16:08 <KANSIO> d-------- C:\ProgramData\FLEXnet
2008-08-31 16:03 . 2008-08-31 16:03 <KANSIO> d-------- C:\ProgramData\ALM
2008-08-28 00:03 . 2008-08-28 00:03 42,320 --a------ C:\Windows\System32\xfcodec.dll
2008-08-26 15:18 . 2008-08-26 15:18 <KANSIO> d-------- C:\Program Files\GALA-NET
2008-08-26 00:05 . 2008-07-19 08:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-26 00:05 . 2008-07-19 06:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-26 00:05 . 2008-07-19 08:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-26 00:05 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-26 00:05 . 2008-07-19 06:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-26 00:05 . 2008-07-19 08:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-26 00:05 . 2008-07-19 08:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-26 00:05 . 2008-07-19 08:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-26 00:05 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-08-23 06:47 . 2008-08-23 06:47 86,523 --a------ C:\Windows\WinVerCheck.exe
2008-08-14 20:09 . 2008-07-16 04:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-14 19:26 . 2008-06-27 04:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-14 19:26 . 2008-06-27 07:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-14 19:26 . 2008-04-10 08:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-14 19:26 . 2008-06-19 06:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-14 19:26 . 2008-04-18 08:48 269,312 --a------ C:\Windows\System32\es.dll

