Bubnix.AU valtas koneen

Hekza · Sep 12, 2010

Minulla on jo tämä sama aihe virustorjunta.net sivustolla mutta siellä tuntuu vastaaminen kestävän todella kauan ja minusta tuntuu että nyt on aika vakavakin virus kyseessä :/

Eset smart security rupes yhtäkkiä hälyttämää jostain bubnix.au:sta ja sitä tuntuu olevan joka paikassa system32/drivers osiolla.. ja eset ei voi sille mitään tehä. tartunnan saaneiden kohteiden määrä 476. voisko joku auttaa pikaisesti Sad

HJT logi

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:40:12, on 11.9.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Documents and Settings\Käyttäjä\Työpöytä\Core Temp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Inter net Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKCU\..\Run: [Core Temp] "C:\Documents and Settings\Käyttäjä\Työpöytä\Core Temp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: monmvr32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resource...pld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/...2067607
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwa...ash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Verkon DDE (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: Verkon DDE DSDM (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Windows Media Playerin verkkojakamispalvelu (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 8998 bytes

ietokantaversio: 4523

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11.9.2010 22:21:05
mbam-log-2010-09-11 (22-21-05).txt

Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistettuja kohteita: 252087
Kulunut aika: 36 minuutti(a), 39 sekunti(a)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita kansioita: 0
Saastuneita tiedostoja: 2

Saastuneita muistiprosesseja:
(Ei haitallisia kohteita)

Saastuneita muistimoduuleja:
(Ei haitallisia kohteita)

Saastuneita rekisteriavaimia:
(Ei haitallisia kohteita)

Saastuneita rekisteriarvoja:
(Ei haitallisia kohteita)

Saastuneita rekisterikohteita:
(Ei haitallisia kohteita)

Saastuneita kansioita:
(Ei haitallisia kohteita)

Saastuneita tiedostoja:
C:\Documents and Settings\Käyttäjä\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Käyttäjä\Local Settings\Temp\services.exe (Password.Stealer) -> Quarantined and deleted successfully.

Hekza · Sep 12, 2010

kalmineeeen apuva

poistin entiset javat ja latasin uusimman

kalminen · Sep 12, 2010

.
Toivottavasti bubnix.au ei ole oikea rootKitt

Tässä ohjeet kuinka System Restore (Järjestelmän palautuspiste) sammutetaan. Windows XP:ssä
(System Volume Information)

1 Klikkaa hiiren oikealla napilla käynnistävalikon My Computer- tai oma tietokone-kuvaketta
2 Valitse Properties/ominaisuudet (Järjestelmä)
3 Valitse System Restore/järjestelmän palauttaminen välilehti
4 Laita ruxi "Turn off System Restore"/poista järjestelmän palauttaminen kaikissa asemissa
5 Paina Apply/käytä
6 Paina OK
7 Käynnistä Tietokoneesi uudelleen

*****************

Paina napit Ctrl + Sift ja Esc pohjaan jolloin
avautuu Tehtävien hallinta / Task Manager ohjelma.
Klikkaa Prosessit välilehti auki.
Alareunasta laitat Näytä kaikkien käyttäjien prosessit
päälle ja sieltä =>

monmvr32.exe

Klikkaa riviä hiiren oikeallanapilla ja valitset Lopeta prosessi
Poistu ohjelmasta.

Mene Käynnistä => Kaikkiohjelmat => Käynnistys
Siellä hiiren oikealla napilla => monmvr32.exe poista.

----------------------------------------------------------------

Ole hyvä ja lataa Combofix yhdestä alla olevista linkeistä:

Linkki 3

* TÄRKEÄÄ !!! Tallenna ComboFix.exe työpöydällesi

* Sulje/ota pois päältä kaikki virustorjunta- ja haittaohjelmien poisto-ohjelmat, jotta ne eivät häiritse ComboFixin ajoa.
(ei palomuuria)
* Tuplaklikkaa Combofix.exe ja noudata ohjeita.

* Osana skannausta Combofix tarkistaa onko palautuskonsoli asennettuna. Nykypäivän haittaohjelmien takia on erittäin suositeltua olla asennettuna palautuskonsoli ennen haittaohjelmien poistoa. Windowsin palautuskonsoli mahdollistaa käynnistyksen erityiseen palautustilaan. Palautuskonsolin kautta voimme auttaa sinua helpommin mikäli haittaohjelmien poiston yhteydessä ilmenee ongelmia.

* Seuraa ohjeita ja salli Combofixin ladata ja asentaa Microsoftin palautuskonsoli, ja kun pyydetään, hyväksy ohjelman takuuehdot asentaaksesi palautuskonsolin.

**Huomaa: Jos palautuskonsoli on jo asennettuna, Combofix jatkaa eteenpäin.

Kun Microsoftin palautuskonsoli on asennettu, sinun pitäisi nähdä seuraava viesti:

Klikkaa Kyllä jatkaaksesi skannausta.

Kun ComboFix on valmis, se luo raportin. Ole hyvä ja kopioi/liitä seuraavat raportit vastaukseesi:

Varoitus: ÄLÄ aja ComboFixia ilman valvontaa. Se ei ole lelu ja sitä ei tule käyttää rutiininomaisesti päivittäin.

Jos tarvitset apua, katso yksityiskohtaisempi ohje:
http://www.bleepingcomputer.com/combofix/fi/combofixin-kayttoohje

=> C:\ComboFix.txt
Uusi HijackThis-loki

Jos löydetään ja saadaan se pois, niin ilmoita
VT:lle etteivä ala tekemään turhaa työtä.

Hekza · Sep 12, 2010

hups tuli kahesti

Hekza · Sep 12, 2010

ComboFix 10-09-11.03 - Käyttäjä 12.09.2010 17:30:30.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.358.1035.18.2047.1451 [GMT 3:00]
Sijainti: c:\documents and settings\Käyttäjä\Työpöytä\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {852F5054-FFA4-00D1-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8539567C-FFA4-00D1-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85894C1C-FFA4-00D1-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {859463CC-FFA4-00D1-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {859A28CC-FFA4-00D1-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85C8F6DC-FFA4-00D1-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85CB3DDC-FFA4-00D1-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D1F96C-FFA4-00D1-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85DDCA74-FFA4-00D1-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85F17D44-FFA4-00D1-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861A2794-FFA4-00D1-0D24-347CA8A3377C}
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESETin henkilökohtainen palomuuri *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Virustorjunnan taustasuojaus on päällä

.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\_000011_.tmp.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2010-08-12 to 2010-09-12 )))))))))))))))))
.

