HJT analyzer varoittelee, tarttis fixaus apua.

Pistin lokini tonne hijackthis.de analyzeriin niin se löysi sieltä jotain mätää ja voi olla jotain mitä se ei edes löydä. Ongelmia esim uudelleenkäynnistäminen/sammuttaminen kestää ikuisuuden...Nyt tarvisin apua fixaukseen. Tässä loki

Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:11:35, on 21.6.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ANTEC\VFD\VFD.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://thepiratebay.org/[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [VFD] C:\Program Files\ANTEC\VFD\VFD.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [XMouseButton] C:\Program Files\Highresolution Enterprises\X-Mouse Button Control (32bit Version)\XMouseButtonControl.exe
O4 - HKLM\..\Run: [Windows Messanger Control Center] winlogon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: UltraMon.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GB-PVR Recording Service - WelltonWay - C:\Program Files\Devnz\GBPVR\GBPVRRecordingService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\Windows\system32\pr2ah4nc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TVService - Unknown owner - F:\Media Portal\TVService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 7884 bytes 

 

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

==========

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.

 

ComboFix

Code:

ComboFix 08-06-20.4 - TubiJubi 2008-06-22 15:05:50.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1035.18.1253 [GMT 3:00]
Running from: C:\Users\TubiJubi\Desktop\ComboFix.exe
 * Created a new restore point
.

((((((((((((((((((((((((((((((((((((((   Muut poistot   ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\winlogon.exe

.
(((((   Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-22 to 2008-06-22  )))))))))))))))))
.