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-13 11:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-13 11:08 --------- d-----w C:\Program Files\Steam
2008-09-12 18:56 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-12 13:35 --------- d-----w C:\Users\eDy\AppData\Roaming\Xfire
2008-09-12 13:34 --------- d-----w C:\Users\eDy\AppData\Roaming\uTorrent
2008-09-12 11:57 --------- d-----w C:\ProgramData\Xfire
2008-09-11 19:43 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-10 15:10 --------- d-----w C:\Program Files\Common Files\Steam
2008-09-09 21:03 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-09-08 00:15 --------- d-----w C:\Users\eDy\AppData\Roaming\mIRC
2008-09-07 20:58 --------- d-----w C:\Users\eDy\AppData\Roaming\LimeWire
2008-09-07 20:35 --------- d-----w C:\Program Files\mIRC
2008-09-07 13:31 --------- d---a-w C:\ProgramData\TEMP
2008-09-07 13:30 --------- d-----w C:\Program Files\Fraps
2008-09-04 16:10 --------- d-----w C:\Program Files\Xfire
2008-09-03 21:34 --------- d-----w C:\Program Files\Electronic Arts
2008-09-03 12:08 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-08-30 21:51 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-30 21:07 --------- d-----w C:\Program Files\Winamp
2008-08-18 17:26 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-14 17:49 --------- d-----w C:\Program Files\Windows Mail
2008-08-13 11:51 --------- d-----w C:\Program Files\ATI
2008-08-10 12:05 --------- d-----w C:\ProgramData\Codemasters
2008-08-10 12:01 444,952 ----a-w C:\Windows\System32\wrap_oal.dll
2008-08-10 12:01 109,080 ----a-w C:\Windows\System32\OpenAL32.dll
2008-08-10 12:01 --------- d-----w C:\Program Files\OpenAL
2008-08-09 18:45 --------- d-----w C:\ProgramData\Apple
2008-08-09 18:45 --------- d-----w C:\Program Files\Apple Software Update
2008-08-04 22:50 --------- d-----w C:\ProgramData\Symantec
2008-08-02 13:58 --------- d-----w C:\Program Files\Boris FX, Inc
2008-07-31 17:17 --------- d-----w C:\Program Files\VASST
2008-07-31 17:15 --------- d-----w C:\Program Files\Sonic Foundry
2008-07-31 17:15 --------- d-----w C:\Program Files\DebugMode
2008-07-31 07:41 68,616 ----a-w C:\Windows\System32\XAPOFX1_1.dll
2008-07-31 07:41 238,088 ----a-w C:\Windows\System32\xactengine3_2.dll
2008-07-31 07:40 509,448 ----a-w C:\Windows\System32\XAudio2_2.dll
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-30 14:42 23,888 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-07-30 14:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-07-30 14:28 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat
2008-07-27 23:45 --------- d-----w C:\Users\eDy\AppData\Roaming\Hamachi
2008-07-27 10:27 --------- d-----w C:\Program Files\LimeWire
2008-07-26 11:52 --------- d-----w C:\Program Files\DC++
2008-07-26 10:04 --------- d-----w C:\Program Files\uTorrent Acceleration Tool
2008-07-26 10:03 --------- d-----w C:\Program Files\LimeWire(2)
2008-07-24 09:40 --------- d-----w C:\Program Files\AGEIA Technologies
2008-07-24 09:39 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-23 10:50 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-07-23 10:44 --------- d-----w C:\Users\eDy\AppData\Roaming\teamspeak2
2008-07-23 00:38 --------- d-----w C:\Program Files\Bonjour
2008-07-23 00:25 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-07-21 23:50 --------- d-----w C:\Users\eDy\AppData\Roaming\Winamp
2008-07-21 21:38 --------- d-----w C:\Program Files\Audacity
2008-07-21 17:00 --------- d-----w C:\ProgramData\TrackMania United
2008-07-21 11:35 --------- d-----w C:\Program Files\TrackMania United
2008-07-20 20:31 --------- d-----w C:\Program Files\IDoser v4
2008-07-18 03:33 --------- d-----w C:\ProgramData\TrackMania
2008-07-16 12:48 --------- d-----w C:\ProgramData\WindowsSearch
2008-07-16 10:36 --------- d-----w C:\ProgramData\River Past G5
2008-07-12 05:18 467,984 ----a-w C:\Windows\System32\d3dx10_39.dll
2008-07-12 05:18 3,851,784 ----a-w C:\Windows\System32\D3DX9_39.dll
2008-07-12 05:18 1,493,528 ----a-w C:\Windows\System32\D3DCompiler_39.dll
2008-07-09 18:30 111,928 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-07-09 18:27 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-19 20:43 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-06-19 20:31 315,392 ----a-w C:\Windows\HideWin.exe
2008-06-19 18:43 174 --sha-w C:\Program Files\desktop.ini
2008-06-19 15:06 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-19 15:06 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-06-13 10:52 6,183,456 ----a-w C:\Windows\RtHDVCpl.exe
2008-05-12 12:40 22,328 ----a-w C:\Users\eDy\AppData\Roaming\PnkBstrK.sys
2008-01-29 18:10 47,360 ----a-w C:\Users\eDy\AppData\Roaming\pcouffin.sys
2008-01-26 12:05 81,920 ----a-w C:\Users\eDy\AppData\Roaming\ezpinst.exe
2007-12-23 22:35 808,448 --sh--r C:\Windows\odbconf.exe
2008-03-13 12:35 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-13 12:35 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-13 12:37 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
2008-03-13 12:37 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
2008-03-13 12:37 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
2008-03-13 12:35 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-05-20 10:24 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008051220080519\index.dat
2008-05-26 10:27 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008051920080526\index.dat
2008-05-26 10:30 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008052620080527\index.dat
2008-05-27 10:15 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008052720080528\index.dat
2008-05-28 10:50 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008052820080529\index.dat
2008-05-30 08:59 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008053020080531\index.dat
2008-06-01 10:45 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008060120080602\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-09-12_21.27.14.61 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-12 17:00:59 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-09-13 09:46:09 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-09-12 17:00:59 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-09-13 09:46:09 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-09-12 17:04:04 1,310,720 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-09-13 09:48:17 1,310,720 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
- 2008-09-12 17:03:52 1,310,720 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-09-13 09:49:06 1,310,720 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
- 2008-09-12 18:08:42 229,376 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-09-13 11:00:21 229,376 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-09-12 18:08:42 1,933,312 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-13 11:00:21 1,933,312 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-12 18:08:42 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-13 11:00:21 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-12 18:15:55 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-09-13 11:34:00 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-09-13 11:34:00 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
- 2008-02-21 23:23:35 135,168 ----a-w C:\Windows\System32\java.exe
+ 2008-06-09 22:21:01 135,168 ----a-w C:\Windows\System32\java.exe
- 2008-02-21 23:23:39 135,168 ----a-w C:\Windows\System32\javaw.exe
+ 2008-06-09 22:21:04 135,168 ----a-w C:\Windows\System32\javaw.exe
- 2008-02-22 00:33:32 139,264 ----a-w C:\Windows\System32\javaws.exe
+ 2008-06-09 23:32:34 139,264 ----a-w C:\Windows\System32\javaws.exe
- 2008-09-12 17:04:08 13,868 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2223133414-1777158752-3304994779-1002_UserData.bin
+ 2008-09-12 18:53:34 14,050 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2223133414-1777158752-3304994779-1002_UserData.bin
- 2008-09-12 17:04:07 78,206 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-09-12 21:49:56 78,272 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-09-12 11:51:37 59,492 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-09-13 09:49:44 59,840 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2006-10-23 1092152]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 222080]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-20 228088]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-25 107112]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 22696]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 C:\Windows\RtHDVCpl.exe]