2010-09-12 14:20 . 2010-09-12 14:20 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2010-09-12 14:13 . 2010-09-12 14:32 -------- d-----w- c:\windows\LastGood
2010-09-12 12:50 . 2010-09-12 12:50 -------- d-----w- c:\program files\Common Files\Java
2010-09-12 12:50 . 2010-09-12 12:49 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-12 08:25 . 2010-09-12 08:26 -------- d-----w- c:\program files\Windows Live Safety Center
2010-09-11 18:39 . 2010-09-11 18:39 -------- d-----w- c:\program files\Trend Micro
2010-09-11 18:26 . 2008-04-13 18:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-09-11 18:26 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-09-11 18:26 . 2008-04-13 18:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-09-11 18:26 . 2008-04-13 18:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-09-11 18:26 . 2008-04-13 18:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-09-11 18:26 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\Changer.sys
2010-09-11 17:27 . 2010-09-11 17:27 -------- d-----w- c:\program files\uTorrent
2010-09-08 14:13 . 2010-09-08 14:13 -------- d-----w- c:\program files\Mumble
2010-09-07 15:03 . 2010-09-07 15:03 -------- d-----w- c:\program files\PC Connectivity Solution
2010-09-07 15:01 . 2010-09-07 14:58 36414944 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4ECA710C-B818-4751-A3B8-42C2D93922A8}\NokiaSoftwareUpdaterSetup_2.5.8EN.exe
2010-09-07 14:59 . 2010-09-07 14:59 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4ECA710C-B818-4751-A3B8-42C2D93922A8}\Installer\CommonCustomActions\Sleep.exe
2010-09-07 14:59 . 2010-09-07 14:59 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4ECA710C-B818-4751-A3B8-42C2D93922A8}\Installer\CommonCustomActions\msxml6Exec.exe
2010-09-07 14:59 . 2010-09-07 14:59 3203453 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4ECA710C-B818-4751-A3B8-42C2D93922A8}\Installer\CommonCustomActions\vcredistExec.exe
2010-09-01 15:47 . 2010-04-29 12:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-01 15:47 . 2010-09-01 15:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-01 15:47 . 2010-09-01 15:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-01 15:47 . 2010-04-29 12:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-25 18:22 . 2010-09-03 12:53 -------- d-----w- c:\program files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-12 14:34 . 2010-09-12 14:34 0 ----a-w- c:\windows\system32\drivers\SET7C.tmp
2010-09-12 14:34 . 2006-03-02 12:00 758272 ----a-w- c:\windows\system32\drivers\Sfloppy.sys
2010-09-12 14:27 . 2010-09-12 14:27 16 ----a-w- c:\documents and settings\LocalService\Application Data\apiqfw.dat
2010-09-12 14:08 . 2007-08-01 17:40 -------- d-----w- c:\program files\mIRC
2010-09-12 14:08 . 2010-01-17 15:32 -------- d-----w- c:\program files\Soldier of Fortune II - Double Helix MP TEST
2010-09-12 12:54 . 2006-12-31 16:43 -------- d-----w- c:\program files\CCleaner
2010-09-11 18:26 . 2010-09-11 18:26 16 ----a-w- c:\documents and settings\Default User\Application Data\apiqfw.dat
2010-09-07 16:24 . 2007-11-22 12:41 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-09-07 16:22 . 2010-02-03 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-09-07 16:21 . 2007-12-06 22:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-07 16:20 . 2006-12-31 16:49 -------- d-----w- c:\program files\Lavalys
2010-09-07 16:19 . 2006-12-25 23:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-07 15:03 . 2009-01-08 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2010-09-07 15:03 . 2009-01-08 16:29 -------- d-----w- c:\program files\DIFX
2010-09-07 15:02 . 2009-01-08 15:36 -------- d-----w- c:\program files\Nokia
2010-09-07 15:01 . 2009-01-08 15:36 -------- d-----w- c:\program files\Common Files\Nokia
2010-08-31 16:42 . 2007-05-30 13:51 -------- d-----w- c:\program files\SpywareBlaster
2010-08-28 20:15 . 2006-03-02 12:00 82860 ----a-w- c:\windows\system32\perfc00B.dat
2010-08-28 20:15 . 2006-03-02 12:00 412792 ----a-w- c:\windows\system32\perfh00B.dat
2010-08-28 20:14 . 2007-12-01 22:45 69232 ----a-w- c:\documents and settings\Tanja\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-23 16:36 . 2010-07-13 05:46 -------- d-----w- c:\program files\MSECache
2010-08-17 16:57 . 2009-09-15 18:33 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-09 11:46 . 2010-04-04 17:43 -------- d-----w- c:\documents and settings\Tanja\Application Data\uTorrent
2010-08-07 11:37 . 2008-06-16 13:05 -------- d-----w- c:\documents and settings\Tanja\Application Data\vlc
2010-06-30 12:32 . 2006-03-02 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:26 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2006-03-02 12:00 1852160 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2006-03-02 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 13:53 . 2010-06-18 13:53 50354 ----a-w- c:\documents and settings\Tanja\Application Data\Facebook\uninstall.exe
2010-06-17 14:03 . 2006-03-02 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Core Temp"="c:\documents and settings\Käyttäjä\Työpöytä\Core Temp.exe" [2009-08-05 378384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\amd_dc_opt\amd_dc_opt.exe" [2006-06-28 106496]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-09-11 2054360]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-03-16 868352]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2010-03-16 251904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\K„ytt„j„\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
monmvr32.exe [2008-4-14 32256]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11.9.2009 8:23 108792]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [11.9.2009 8:24 735960]
R3 ALSysIO;ALSysIO;\??\c:\docume~1\KYTTJ~1\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\KYTTJ~1\LOCALS~1\Temp\ALSysIO.sys [?]
R3 AmdTools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [6.1.2010 17:46 31744]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [21.9.2009 18:24 22784]
R3 vHidDev;Razer Gaming Device;c:\windows\system32\drivers\vHidDev.sys [27.4.2010 21:37 5760]
S3 cpuz130;cpuz130;\??\c:\docume~1\KYTTJ~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\KYTTJ~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 CYUSB;Cypress Generic USB Driver;c:\windows\system32\drivers\cyusb.sys [21.9.2009 18:24 38528]
S3 EC168BDA;EC168BDA service;c:\windows\system32\drivers\ec168bda.sys [17.10.2007 14:50 107904]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\KYTTJ~1\LOCALS~1\Temp\NIO252.tmp --> c:\docume~1\KYTTJ~1\LOCALS~1\Temp\NIO252.tmp [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29.12.2007 19:42 717296]

--- Muut muistissa olevat ajurit/palvelut ---

*Deregistered* - Sfloppy
.
'Ajoitetut tehtävät'-kansion sisältö

2008-03-28 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1100 series5E771253C1676EBED677BF361FDFC537825E15B8198145598.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]

2010-09-12 c:\windows\Tasks\User_Feed_Synchronization-{FA9D2CCE-E59C-43AE-8350-3BCC8E2EC672}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 01:31]
.
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyOverride = localhost;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Käyttäjä\Application Data\Mozilla\Firefox\Profiles\2qps1ngx.default\
FF - prefs.js: browser.startup.homepage - www.google.fi
FF - component: c:\documents and settings\Käyttäjä\Application Data\Mozilla\Firefox\Profiles\2qps1ngx.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Käyttäjä\Application Data\Mozilla\Firefox\Profiles\2qps1ngx.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOXIN KÄYTÄNNÖT ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-12 17:33
Windows 5.1.2600 Service Pack 3 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\KYTTJ~1\LOCALS~1\Temp\NIO252.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Sfloppy]

.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):ad,ce,54,42,50,35,bd,50,28,bf,fd,9b,1e,0b,c8,09,c9,1f,3d,73,ca,
1a,7f,3c,06,47,71,8a,01,39,e5,85,d9,bf,75,77,5d,0a,79,c0,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ce60a86a-02b6-4868-b610-8d929aaa0851}]
@Denied: (Full) (Everyone)
"Model"=dword:00000067
"Therad"=dword:00000020
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,47,92,bc,76,bd,07,62,17,4d,3e,0b,36,a5,5f,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\�•€|ÿÿÿÿ"•€|þ»Ów*]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'winlogon.exe'(948)
c:\windows\system32\Ati2evxx.dll
.
Valmistumisajankohta: 2010-09-12 17:35:43
ComboFix-quarantined-files.txt 2010-09-12 14:35

Ennen ajoa: 182 441 828 352 tavua vapaana
Ajon jälkeen: 184 673 902 592 tavua vapaana

WindowsXP-KB310994-SP2-Home-BootDisk-FIN.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 585584A5134F899131864B598EC554DE

Kiitos nopeasta vastauksesta En ymmärrä tota avira hommaa, ei tässä koneella pitäs olla asennettuna sitä. Joo pitää ilmoittaa sinne jos saadaan tämä kuntoon. Hjt logi:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:38:57, on 12.9.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\Käyttäjä\Työpöytä\Core Temp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Core Temp] "C:\Documents and Settings\Käyttäjä\Työpöytä\Core Temp.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: monmvr32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167092067607
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Verkon DDE (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: Verkon DDE DSDM (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Windows Media Playerin verkkojakamispalvelu (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 8711 bytes

Nii ja en löytänyt tuota monmvr32:sta

kalminen · Sep 12, 2010

.
Tuntuu olevan aika sotkussa.

Aja rekisterin siivous =>

Lataus ja siivous ohjeet: TÄÄLLÄ

----------------------------------------------------------

* Lataa OTM by OldTimer.
* Tallenna se työpöydällesi.
* Tuplaklikkaa OTM.exe käynnistääksesi sen.
* Kopioi (CTRL+C) alla olevasta laatikosta kaikki teksti.
Code:
:Processes
explorer.exe
:files 
c:\documents and settings\Käyttäjä\Käynnistä-valikko\Ohjelmat\Käynnistys\monmvr32.exe
:reg
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Core Temp"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"SunJavaUpdateSched"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"=-
:Commands
[purity]
[emptytemp]
[emptyflash]
[start explorer]
[Reboot]
* Palaa takaisin OtmoveIt3, paina oikeanpuoleista hiiren nappia Paste Instructions for Items to be Move-ikkunassa (Keltaisen palkin alla) ja paina Liitä.
* Paina punaista MoveIt! -nappia.
* Kopioi (CTRL+C) ja liitä (CTRL+V) Results-ikkunaan (Vihreän palkin alla) tullut teksti seuraavaan viestiisi.
* Sulje OTM.

Jos jotain tiedostoa/kansiota ei voitu siirtää heti, ohjelma ehdottaa koneen uudelleenkäynnistystä. Vastaa ehdotukseen Yes, jolloin OtMoveIt käynnistää koneesi uudelleen.

*********************************************************

Lataa SystemLook by. jpshortstuff TÄÄLTÄ. ja tallenna se työpöydälle.

Tupla-klikkaa SystemLook.exe ajaaksesi sen.

Kopioi(CTRL+C) alla olevasta laatikosta kaikki teksti, tekstialueeseen.
Code:
:regfind
Avira AntiVir
852F5054-FFA4-00D1-0D24-347CA8A3377C

:filefind 
data.dat
monmvr32.exe

:dir
C:\WINDOWS\system32\drivers\etc /s
Klikkaa nappulaa Look aloittaaksesi skannauksen.

Kun skannaus on valmis avautuu muistio joka sisältää lokitiedot
Klikkaa lokia hiiren oikealla painikkeella ja valitse "Valitse kaikki"
Kopio ja liitä se seuraavaan viestiisi.
(Loki löytyy myös työpöydältäsi nimellä SystemLook.txt)

*******************************************************************

* Lataa TÄSTÄ random's system information tool (RSIT) by random/random ja tallenna se työpöydälle
* Tuplaklikkaa RSIT.exeä ajaaksesi RSITin.
* Klikkaa Continue.
* Kun RSIT on valmis, kaksi lokia avautuu muistioon. Lähetä sekä

-----------------------------------------------------------------

Lähetä =>
log.txt:n (<<avautuu suurennettuna) että
info.txt:n (<<avautuu pienennettynä) sisältö seuraavassa viestissäsi.
OTMoveIt logi.
SystemLook.txt

Hekza · Sep 12, 2010

Logfile of random's system information tool 1.08 (written by random/random)
Run by Käyttäjä at 2010-09-12 18:40:26
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 176 GB (74%) free of 238 GB
Total RAM: 2047 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:40:50, on 12.9.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\notepad.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Käyttäjä\Työpöytä\SystemLook.exe
C:\Documents and Settings\Käyttäjä\Työpöytä\RSIT.exe
C:\Program Files\trend micro\Käyttäjä.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167092067607
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Verkon DDE (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: Verkon DDE DSDM (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Windows Media Playerin verkkojakamispalvelu (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 7977 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1198145598.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{FA9D2CCE-E59C-43AE-8350-3BCC8E2EC672}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader -linkkiavustaja - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-06-17 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Liven kirjautumisapuohjelma - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-12 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"=C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe [2006-06-28 106496]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-09-11 2054360]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-03-16 868352]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-09-29 61440]
"DeathAdder"=C:\Program Files\Razer\DeathAdder\razerhid.exe [2010-03-16 251904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-09-30 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:EnablednkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:EnablednkBstrB"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2010-09-12 18:40:26 ----D---- C:\rsit
2010-09-12 18:36:36 ----D---- C:\WINDOWS\LastGood
2010-09-12 18:34:58 ----SHD---- C:\RECYCLER
2010-09-12 18:34:52 ----D---- C:\_OTM
2010-09-12 17:35:43 ----A---- C:\ComboFix.txt
2010-09-12 17:29:48 ----A---- C:\Boot.bak
2010-09-12 17:29:44 ----RASHD---- C:\cmdcons
2010-09-12 17:14:21 ----A---- C:\WINDOWS\zip.exe
2010-09-12 17:14:21 ----A---- C:\WINDOWS\SWSC.exe
2010-09-12 17:14:21 ----A---- C:\WINDOWS\SWREG.exe
2010-09-12 17:14:21 ----A---- C:\WINDOWS\sed.exe
2010-09-12 17:14:21 ----A---- C:\WINDOWS\PEV.exe
2010-09-12 17:14:21 ----A---- C:\WINDOWS\NIRCMD.exe
2010-09-12 17:14:21 ----A---- C:\WINDOWS\MBR.exe
2010-09-12 17:14:21 ----A---- C:\WINDOWS\grep.exe
2010-09-12 17:14:20 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-09-12 17:09:10 ----D---- C:\Qoobox
2010-09-12 15:50:22 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-09-12 15:50:21 ----D---- C:\Program Files\Common Files\Java
2010-09-12 15:50:04 ----A---- C:\WINDOWS\system32\javaws.exe
2010-09-12 15:50:04 ----A---- C:\WINDOWS\system32\javaw.exe
2010-09-12 15:50:04 ----A---- C:\WINDOWS\system32\java.exe
2010-09-12 15:50:04 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-09-12 11:25:12 ----D---- C:\Program Files\Windows Live Safety Center
2010-09-11 21:39:45 ----D---- C:\Program Files\Trend Micro
2010-09-11 21:26:56 ----A---- C:\WINDOWS\system32\drivers\lbrtfdc.sys
2010-09-11 21:26:55 ----A---- C:\WINDOWS\system32\drivers\i2omgmt.sys.bak
2010-09-11 21:26:55 ----A---- C:\WINDOWS\system32\drivers\i2omgmt.sys
2010-09-11 21:26:34 ----A---- C:\WINDOWS\system32\drivers\Changer.sys
2010-09-11 20:27:02 ----D---- C:\Program Files\uTorrent
2010-09-08 17:14:43 ----D---- C:\Documents and Settings\Käyttäjä\Application Data\Mumble
2010-09-08 17:13:42 ----D---- C:\Program Files\Mumble
2010-09-07 18:03:33 ----D---- C:\Program Files\PC Connectivity Solution
2010-09-01 18:47:51 ----D---- C:\Documents and Settings\Käyttäjä\Application Data\Malwarebytes
2010-09-01 18:47:44 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-09-01 18:47:43 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-09-01 18:47:42 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-09-01 18:47:42 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-08-25 21:22:38 ----D---- C:\Program Files\Microsoft Silverlight