C:\Users\eDy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2007-12-13 557568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL ktfacl.dll dzvyyh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"msacm.ac3filter"= ac3filter.acm
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
"UpdatesDisableNotify"="0x00000000"
"AntiVirusDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6DE4EF4D-504D-414B-B1BD-EA857B9B8EA1}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{D26A1AB5-3DC8-41EC-BE73-E60A14C89BE6}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{0F14D24A-D0E7-43D8-9718-D0DFA8336490}"= UDP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA
"{AEAA3492-DAF6-429D-966D-3C14705A9575}"= TCP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA
"{9F75219E-E733-4560-9EEB-AF6F3B8045D1}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{9F5140EC-EA46-4050-A949-77C6675A0AAA}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{798DB3DE-D704-42B5-82D5-AABD5BC5806E}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{80DAF794-CF15-4783-B4B7-7BDB0A3D96A4}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{3AD1C762-6D2F-4F9E-AC3F-64D794BDB041}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{12F5DA58-918C-4739-99EE-39E5ABD9604C}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5FF56F9D-7148-4B88-8E55-881FD36E119D}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{41D88386-1868-4B7B-AE1B-6224121BB070}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{AAA1AC87-95D1-4A5E-9E84-B89E03817C0C}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{3E6B9D4F-CBFB-41A0-97A9-08E2B7519B7F}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{5B95B573-C6C8-4FB8-B4CE-181F77E62F22}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"TCP Query User{E62A8DF0-5B32-4F7E-8C57-BE0C778D0BB3}C:\\program files\\trackmania sunrise\\tmsunrise.exe"= UDP:C:\program files\trackmania sunrise\tmsunrise.exe:TmSunrise
"UDP Query User{F33B5F75-0BEB-48D4-AB5B-75960117A640}C:\\program files\\trackmania sunrise\\tmsunrise.exe"= TCP:C:\program files\trackmania sunrise\tmsunrise.exe:TmSunrise
"TCP Query User{3E11A1C9-94ED-4E30-B37E-F2A4CF4C9AF2}C:\\program files\\[pc] splinter cell pandora tomorrow [rip] [dopeman]\\scpd\\splinter cell pandora tomorrow\\pandora.exe"= UDP:C:\program files\[pc] splinter cell pandora tomorrow [rip] [dopeman]\scpd\splinter cell pandora tomorrow\pandora.exeandora
"UDP Query User{187EAD21-5932-47CE-BB51-4DA8614789B6}C:\\program files\\[pc] splinter cell pandora tomorrow [rip] [dopeman]\\scpd\\splinter cell pandora tomorrow\\pandora.exe"= TCP:C:\program files\[pc] splinter cell pandora tomorrow [rip] [dopeman]\scpd\splinter cell pandora tomorrow\pandora.exeandora
"TCP Query User{CAA333D1-670A-42CA-BAF5-19351043585A}C:\\users\\edy\\appdata\\local\\xenocode\\appliancecaches\\kumaclient.exe_v71b24f3e\\native\\stubexe\\@programfiles@\\kuma games\\kuma.exe"= UDP:C:\users\edy\appdata\local\xenocode\appliancecaches\kumaclient.exe_v71b24f3e\native\stubexe\@programfiles@\kuma games\kuma.exe:kuma.exe
"UDP Query User{547E73C9-8561-4BC6-AF97-0EAE0A405858}C:\\users\\edy\\appdata\\local\\xenocode\\appliancecaches\\kumaclient.exe_v71b24f3e\\native\\stubexe\\@programfiles@\\kuma games\\kuma.exe"= TCP:C:\users\edy\appdata\local\xenocode\appliancecaches\kumaclient.exe_v71b24f3e\native\stubexe\@programfiles@\kuma games\kuma.exe:kuma.exe
"TCP Query User{A2BDBE65-7DD8-4F50-BBFA-67BA538B1D50}C:\\program files\\steam\\steamapps\\ts0mpi\\counter-strike\\hl.exe"= UDP:C:\program files\steam\steamapps\ts0mpi\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{46736481-5D1C-46F0-BF0C-1785D9DA44C0}C:\\program files\\steam\\steamapps\\ts0mpi\\counter-strike\\hl.exe"= TCP:C:\program files\steam\steamapps\ts0mpi\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{1724A2D6-38C2-46E6-8A1E-CE9655A9905B}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{9891D4A0-A8C9-4EED-A1E6-CD7A7769E72D}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
"TCP Query User{9F4BC339-CBD5-406C-8442-D2D91F2126F4}C:\\program files\\steam\\steamapps\\ts0mpi\\day of defeat\\hl.exe"= UDP:C:\program files\steam\steamapps\ts0mpi\day of defeat\hl.exe:Half-Life Launcher
"UDP Query User{FCA40045-0385-4845-B2C0-DE8EFECE0362}C:\\program files\\steam\\steamapps\\ts0mpi\\day of defeat\\hl.exe"= TCP:C:\program files\steam\steamapps\ts0mpi\day of defeat\hl.exe:Half-Life Launcher
"TCP Query User{270DEB84-E739-47E0-8BE2-61037403BC36}C:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:C:\program files\wolfenstein - enemy territory\et.exe:ET
"UDP Query User{BCD5039E-D69D-4E7C-BDB0-FF0CBFA8F70E}C:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:C:\program files\wolfenstein - enemy territory\et.exe:ET
"{FB4D5CBA-10FC-4F29-9679-2D161465CBD2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{52BBAB77-A961-4605-BF39-308CA8F42726}C:\\program files\\steam\\steamapps\\ts0mpi\\team fortress 2\\hl2.exe"= UDP:C:\program files\steam\steamapps\ts0mpi\team fortress 2\hl2.exe:hl2
"UDP Query User{3D046931-D84E-4957-8E5A-8C613D7A99AB}C:\\program files\\steam\\steamapps\\ts0mpi\\team fortress 2\\hl2.exe"= TCP:C:\program files\steam\steamapps\ts0mpi\team fortress 2\hl2.exe:hl2
"TCP Query User{9F1CFA65-E334-4CB3-8771-D30ED9DEA41E}C:\\program files\\steam\\steamapps\\ts0mpi\\source sdk base\\hl2.exe"= UDP:C:\program files\steam\steamapps\ts0mpi\source sdk base\hl2.exe:hl2
"UDP Query User{4141FADE-38D6-425B-90CA-D5F51C7414CE}C:\\program files\\steam\\steamapps\\ts0mpi\\source sdk base\\hl2.exe"= TCP:C:\program files\steam\steamapps\ts0mpi\source sdk base\hl2.exe:hl2
"TCP Query User{FEC3BB70-064E-4818-B824-89B0B9B459A4}C:\\program files\\steam\\steam.exe"= UDP:C:\program files\steam\steam.exe:Steam
"UDP Query User{75093C78-3FB3-4170-AF31-FB94A800E8A8}C:\\program files\\steam\\steam.exe"= TCP:C:\program files\steam\steam.exe:Steam
"TCP Query User{FDC87E98-388D-40B3-80D6-26CC29409717}C:\\program files\\steam\\steamapps\\ts0mpi\\half-life 2\\hl2.exe"= UDP:C:\program files\steam\steamapps\ts0mpi\half-life 2\hl2.exe:hl2
"UDP Query User{0F6A8421-C83E-4A62-BB1C-2394577CFB02}C:\\program files\\steam\\steamapps\\ts0mpi\\half-life 2\\hl2.exe"= TCP:C:\program files\steam\steamapps\ts0mpi\half-life 2\hl2.exe:hl2
"TCP Query User{62334EED-A011-4A3C-9852-F403B295891A}C:\\windows\\system32\\rxbot2.exe"= UDP:C:\windows\system32\rxbot2.exe:rxbot2
"UDP Query User{EC9EF5C7-2A8E-4348-961A-A092886AAD8F}C:\\windows\\system32\\rxbot2.exe"= TCP:C:\windows\system32\rxbot2.exe:rxbot2
"TCP Query User{957C8E02-2BE8-4A2B-9A1F-810AAEC206E5}C:\\windows\\system32\\wuamgrd.exe"= UDP:C:\windows\system32\wuamgrd.exe:wuamgrd
"UDP Query User{0DB1F23A-B03B-4943-9A5C-323AC36C109E}C:\\windows\\system32\\wuamgrd.exe"= TCP:C:\windows\system32\wuamgrd.exe:wuamgrd