======List of files/folders modified in the last 1 months======

2010-09-12 18:40:26 ----D---- C:\WINDOWS\Prefetch
2010-09-12 18:40:17 ----D---- C:\WINDOWS\system32\drivers
2010-09-12 18:37:06 ----D---- C:\WINDOWS\Temp
2010-09-12 18:36:36 ----D---- C:\WINDOWS
2010-09-12 18:36:32 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-12 18:35:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-12 18:34:58 ----D---- C:\WINDOWS\system32
2010-09-12 18:33:04 ----D---- C:\Program Files\Soldier of Fortune II - Double Helix MP TEST
2010-09-12 17:47:54 ----D---- C:\Program Files\mIRC
2010-09-12 17:34:39 ----D---- C:\WINDOWS\ERDNT
2010-09-12 17:33:45 ----N---- C:\WINDOWS\system.ini
2010-09-12 17:33:40 ----D---- C:\WINDOWS\system32\drivers\etc
2010-09-12 17:31:44 ----D---- C:\WINDOWS\AppPatch
2010-09-12 17:31:43 ----D---- C:\Program Files\Common Files
2010-09-12 17:29:48 ----RASH---- C:\boot.ini
2010-09-12 17:28:51 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-09-12 17:14:20 ----SHD---- C:\System Volume Information
2010-09-12 17:14:20 ----D---- C:\WINDOWS\system32\Restore
2010-09-12 16:01:09 ----D---- C:\Program Files
2010-09-12 15:54:35 ----D---- C:\WINDOWS\Minidump
2010-09-12 15:54:35 ----D---- C:\WINDOWS\Debug
2010-09-12 15:54:29 ----D---- C:\Program Files\CCleaner
2010-09-12 15:50:22 ----SHD---- C:\WINDOWS\Installer
2010-09-12 11:26:55 ----HD---- C:\WINDOWS\inf
2010-09-12 11:25:13 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-09-12 10:17:03 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2010-09-12 00:02:23 ----D---- C:\Documents and Settings\Käyttäjä\Application Data\vlc
2010-09-11 22:52:24 ----D---- C:\WINDOWS\system32\config
2010-09-11 21:31:58 ----D---- C:\Documents and Settings\Käyttäjä\Application Data\uTorrent
2010-09-11 21:24:23 ----D---- C:\Documents and Settings\Käyttäjä\Application Data\dvdcss
2010-09-09 18:32:18 ----A---- C:\WINDOWS\NeroDigital.ini
2010-09-09 18:06:35 ----D---- C:\Program Files\Mozilla Firefox
2010-09-08 21:07:36 ----D---- C:\Temp
2010-09-08 17:13:47 ----D---- C:\WINDOWS\WinSxS
2010-09-07 19:24:37 ----D---- C:\Documents and Settings\Käyttäjä\Application Data\SUPERAntiSpyware.com
2010-09-07 19:24:34 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-09-07 19:22:08 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2010-09-07 19:21:56 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-09-07 19:20:40 ----D---- C:\Program Files\Lavalys
2010-09-07 19:19:51 ----HD---- C:\Program Files\InstallShield Installation Information
2010-09-07 18:03:48 ----D---- C:\Documents and Settings\All Users\Application Data\Installations
2010-09-07 18:03:40 ----D---- C:\Program Files\DIFX
2010-09-07 18:03:39 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-09-07 18:03:12 ----D---- C:\WINDOWS\system32\CatRoot
2010-09-07 18:02:52 ----D---- C:\Program Files\Nokia
2010-09-07 18:01:57 ----D---- C:\Program Files\Common Files\Nokia
2010-09-07 18:00:53 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-09-06 16:37:32 ----D---- C:\Program Files\Windows Media Player
2010-08-31 19:42:22 ----D---- C:\Program Files\SpywareBlaster
2010-08-28 23:15:27 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-25 21:22:43 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-08-25 17:02:54 ----A---- C:\WINDOWS\ODBC.INI
2010-08-24 17:58:53 ----RSD---- C:\WINDOWS\Fonts
2010-08-23 19:36:59 ----D---- C:\Program Files\MSECache
2010-08-22 16:18:39 ----A---- C:\AILog.txt
2010-08-14 22:01:21 ----D---- C:\WINDOWS\Microsoft.NET
2010-08-14 22:01:07 ----RSD---- C:\WINDOWS\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-11-20 43872]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-15 76544]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-09-11 108792]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-09-11 55768]
R1 intelppm;Intel-suoritinohjain; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40320]
R1 kbdhid;Näppäimistön HID-ohjain; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 WS2IFSL;Windows Socket 2.0:n tukiympäristö ei-IFS-järjestelmiä varten; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-12-26 278984]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-09-11 116008]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-09-11 135048]
R2 HidUsb;HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-12-26 25416]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-05-18 304640]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-05-18 94848]
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 AmdTools;AMD Special Tools Driver; C:\WINDOWS\system32\DRIVERS\AmdTools.sys [2006-06-27 31744]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-09-30 3565056]
R3 ATIAVAIW;ATI T200 Unified AVStream service; C:\WINDOWS\system32\DRIVERS\atinavt2.sys [2008-05-15 171520]
R3 DAdderFltr;DeathAdder Mouse; C:\WINDOWS\system32\drivers\dadder.sys [2007-08-02 22784]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2009-06-19 33096]
R3 HDAudBus;Microsoft UAA -väyläohjain (High Definition Audio); C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 mouhid;Hiiren HID-ohjain; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-05 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vHidDev;Razer Gaming Device; C:\WINDOWS\system32\DRIVERS\vHidDev.sys [2009-12-21 5760]
S3 ALSysIO;ALSysIO; \??\C:\DOCUME~1\KYTTJ~1\LOCALS~1\Temp\ALSysIO.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\KYTTJ~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\Drivers\CO_Mon.sys []
S3 cpuz130;cpuz130; \??\C:\DOCUME~1\KYTTJ~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 CYUSB;Cypress Generic USB Driver; C:\WINDOWS\System32\Drivers\CYUSB.sys [2009-08-10 38528]
S3 EC168BDA;EC168BDA service; C:\WINDOWS\system32\DRIVERS\EC168BDA.sys [2007-10-17 107904]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\KYTTJ~1\LOCALS~1\Temp\NIO252.tmp []
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys []
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink -muunnin; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2010-03-08 220112]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbprint;Microsoft USB PRINTER -luokka; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB-massamuistiohjain; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-11-24 717296]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-09-30 602112]
R2 Bonjour Service;Bonjour-palvelu; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-09-11 735960]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-12 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-04-24 73728]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-04-27 75064]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-09-29 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-09-11 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S3 WMPNetworkSvc;Windows Media Playerin verkkojakamispalvelu; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-15 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.08 2010-09-12 18:40:53

======Uninstall list======

-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.2.4 - Suomi-->MsiExec.exe /I{AC76BA86-7AD7-1035-7B44-A82000000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AMD Dual-Core Optimizer-->MsiExec.exe /X{886C92E6-4AF1-4290-BB86-4B5064A1BB7D}
Apple Application Support-->MsiExec.exe /I{553255F3-78FD-40F1-A6F8-6882140265FE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x4954
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
ATI-ohjelmiston poisto-ohjelma-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
BS.Player FREE-->"C:\Program Files\Webteh\BSplayer\uninstall.exe"
Catalyst Control Center - Branding-->MsiExec.exe /I{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Counter-Strike: Source-->"C:\PROGRA~1\Steam\steam.exe" steam://uninstall/240
Counter-Strike: Source-->MsiExec.exe /I{9580813D-94B1-4C28-9426-A441E2BB29A5}
CPUID HWMonitor 1.15-->"C:\Program Files\CPUID\HWMonitor\unins000.exe"
Day of Defeat: Source-->"C:\PROGRA~1\Steam\steam.exe" steam://uninstall/300
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dual-Core Optimizer-->MsiExec.exe /X{9FD6F1A8-5550-46AF-8509-271DF0E768B5}
EVEREST Ultimate Edition v5.30-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
Futuremark SystemInfo-->"C:\Program Files\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe" -runfromtemp -l0x0009 -removeonly
Half-Life 2: Deathmatch-->"C:\PROGRA~1\Steam\steam.exe" steam://uninstall/320
Half-Life 2: Lost Coast-->"C:\PROGRA~1\Steam\steam.exe" steam://uninstall/340
High Definition Audio Driver Package - KB888111-->C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix-korjauspäivitys Windows Media Player 11:lle (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix-päivitys Windows Internet Explorer 7:lle (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix-päivitys Windows XP:lle (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix-päivitys Windows XP:lle (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix-päivitys Windows XP:lle (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix-päivitys Windows XP:lle (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix-päivitys Windows XP:lle (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix-päivitys Windows XP:lle (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
hp psc 1100 series-->MsiExec.exe /X{01161F64-6897-4885-93A0-A9F7BE9A4253}
HP valokuva- ja kuvankäsittelyohjelma 2.0 - hp psc 1100 series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
HP:n valokuva- ja kuvankäsittelyohjelma 2.0 - All-in-One Ohjain-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP:n valokuva- ja kuvankäsittelyohjelma 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
ifolor Designer-->C:\Program Files\ifolor\Designer21\FI\Uninstall.exe
Java(TM) 6 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216021FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mozilla Firefox (3.6.9)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Mumble and Murmur-->C:\Program Files\Mumble\Uninstall.exe
My Horse and Me-->"C:\Program Files\InstallShield Installation Information\{6B86AB79-5FC2-4746-94D7-9CA8D3C91170}\setup.exe" -runfromtemp -l0x0409 -removeonly
My Horse and Me-->MsiExec.exe /I{6B86AB79-5FC2-4746-94D7-9CA8D3C91170}
Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
Nokia Connectivity Cable Driver-->MsiExec.exe /I{F1FDAA01-988C-423F-AC12-0D8F333943FD}
Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_fin.exe
Nokia PC Suite-->MsiExec.exe /I{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}
Nokia Software Updater-->MsiExec.exe /X{4ECA710C-B818-4751-A3B8-42C2D93922A8}
On2 VP3 Video for Windows Codec-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF59708F-60F4-11D5-866A-00A0D2183227}\Setup.exe" -l0x9
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
PC Connectivity Solution-->MsiExec.exe /I{089DD780-DB3F-4CDB-A0C2-111360247298}
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
Päivitys Windows Internet Explorer 8:lle (KB972636)-->"C:\WINDOWS\ie8updates\KB972636-IE8\spuninst\spuninst.exe"
Päivitys Windows Internet Explorer 8:lle (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Päivitys Windows Internet Explorer 8:lle (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Päivitys Windows Internet Explorer 8:lle (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
Razer DeathAdder(TM) Mouse-->C:\Program Files\InstallShield Installation Information\{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}\setup.exe -runfromtemp -l0x0009 -removeonly
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -removeonly
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Soldier of Fortune II - Double Helix MP TEST-->C:\PROGRA~1\SOLDIE~1\Uninstall\Unwise.exe /u C:\PROGRA~1\SOLDIE~1\Uninstall\Install.log
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0xb -removeonly
Speccy-->"C:\Program Files\Speccy\uninst.exe"
SpywareBlaster 4.3-->"C:\Program Files\SpywareBlaster\unins000.exe"
Steam(TM)-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Suojauspäivitys ohjelmistolle Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 8:lle (KB2183461)-->"C:\WINDOWS\ie8updates\KB2183461-IE8\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 8:lle (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 8:lle (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 8:lle (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 8:lle (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 8:lle (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 8:lle (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 8:lle (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 8:lle (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Suojauspäivitys Windows Media Player 10:lle (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Suojauspäivitys Windows Media Player 11:lle (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Suojauspäivitys Windows Media Player 11:lle (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Suojauspäivitys Windows Media Player 9:lle (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Suojauspäivitys Windows Media Playerille (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Suojauspäivitys Windows Media Playerille (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Suojauspäivitys Windows Media Playerille (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Suojauspäivitys Windows Media Playerille (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Suojauspäivitys Windows Media Playerille (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Suojauspäivitys Windows XP:lle (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
The Sims 2 - Kauppa auki-->C:\Program Files\EA GAMES\The Sims 2 - Kauppa auki\EAUninstall.exe
The Sims 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Sims™ 3-->"C:\Program Files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe" -runfromtemp -l0x000b -removeonly
TV Jukebox 3.0-->C:\Program Files\InstallShield Installation Information\{F3F1D08D-ABEF-4528-8383-54C46369EBB6}\Setup.exe -runfromtemp -l0x000b -removeonly
Tärkeä päivitys Windows Media Player 11:lle (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
USB DVB-T TV Tuner Driver-->C:\Program Files\InstallShield Installation Information\{A0CD0434-C975-4E5B-989B-066CE4D35597}\setup.exe -runfromtemp -l0x040b
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
WinAVI Video Converter-->"C:\Program Files\WinAVI Video Converter\unins000.exe"
Windows Driver Package - Cypress (CYUSB) USB (06/05/2009 3.4.1.20)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\cy3664_2F3741BC7ECE3AAAE8B4CE2CACECAF4C8B39145E\cy3664.inf
Windows Driver Package - Cypress (CyUsb) USB -->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\cyusb_13860389BCE916343D6A5C65169C6F0C6BF6E3EA\cyusb.inf
Windows Driver Package - Razer (HidUsb) HIDClass (02/02/2007 1.0.5.0)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\dadder_1D206EBC9FC4C5439CDE5E133FD5DADD76F8E58F\dadder.inf
Windows Driver Package - Razer (HidUsb) HIDClass (04/04/2009 1.0.5.0)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\danew_06A35B30EF0D1F09361DE85C357FBD4F1A78757D\danew.inf
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray-->"C:\WINDOWS\$NtUninstallKB952011$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{9C87F6BB-75E4-4F35-8353-F5E295264E98}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{85EB1E72-4FAA-40E4-A511-DF3A9A0A4CA8}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Liven asennustyökalu-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Liven asennustyökalu-->MsiExec.exe /I{AA2BCB44-B44F-445A-A80C-E6C50218940C}
Windows Liven kirjautumisavustaja-->MsiExec.exe /I{998152E5-B605-4BBB-9853-E749AEE02B21}
Windows Liven lataustyökalu-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Liven sähköposti-->MsiExec.exe /I{3C1007F9-8AC4-4053-ACCA-A162D62888CE}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows PowerShell(TM) 1.0-->"C:\WINDOWS\$NtUninstallKB926139-v2$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Windowsin ohjainpaketti - Nokia Modem (02/23/2009 7.01.0.2)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_171C10620CF14FA76859E310DF8C6CF642D81C73\nokbtmdm.inf
Windowsin ohjainpaketti - Nokia Modem (02/24/2009 4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_5929FEDBB724B17D4BCDD74361BD95262BE1608B\nokia_bluetooth.inf
Windowsin ohjainpaketti - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
VLC media player 1.0.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Wolfenstein - Enemy Territory-->C:\PROGRA~1\WOLFEN~1\Uninstall\Unwise.exe /u C:\PROGRA~1\WOLFEN~1\Uninstall\Install.log
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"

======Security center information======

AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: ESET Smart Security 4.0
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
FW: ESETin henkilökohtainen palomuuri

======System event log======

Computer Name: PRIVATE
Event Code: 7023
Message: Palvelu Sovellusten hallinta lopetettiin virheen takia. Virhe:
Määritettyä osaa ei löydy.

Record Number: 84175
Source Name: Service Control Manager
Time Written: 20100912154725.000000+180
Event Type: error
User:

Computer Name: PRIVATE
Event Code: 7023
Message: Palvelu Sovellusten hallinta lopetettiin virheen takia. Virhe:
Määritettyä osaa ei löydy.

Record Number: 84172
Source Name: Service Control Manager
Time Written: 20100912154724.000000+180
Event Type: error
User:

Computer Name: PRIVATE
Event Code: 7023
Message: Palvelu Sovellusten hallinta lopetettiin virheen takia. Virhe:
Määritettyä osaa ei löydy.

Record Number: 84169
Source Name: Service Control Manager
Time Written: 20100912154724.000000+180
Event Type: error
User:

Computer Name: PRIVATE
Event Code: 7023
Message: Palvelu Sovellusten hallinta lopetettiin virheen takia. Virhe:
Määritettyä osaa ei löydy.