"TCP Query User{44C1870D-5475-411A-BFB2-E8646DA5F3CD}C:\\users\\edy\\desktop\\downloads\\cabaltemp\\estsetuploader.exe"= UDP:C:\users\edy\desktop\downloads\cabaltemp\estsetuploader.exe:estsetuploader.exe
"UDP Query User{FE173293-B7B2-4446-8604-2DCD233B49C4}C:\\users\\edy\\desktop\\downloads\\cabaltemp\\estsetuploader.exe"= TCP:C:\users\edy\desktop\downloads\cabaltemp\estsetuploader.exe:estsetuploader.exe
"TCP Query User{DA206DEC-5B07-4992-AD1F-120922B7B68F}C:\\windows\\system32\\wuamgrd.exe"= UDP:C:\windows\system32\wuamgrd.exe:wuamgrd
"UDP Query User{087B9389-EAB2-4C2B-961E-AD3A937BE263}C:\\windows\\system32\\wuamgrd.exe"= TCP:C:\windows\system32\wuamgrd.exe:wuamgrd
"{B540D59B-B442-47DE-959C-D1D403CFDD71}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"{185E76E3-870F-4457-BE2D-6E1A819E1B70}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"TCP Query User{598CEE78-B17D-4541-BD4A-5731314BCA0D}C:\\program files\\steam\\steamapps\\ts0mpi\\counter-strike\\hl.exe"= UDP:C:\program files\steam\steamapps\ts0mpi\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{C6BA753F-6DFD-48B0-B223-EC7C144A286C}C:\\program files\\steam\\steamapps\\ts0mpi\\counter-strike\\hl.exe"= TCP:C:\program files\steam\steamapps\ts0mpi\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{63ED93EE-A909-486F-9D90-18D356C4A6B2}C:\\program files\\games-masters.com\\cabal online (europe)\\launcher\\update\\estdnheadless.exe"= UDP:C:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe:EST! download engine
"UDP Query User{AC32CB46-527A-49D9-860B-136C61474967}C:\\program files\\games-masters.com\\cabal online (europe)\\launcher\\update\\estdnheadless.exe"= TCP:C:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe:EST! download engine
"TCP Query User{EF148274-31E4-4DC6-AB35-50687970A7A4}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{F2D28122-7122-4D37-8C3E-A34AF0A8F105}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"TCP Query User{64F11094-F81F-4CBA-B4CC-46FA11BE6DCD}C:\\program files\\rainbow six vegas\\rainbow six vegas\\binaries\\r6vegas_game.exe"= UDP:C:\program files\rainbow six vegas\rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game
"UDP Query User{5900BE55-CD12-4C79-8892-C39D9EAAF8DD}C:\\program files\\rainbow six vegas\\rainbow six vegas\\binaries\\r6vegas_game.exe"= TCP:C:\program files\rainbow six vegas\rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game
"TCP Query User{C7AE8A31-3B66-47FF-8D36-C0D6D945AF8C}C:\\program files\\e frontier\\poser 7\\poser.exe"= UDP:C:\program files\e frontier\poser 7\poser.exeoser executable file
"UDP Query User{81EDF152-C02D-481D-A374-AD6EC7F06F85}C:\\program files\\e frontier\\poser 7\\poser.exe"= TCP:C:\program files\e frontier\poser 7\poser.exeoser executable file
"TCP Query User{B5165048-77AC-4CDD-8F1F-D2184E0B5127}C:\\program files\\walaber's trampoline\\bin\\release\\trampolinegame.exe"= UDP:C:\program files\walaber's trampoline\bin\release\trampolinegame.exe:TrampolineGame
"UDP Query User{1FF480FE-9D76-41B5-ADA9-D06BBD323C73}C:\\program files\\walaber's trampoline\\bin\\release\\trampolinegame.exe"= TCP:C:\program files\walaber's trampoline\bin\release\trampolinegame.exe:TrampolineGame
"{6D10385D-F158-429E-869D-CA6DC8A4686B}"= UDP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{A98DDC02-7B32-4973-B34B-E083BA9AAF15}"= TCP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{D6D09900-76C4-4C3A-8E39-5D05EBC74E80}"= UDP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{955F1414-05D1-426A-A663-9F68DD06A8DC}"= TCP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{E6FC0035-7F98-4C06-9D0E-D95E595B8E6C}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{E5A6D4C8-58DB-4CDD-988F-5DB0DA7CA99F}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{10F1FF13-7399-4362-818F-9B37EA841F90}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"{DA3B9536-18ED-4B9C-ABEF-43885DCFE724}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"TCP Query User{6E382DEC-44BF-41FA-AA27-332099A38221}C:\\program files\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= UDP:C:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever
"UDP Query User{1FD3E02A-AA52-417B-AF28-3033268A4B75}C:\\program files\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= TCP:C:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever
"TCP Query User{AA0A43B3-F79B-4D73-A6EF-F6E214ED42FA}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{1526C467-66B4-420A-992B-B527E7246308}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{0099635C-4701-4D06-938E-952D22D096FD}C:\\program files\\ut2004\\ut2004\\system\\ut2004.exe"= UDP:C:\program files\ut2004\ut2004\system\ut2004.exe:UT2004
"UDP Query User{714D4099-F9F3-4EAF-B034-BBA0E91171CE}C:\\program files\\ut2004\\ut2004\\system\\ut2004.exe"= TCP:C:\program files\ut2004\ut2004\system\ut2004.exe:UT2004
"TCP Query User{CFB10CFF-CBD6-4C5C-9D1D-C51643D8C6D9}C:\\program files\\id software\\quake 4\\quake4ded.exe"= UDP:C:\program files\id software\quake 4\quake4ded.exe:Quake 4
"UDP Query User{5AFE1615-C6B5-4F30-AF7B-DC0C5BC5BDED}C:\\program files\\id software\\quake 4\\quake4ded.exe"= TCP:C:\program files\id software\quake 4\quake4ded.exe:Quake 4
"{35CDD6A8-35E4-49A9-8591-B857824DF2A1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1046B40D-12A5-49C7-8550-C977653B20A8}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{BE9F02C3-9306-46D1-80C0-BF3880E45AF8}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{77628A07-FB76-42BD-811F-85AA6B12F47F}"= UDP:C:\Program Files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
"{AB3C9EB8-3396-4A91-B823-C61AAC4932F9}"= TCP:C:\Program Files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
"{60F9669C-AE0F-4B71-87C4-D239F8207E7D}"= UDP:C:\Program Files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
"{AA89A1F9-6571-4D0F-B289-314351F46CB1}"= TCP:C:\Program Files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071204.001\IDSvix86.sys [2007-11-06 180272]
R2 Automaattinen LiveUpdate-ajastustoiminto;Automaattinen LiveUpdate-ajastustoiminto;C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-01-22 554616]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-06-03 3695104]
R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;C:\Windows\system32\DRIVERS\fetnd6v.sys [2008-05-13 43520]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-03-07 37936]
R3 X10Hid;X10 Hid Device;C:\Windows\system32\Drivers\x10hid.sys [2006-11-17 13976]
S3 3xHybrid;ASUSTek SAA713x PCI Card;C:\Windows\system32\DRIVERS\3xHybrid.sys [2006-11-15 816512]
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\Windows\system32\DRIVERS\fetnd5bv.sys [2007-09-21 43520]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-09-10 92656]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\shell\AutoRun\command - J:\OblivionLauncher.exe