Record Number: 84165
Source Name: Service Control Manager
Time Written: 20100912154724.000000+180
Event Type: error
User:

Computer Name: PRIVATE
Event Code: 7034
Message: Palvelu Java Quick Starter lopetti yllättäen toimintansa. Se on tehnyt näin jo 1 kertaa.

Record Number: 84162
Source Name: Service Control Manager
Time Written: 20100912154721.000000+180
Event Type: error
User:

=====Application event log=====

Computer Name: PRIVATE
Event Code: 11
Message: Kolmannen osapuolen pääluetteloa ei voi purkaa automaattisesti päivitetystä Cab-tiedostosta kohteessa; <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Virhe: Vaadittu sertifikaatti ei ole voimassa järjestelmän nykyisen kellonajan tai allekirjoitetun tiedoston aikamerkinnän mukaan.

Record Number: 2412
Source Name: crypt32
Time Written: 20091101153724.000000+120
Event Type: error
User:

Computer Name: PRIVATE
Event Code: 11
Message: Kolmannen osapuolen pääluetteloa ei voi purkaa automaattisesti päivitetystä Cab-tiedostosta kohteessa; <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Virhe: Vaadittu sertifikaatti ei ole voimassa järjestelmän nykyisen kellonajan tai allekirjoitetun tiedoston aikamerkinnän mukaan.

Record Number: 2411
Source Name: crypt32
Time Written: 20091101153724.000000+120
Event Type: error
User:

Computer Name: PRIVATE
Event Code: 1000
Message: Virhesovellus wmplayer.exe, versio 11.0.5721.5145, moduuli ntdll.dll, versio 5.1.2600.5755, osoite 0x0001b21a.

Record Number: 2410
Source Name: Application Error
Time Written: 20091101144521.000000+120
Event Type: error
User:

Computer Name: PRIVATE
Event Code: 1000
Message: Virhesovellus tvjukeboxv30.exe, versio 1.1.5.5933, moduuli unknown, versio 0.0.0.0, osoite 0x0034002d.

Record Number: 2353
Source Name: Application Error
Time Written: 20091024172745.000000+180
Event Type: error
User:

Computer Name: PRIVATE
Event Code: 1020
Message: Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Record Number: 2254
Source Name: ASP.NET 2.0.50727.0
Time Written: 20091013135523.000000+180
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\WINDOWS\system32\WindowsPowerShell\v1.0;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

SystemLook 04.09.10 by jpshortstuff
Log created at 18:39 on 12/09/2010 by Käyttäjä
Administrator - Elevation successful

========== regfind ==========

Searching for "Avira AntiVir"
No data found.

Searching for "852F5054-FFA4-00D1-0D24-347CA8A3377C"
No data found.

========== filefind ==========

Searching for "data.dat"
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage\data\data.dat --a---- 11856 bytes [00:21 26/12/2006] [15:04 25/03/2007] 1DFAB602BB7C8C686CDA3DFEED237C05

Searching for "monmvr32.exe"
C:\_OTM\MovedFiles\09122010_183452\c_documents and settings\Käyttäjä\Käynnistä-valikko\Ohjelmat\Käynnistys\monmvr32.exe -ra-s-- 32256 bytes [12:00 02/03/2006] [16:12 14/04/2008] 47E0E590DB6125C901BD7D45A4852A18

========== dir ==========

C:\WINDOWS\system32\drivers\etc - Parameters: "/s "

---Files---
hosts --a---- 27 bytes [12:00 02/03/2006] [14:33 12/09/2010]
hosts.20080429-191258.backup -ra--c- 227607 bytes [16:12 29/04/2008] [13:32 28/02/2008]
hosts.20080429-191310.backup -ra--c- 237402 bytes [16:13 29/04/2008] [16:12 29/04/2008]
hosts.20080723-184129.backup -ra--c- 237402 bytes [15:41 23/07/2008] [16:13 29/04/2008]
hosts.20081125-213707.backup -ra--c- 256492 bytes [19:37 25/11/2008] [15:41 23/07/2008]
hosts.20090607-173642.backup -ra--c- 289332 bytes [14:36 07/06/2009] [19:37 25/11/2008]
hosts.20090811-130854.backup -ra--c- 308442 bytes [10:08 11/08/2009] [14:36 07/06/2009]
hosts.20090929-173833.backup -ra--c- 320524 bytes [14:38 29/09/2009] [10:08 11/08/2009]
hosts.20091123-145140.backup --a--c- 320524 bytes [12:51 23/11/2009] [10:08 11/08/2009]
hosts.20100223-200122.backup -ra--c- 357998 bytes [18:01 23/02/2010] [12:51 23/11/2009]
hosts.backup -ra--c- 381618 bytes [12:00 02/03/2006] [18:01 23/02/2010]
hosts.ics --a---- 433 bytes [13:26 04/04/2007] [13:29 04/04/2007]
hosts.msn --a--c- 665 bytes [15:10 01/01/2002] [12:00 02/03/2006]
lmhosts.sam --a--c- 3705 bytes [12:00 02/03/2006] [12:00 02/03/2006]
networks --a--c- 416 bytes [12:00 02/03/2006] [12:00 02/03/2006]
protocol --a---- 829 bytes [12:00 02/03/2006] [12:00 02/03/2006]
services --a---- 7151 bytes [12:00 02/03/2006] [12:00 02/03/2006]

No folders found.

-= EOF =-

All processes killed
========== PROCESSES ==========
Process explorer.exe killed successfully!
========== FILES ==========
File move failed. c:\documents and settings\Käyttäjä\Käynnistä-valikko\Ohjelmat\Käynnistys\monmvr32.exe scheduled to be moved on reboot.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Core Temp deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-\\Adobe Reader Speed Launcher deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Järjestelmänvalvoja
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Järjestelmänvalvoja.PRIVATE
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Käyttäjä
->Temp folder emptied: 2028952 bytes
->Temporary Internet Files folder emptied: 174352 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 49637105 bytes
->Flash cache emptied: 4511 bytes

User: Kõyttõjõ

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
->FireFox cache emptied: 2281603 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Tanja
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 17090642 bytes
->FireFox cache emptied: 77603582 bytes
->Flash cache emptied: 52849 bytes

User: Vieras
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1479510 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 143,00 mb

OTM by OldTimer - Version 3.1.16.0 log created on 09122010_183452

Files moved on Reboot...
c:\documents and settings\Käyttäjä\Käynnistä-valikko\Ohjelmat\Käynnistys\monmvr32.exe moved successfully.

Registry entries deleted on Reboot...

Siinäpä ois kaikki. kiitos kun viitsit auttaa

Hekza · Sep 12, 2010

taas tuli kahesti, ei meinaa millää lähettää aina tota vastausta

kalminen · Sep 12, 2010

.
Tämä monmvr32.exe sieltä löytyi ja on nyt pois

Hiukan selkiytyi nämä logit paisi AnttiViiri HI

---------------------------------------------------------

Teetässä odotellessasi pari jutskaa =>

Tarkistetaan koneesi rootkittien varalta RootRepealilla

* Lataa RootRepeal yhdestä seuraavista linkeistä ja tallenna työpöydällesi.
* Suora lataus (Suositeltava)
* Ensisijainen linkki
* Toissijainen linkki

* Zip -pakattu (Suositeltavaa jos hidas internet yhteys tai jos suora lataus ei toimi)

* Ensisijainen linkki
* Toissijainen linkki

* Rar -pakattu (Suositeltavaa jos hidas internet yhteys / muut eivät toimi ja pystyt purkamaan Rar tiedostoja)

* Ensisijainen linkki
* Toissijainen linkki

* Pura RootRepeal.exe pakatusta tiedostosta, jos et käyttänyt suoraa latausta.
* Avaa työpöydältäsi.
* Klikkaa välilehteä.
* Klikkaa nappia.
* Merkkaa kaikki seitsemän laatikkoa:
* Paina ok.
* Merkkaa asemasi kohdalla oleva laatikko (Yleensä C: ), ja paina Ok.
* Anna RootRepealin skannata koneesi. Skannus voi kestää.
* Skannauksen valmistuttua, paina
nappia. Tallenna raportti työpöydälle esim. RootRepeal.txt.