*Newly Created Service* - COMHOST
.
'Ajoitetut tehtävät'-kansion sisältö
.
.
------- Täydentävä tarkistus -------
.
FireFox -: Profile - C:\Users\eDy\AppData\Roaming\Mozilla\Firefox\Profiles\q2prvqpp.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - afterdawn.fi
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPMFireLauncher.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-13 14:40:00
Windows 6.0.6001 Service Pack 1 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
Valmistumisajankohta: 2008-09-13 14:43:29
ComboFix-quarantined-files.txt 2008-09-13 11:43:17
ComboFix2.txt 2008-09-12 18:28:24

Pre-Run: 229,687,013,376 tavua vapaana
Post-Run: 229,700,435,968 tavua vapaana

373 --- E O F --- 2008-09-11 19:46:27


hjt loki:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:44, on 2008-09-13
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL ktfacl.dll dzvyyh.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automaattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\system32\bgsvcgen.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 9193 bytes

 

Nyt on poistttu ja karanteenit tyhjenntty vois ton Nortoninki joskus maksaa uusiks.

 

Poista kansio

C:\Program Files\MicroAV

==============

Niin tai keventää virustorjuntaa.
vaikka ilmaiseen ja sille ilmanen palomuuri

 

Katos siel oli semmonenki no nyt o poistettu.

 

No niin mites se kone toimii

 

Hyvinhä tämä kiitti vaa sulle avusta. Fyysinen muisti kyl käytös 80 % koko ajan mut johtuu varmaa taas vistan omista jutuist.

 

Paljos koneessa on sitä keskusmuistia

 

1 giga näköjää oon kyl luullu et 512 =D

 

sen vois nostaa tuohon 2gigaa ja laitaa koneelle kevyempi virustorjunta ja sille palomuuri kaveriksi.

toimis nopeemin

 

Oon meinannu joo vähäsen kokoo nostaa ei o viel keren. Täytyy tota virustorjunnanki vaihtoa harkita.

 

kyllä se ilmanen virustojunta ajaa saman kuin maksulinenkin ja kyllä netistä tulee se pöpö jos on tullakseen.

 

Jep ja tänkä viruksen alkuperästä mul ei o mitään tietoa.

 

vundoosta smitfraudiin ja haitta ohjelmiin oli koneella .. ja sitten niiten kaverit vielä pippaloissa mukana.

 

Jeps