=> Postita tämä raportti seuraavassa viestissäsi.

kalminen · Sep 12, 2010

.
Seuraavaksi mene Käynnistä ja Suorita ikkunaan.
Kirjoita avaa laatikkoon => MRT ja OK nappia
Seuraava => täydellinen tarkastus.
Logia jos antaa.

Hekza · Sep 12, 2010

Tässä tää rootrepealin logi, haittaohjelmien poistotyökalun skannaus on vielä kesken

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/09/12 19:14
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xACDEF000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA602000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA9ADB000 Size: 49152 File Visible: No Signed: -
Status: -

Name: Sfloppy.SYS
Image Path: C:\WINDOWS\System32\Drivers\Sfloppy.SYS
Address: 0xAD01E000 Size: 786432 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\WINDOWS\$NtServicePackUninstall$\sfloppy.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\dllcache\sfloppy.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\drivers\SET173.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\Sfloppy.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\drivers\Sfloppy.sys.bak
Status: Locked to the Windows API!

Path: C:\WINDOWS\ServicePackFiles\i386\sfloppy.sys
Status: Locked to the Windows API!

Path: c:\documents and settings\all users\application data\eset\eset smart security\updfiles\http_um18.eset.com\update.ver
Status: Size mismatch (API: 97256, Raw: 97258)

Path: C:\Documents and Settings\Tanja\Local Settings\Application Data\Microsoft\Messenger\tanettaja@hotmail.com\SharingMetadata\kirppu-91@hotmail.com\DFSR\Staging\CS{16BFEC79-E579-5D27-554F-159BA2753F76}\02\67-{F9~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Tanja\Local Settings\Application Data\Microsoft\Messenger\tanettaja@hotmail.com\SharingMetadata\kirppu-91@hotmail.com\DFSR\Staging\CS{16BFEC79-E579-5D27-554F-159BA2753F76}\09\70-{F9~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Tanja\Local Settings\Application Data\Microsoft\Messenger\tanettaja@hotmail.com\SharingMetadata\kirppu-91@hotmail.com\DFSR\Staging\CS{16BFEC79-E579-5D27-554F-159BA2753F76}\18\74-{F9~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Tanja\Local Settings\Application Data\Microsoft\Messenger\tanettaja@hotmail.com\SharingMetadata\kirppu-91@hotmail.com\DFSR\Staging\CS{16BFEC79-E579-5D27-554F-159BA2753F76}\36\83-{F9~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Tanja\Local Settings\Application Data\Microsoft\Messenger\tanettaja@hotmail.com\SharingMetadata\kirppu-91@hotmail.com\DFSR\Staging\CS{16BFEC79-E579-5D27-554F-159BA2753F76}\38\85-{F9~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Tanja\Local Settings\Application Data\Microsoft\Messenger\tanettaja@hotmail.com\SharingMetadata\kirppu-91@hotmail.com\DFSR\Staging\CS{16BFEC79-E579-5D27-554F-159BA2753F76}\53\68-{F9ABBBFA-7D98-4D29-B94F-E419901F819B}-v653-{96A4A985-80D4-41C8-AD5F-DE31CC8277CB}-v68-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Tanja\Local Settings\Application Data\Microsoft\Messenger\tanettaja@hotmail.com\SharingMetadata\kirppu-91@hotmail.com\DFSR\Staging\CS{16BFEC79-E579-5D27-554F-159BA2753F76}\60\84-{F9~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Tanja\Local Settings\Application Data\Microsoft\Messenger\tanettaja@hotmail.com\SharingMetadata\kirppu-91@hotmail.com\DFSR\Staging\CS{16BFEC79-E579-5D27-554F-159BA2753F76}\64\86-{F9~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Tanja\Local Settings\Application Data\Microsoft\Messenger\tanettaja@hotmail.com\SharingMetadata\kirppu-91@hotmail.com\DFSR\Staging\CS{16BFEC79-E579-5D27-554F-159BA2753F76}\80\94-{F9~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Tanja\Local Settings\Application Data\Microsoft\Messenger\tanettaja@hotmail.com\SharingMetadata\kirppu-91@hotmail.com\DFSR\Staging\CS{16BFEC79-E579-5D27-554F-159BA2753F76}\86\95-{F9~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Tanja\Local Settings\Application Data\Microsoft\Messenger\tanettaja@hotmail.com\SharingMetadata\kirppu-91@hotmail.com\DFSR\Staging\CS{16BFEC79-E579-5D27-554F-159BA2753F76}\88\88-{F9~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Tanja\Local Settings\Application Data\Microsoft\Messenger\tanettaja@hotmail.com\SharingMetadata\kirppu-91@hotmail.com\DFSR\Staging\CS{16BFEC79-E579-5D27-554F-159BA2753F76}\94\91-{F9~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

SSDT
-------------------
#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "<unknown>" at address 0x89e20580

#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "<unknown>" at address 0x89e21100

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "<unknown>" at address 0x89e20b30

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x89e1fcc0

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x89e1ffc0

#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "<unknown>" at address 0x89e209c0

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x89e20860

#: 229 Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x89e206e0

#: 237 Function Name: NtSetSecurityObject
Status: Hooked by "<unknown>" at address 0x89e1d700

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x89e20420

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x89e202c0

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x89e1fe50

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x89e20150

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x89e20f50

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x8a44a838 Size: 703

Hidden Services
-------------------
Service Name: Sfloppy
Image Path: C:\WINDOWS\system32\drivers\Sfloppy.sys

==EOF==

Hekza · Sep 12, 2010

Haittaohjelmien poistotyökalu ei löytäny mitään eikä siitä saanut mitään raporttia

kalminen · Sep 13, 2010

.
Tämä ei näy olevan kunnossa:

* Vanha HOSTS tiedosto poistetaan. Käynnistä kone vikasietotilaan => OHJE
Tämä C:\WINDOWS\system32\drivers\etc\HOSTS tiedosto pois
* Käynnistä koneesi normaalitilaan.
* Lataa HOSTS: Täältä Työpöydällesi.
* Pura: hosts.zip C:\WINDOWS\system32\drivers\etc kansioon.

Lopuksi Voit varmistaa, että siellä on HOSTS niminen tiedosto ilman tiedostopäätettä. Koko n.700 kt.
Suoja activoituu seuraavan käynnistyksen yhteydessä.(ei kuormita muistia)

Houstiin päivitykset: Täältä
Mitä HOSTS tekee: Opas Täällä

-----------------------------------------------------

Onko sulla koneella SCSI väylää käyttävää
levyasemaa asennettuna.

Tyhjennä Eset smart securityn karanteeni ja
Katso samalla minkä nininen tiedosto siellä on, jos on.
kokeile uudelleen löytääkö se enään tuota virusta.
PS. Esettikin voi olla viallinen.

Hekza · Sep 13, 2010

Hosts homma on nyt kunnossa ja tyhjennin ton karanteenin sunnuntaina, mutta eset on löytänyt samat pöpöt uudestaan. tässä ois kuvaa karanteenista:
nii ja cd asema on sata väylää käyttävä mun mielestä

Hekza · Sep 13, 2010

tyhjennin karanteenin uudestaan ja laitoin esetin tekemään täystarkistusta, katotaan löytääkö se vieläki noi samat

kalminen · Sep 13, 2010

.
Tuolla VT:n sivulla listatut virheet
Väittää Winukan Lailliset Driverit
olevan saastuneet.
Niiden mukaan sun koneesi ei pitäisi käynnistyä
eikä toimia muutenkaan.

Tuliketun kanssa on selvä rita olemassa
Avirakin näkyy olevan FF:n plugineissa, mutta
ei Winukan rekistereissä.

--------------------------------------------------------------

Mene Windowsin ControlPaneliin (Ohjauspaneli) ja sieltä Lisää / Poista sovellus
Vistassa (7) Ohjelmat ja toiminnot
Etsi ja poista ohjelma jonka nimessä on:

Mozilla Firefox laita
ruxi täydellinen poisto.

Käynnistä koneesi uudelleen.

--------------------------------------------

Jos F-Sykerö ei löydä mitään, niin Esetille tulee lähtö.

Tarkista koneesi F-Securen online skannerilla
* Rastita I have read and accepted the license term ja paina install.

* Jos käytät firefoxia, sinua pyydetään asentamaan F-securen lisäosa. Asenna se ja valitse
"Käynnistä selain uudelleen" kun lisäosa on asennettu.
* Jos käytät Internet Exploreria, sinua pyydetään asentamaan Active X komponentti, asenna se.

* Paina Start. Sivusto lataa hetken ja F-secure Online Scanner -ikkuna aukeaa.
* Valitse My scan ja paina sen alla Show option.
* Valitse Select file types for scanning -kohtaan "all file types" ja rastita myös sen alla oleva "Scan inside compressed files (zip, rar, lzh, ...)" ja paina Ok.
* Paina Start. Ohjelma lataa tarvittavat tiedostot ja aloittaa skannauksen. Skannauksessa voi kestää jonkin aikaa.
* Kun skannaus valmis, varmista että Clean the files -kohdan merkki on kohdassa: "Automatically (recommended)" ja paina "Next".
* Kun puhdistus on suoritettu paina "Full report...". Raportti aukeaa selaimeesi. Mene raportti sivulle ja paina Ctrl ja A maalataksesi koko sivuston tekstin ja paina Ctrl ja C kopioidaksesi maalatun tekstin.

* Liitä F-securen skannaus raportti seuraavaan viestiisi painamalla Ctrl ja V vastaus kenttään.

Hekza · Sep 13, 2010

Tässäpä f-securen logi, poistan ton firefoxin myöhemmin. voin kai asentaa sen takas sitte normaalisti? mitähän toi eset sitte sekoilee oikeen ?

Tarkistusraportti
Maanantai, Syyskuu 13, 2010 19:09:35 - 20:14:55

Tietokoneen nimi: PRIVATE
Tarkistuksen tyyppi: Tarkista järjestelmä haitta-, vakoilu- ja rootkit-ohjelmien varalta
Kohde: C:\
Haittaohjelmia löytyi 3
TrackingCookie.Atdmt (vakoiluohjelma)

* Järjestelmä (Puhdistettu)

Suspicious:W32/Malware!Gemini (vakoiluohjelma)

* Järjestelmä (Puhdistettu)

Suspicious:W32/Malware!Gemini (virus)

* C:\DOCUMENTS AND SETTINGS\KÄYTTÄJÄ\TYÖPÖYTÄ\RSIT.EXE (Ei puhdistettu)

Tilastot
Tarkistettu:

* Tiedostot: 63389
* Järjestelmä: 3961
* Ei tarkistettu: 13

Toimenpiteet:

* Puhdistettu: 2
* Nimetty uudelleen: 0
* Poistettu: 0
* Ei puhdistettu: 1
* Lähetetty: 0

Tarkistamattomat tiedostot:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\SFLOPPY.SYS
* C:\WINDOWS\SYSTEM32\DLLCACHE\SFLOPPY.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
* C:\WINDOWS\SERVICEPACKFILES\I386\SFLOPPY.SYS
* C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\SFLOPPY.SYS
* C:\DOCUMENTS AND SETTINGS\KÄYTTÄJÄ\LOCAL SETTINGS\TEMP\HSPERFDATA_KÄYTTÄJÄ\3916
* C:\DOCUMENTS AND SETTINGS\KÄYTTÄJÄ\LOCAL SETTINGS\TEMP\HSPERFDATA_KÄYTTÄJÄ\4044

kalminen · Sep 13, 2010

.
Tätä minä hiukan epäilin !!!

FireFoxissa poista kaikki lisäosat ja käynnistä tulikettu uudelleen.
Ota talteen FireFoxin:n osoitteet ja passit => TÄLLÄ
Poista Mozilla.
Kun homma on valmis lopuksi voit asentaa FF:n takaisin ja palauttaa
mozbackupilla passit ja kirjan merkit takaisin.

*****************************************************************

Laita varmuudeksi Windowsin palomuuri päälle Ohjauspanelin => Windows palomuuri kuvakkeesta.

***************************************************************

Lisää poista ohjelmalla Esetille kenkää.

Windows palomuuri riittää siksiaikaa, että saadaan
haulit himaan.

Kerrotko sitten missä mennään, niin jatketaan.

Hekza · Sep 13, 2010

Nyt on firefox poistettu ja asennettu uudelleen.
Raskinkohan mie poistaa tuota esettiä ku lisenssiä ois jälellä vielä marraskuulle ja se on toiminut jo pari vuotta ilman ongelmia ja viruksiakaan ei ole tätä ennen ollut
Nyt ei ole enää tullu hälytyksiä tuosta bubnix.au:sta. Mitähän tuo nyt sitte oikeen sekoili? Tein täys skannauksenkin esetillä eikä se löytänyt mitään. Ja kone on toiminut suht. normaalisti koko ajan. Tässä ois uusin HJT logi varalta

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:52:33, on 13.9.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167092067607
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Verkon DDE (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: Verkon DDE DSDM (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Windows Media Playerin verkkojakamispalvelu (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 7973 bytes

kalminen · Sep 13, 2010

.
Toivotaan, että homma olis rauhaantunut tähän !!!
HJT logi on aivan terveen näköinen.

---------------------------------------------------

Seuraavaksi poistamme kaikki käytetyt työkalut roskineen.

* TuplaklikkaaOTM.exe.
* Klikkaa CleanUp!.
* Valitse Yes kun kysytään "Begin cleanup Process?".
* Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.
* OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.

---------------------------------------------------------------------------

Käynnistä Malwarebytes => Karanteeni välileti ja tyhjennä roskat.

**********************************************************

Kirjoita windowsin käynnistävalikon suorita-kenttään Combofix /uninstall paina OK

*************************************************************

8 Laita Palautusapiste (System Restore) taas päälle => ruxsi pois ruudusta
"Turn off System Restore" => käytä => OK.

9 Mene Käynnistä => Suorita ja kopioi laatikkoon %SystemRoot%\system32\restore\rstrui.exe => OK
Laita täppi kohtaan Luo palautuspiste => Seuraava
toimi ohjeiden mukaan.

Tarkkaile konetta ja jos ongelmia ilmenee, niin laita logia tulemaan.

.

Log in or Sign up

Bubnix.AU valtas koneen

Hekza Member

Hekza Member

kalminen Regular member

Hekza Member

Hekza Member

kalminen Regular member

Hekza Member

Hekza Member

kalminen Regular member

kalminen Regular member

Hekza Member

Hekza Member

kalminen Regular member

Hekza Member

Hekza Member

kalminen Regular member

Hekza Member

kalminen Regular member

Hekza Member

kalminen Regular member

Share This Page

Log in or Sign up

Bubnix.AU valtas koneen

Hekza Member

Hekza Member

kalminen Regular member

Hekza Member

Hekza Member

kalminen Regular member

Hekza Member

Hekza Member

kalminen Regular member

kalminen Regular member

Hekza Member

Hekza Member

kalminen Regular member

Hekza Member

Hekza Member

kalminen Regular member

Hekza Member

kalminen Regular member

Hekza Member

kalminen Regular member

Share This Page

Useful Searches