2008-06-21 23:11 . 2008-06-21 23:11	<KANSIO>	d--------	C:\Program Files\Trend Micro
2008-06-21 19:06 . 2008-06-21 19:25	<KANSIO>	d--------	C:\Plugins
2008-06-21 19:06 . 2008-06-21 19:25	<KANSIO>	d--------	C:\Custom Characters
2008-06-21 19:06 . 2007-06-25 13:28	384,512	--a------	C:\Windows\System32\BTMIGetKey.dll
2008-06-21 19:05 . 2008-06-21 19:26	<KANSIO>	d--------	C:\Program Files\HIP
2008-06-21 17:16 . 2008-06-21 17:39	<KANSIO>	d--------	C:\Program Files\Team MediaPortal
2008-06-20 10:23 . 2008-06-20 10:23	1,070	--a------	C:\Windows\irremote.ini
2008-06-20 10:19 . 2008-06-20 10:19	<KANSIO>	d--------	C:\Program Files\Devnz
2008-06-20 00:23 . 2007-02-19 00:11	296,960	--a------	C:\Windows\winhlp32.exe
2008-06-20 00:23 . 2007-02-19 00:11	194,560	--a------	C:\Windows\System32\ftsrch.dll
2008-06-20 00:23 . 2007-02-19 00:11	9,728	--a------	C:\Windows\System32\ftlx041e.dll
2008-06-20 00:23 . 2007-02-19 00:11	9,216	--a------	C:\Windows\System32\ftlx0411.dll
2008-06-20 00:04 . 2008-06-20 00:05	<KANSIO>	d--------	C:\Program Files\RivaTuner v2.09
2008-06-19 23:42 . 2008-06-19 23:42	<KANSIO>	d--------	C:\Users\TubiJubi\AppData\Roaming\TechnoTrend
2008-06-19 23:40 . 2008-06-19 23:40	<KANSIO>	d--------	C:\Program Files\TechnoTrend
2008-06-19 22:56 . 2008-06-19 22:56	<KANSIO>	d--------	C:\Users\All Users\NVIDIA Corporation
2008-06-19 22:56 . 2008-06-19 22:56	<KANSIO>	d--------	C:\ProgramData\NVIDIA Corporation
2008-06-19 22:56 . 2006-03-29 08:50	671,744	--a------	C:\Windows\System32\DolbyHph.dll
2008-06-19 22:56 . 2006-03-29 08:51	89,088	--a------	C:\Windows\System32\atl71.dll
2008-06-19 22:56 . 2006-03-29 08:51	60,416	--a------	C:\Windows\System32\DSETUP.dll
2008-06-19 22:56 . 2006-03-29 08:49	9,856	--a------	C:\Windows\System32\drivers\pfc.sys
2008-06-19 22:56 . 2006-05-05 19:21	4,608	--a------	C:\Windows\System32\drivers\nvport.sys
2008-06-19 22:53 . 2008-06-19 22:53	<KANSIO>	dr-h-----	C:\$VAULT$.AVG
2008-06-19 22:39 . 2008-06-19 22:39	<KANSIO>	d--------	C:\Program Files\BitTorrent
2008-06-19 20:49 . 2008-06-19 20:49	<KANSIO>	d--------	C:\Program Files\Task Killer
2008-06-19 20:18 . 2008-06-21 17:39	<KANSIO>	d--------	C:\Program Files\Microsoft SQL Server
2008-06-19 20:05 . 2008-06-21 17:16	<KANSIO>	d--------	C:\Users\All Users\Team MediaPortal
2008-06-19 20:05 . 2008-06-21 17:16	<KANSIO>	d--------	C:\ProgramData\Team MediaPortal
2008-06-19 19:48 . 2008-06-22 13:18	<KANSIO>	d--------	C:\Program Files\DVBViewer
2008-06-19 19:24 . 2008-06-19 19:24	<KANSIO>	d--------	C:\Users\All Users\CMUV
2008-06-19 19:24 . 2008-06-19 19:24	<KANSIO>	d--------	C:\ProgramData\CMUV
2008-06-19 19:15 . 2008-03-04 15:02	421,760	--a------	C:\Windows\System32\drivers\ttBudget2.sys
2008-06-19 19:03 . 2008-06-19 19:03	<KANSIO>	d--------	C:\Program Files\MFC8.0 Runtime
2008-06-19 18:35 . 2008-06-19 18:35	0	--ah-----	C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-06-18 22:25 . 2008-06-18 22:25	0	--ah-----	C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-15 12:01 . 2008-06-15 12:01	<KANSIO>	d--------	C:\Program Files\ffdshow
2008-06-15 12:01 . 2008-06-08 23:58	60,273	--a------	C:\Windows\System32\pthreadGC2.dll
2008-06-15 12:01 . 2008-06-12 20:36	7,680	--a------	C:\Windows\System32\ff_vfw.dll
2008-06-15 12:01 . 2008-06-12 20:37	6,144	--a------	C:\Windows\System32\ff_acm.acm
2008-06-15 12:01 . 2007-07-10 18:10	547	--a------	C:\Windows\System32\ff_vfw.dll.manifest
2008-06-14 22:29 . 2008-06-14 22:29	<KANSIO>	d--------	C:\Program Files\Lavalys
2008-06-14 18:52 . 2008-06-14 21:16	<KANSIO>	d--------	C:\Program Files\AviSynth 2.5
2008-06-14 18:52 . 2008-06-14 18:52	<KANSIO>	d--------	C:\Program Files\AC3Filter
2008-06-14 18:42 . 2008-06-15 12:01	<KANSIO>	d--------	C:\Program Files\DScaler5
2008-06-14 18:42 . 2008-06-14 18:42	<KANSIO>	d--------	C:\Program Files\CD Audio Reader Filter
2008-06-14 18:41 . 2008-06-14 18:41	<KANSIO>	d--------	C:\Program Files\RealMedia
2008-06-14 18:41 . 2008-06-14 18:41	<KANSIO>	d--------	C:\Program Files\OpenSource Flash Video Splitter
2008-06-14 18:40 . 2008-06-14 18:40	<KANSIO>	d--------	C:\Program Files\SHOUTcast Source
2008-06-14 18:40 . 2008-06-14 18:40	<KANSIO>	d--------	C:\Program Files\Haali
2008-06-14 18:40 . 2008-06-14 18:40	<KANSIO>	d--------	C:\Program Files\DSP-worx
2008-06-14 18:38 . 2008-06-14 18:38	<KANSIO>	d--------	C:\Program Files\DirectVobSub
2008-06-14 18:37 . 2008-06-22 13:33	<KANSIO>	d--------	C:\Program Files\Zoom Player
2008-06-14 11:24 . 2008-06-14 11:24	<KANSIO>	d--------	C:\PerfLogs
2008-06-14 10:56 . 2008-06-14 10:32	152,576	--a------	C:\Windows\System32\SPWizUI.dll
2008-06-14 10:56 . 2008-06-14 10:32	47,560	--a------	C:\Windows\System32\SPReview.exe
2008-06-14 10:44 . 2008-01-18 23:33	193,024	--a------	C:\Windows\System32\recdisc.exe
2008-06-14 10:44 . 2008-01-18 23:36	6,656	--a------	C:\Windows\System32\sdspres.dll
2008-06-14 10:43 . 2008-01-18 23:33	599,552	--a------	C:\Windows\System32\vsp1cln.exe
2008-06-14 10:43 . 2008-01-18 23:36	142,336	--a------	C:\Windows\System32\spp.dll
2008-06-14 10:43 . 2008-01-18 23:36	28,160	--a------	C:\Windows\System32\sxproxy.dll
2008-06-14 10:34 . 2008-01-18 23:33	44,032	--a------	C:\Windows\System32\cbsra.exe
2008-06-14 10:32 . 2008-06-14 10:32	0	---------	C:\Windows\SPInstall.etl
2008-06-14 02:35 . 2008-06-20 14:46	<KANSIO>	d--------	C:\Users\TubiJubi\AppData\Roaming\DNA
2008-06-14 02:35 . 2008-06-22 15:04	<KANSIO>	d--------	C:\Users\TubiJubi\AppData\Roaming\BitTorrent
2008-06-14 02:35 . 2008-06-14 02:35	<KANSIO>	d--------	C:\Program Files\DNA
2008-06-13 22:04 . 2008-06-13 22:04	<KANSIO>	d--------	C:\Program Files\Microsoft Silverlight
2008-06-13 22:03 . 2008-04-23 07:42	428,544	--a------	C:\Windows\System32\EncDec.dll
2008-06-13 22:03 . 2008-04-23 07:42	293,376	--a------	C:\Windows\System32\psisdecd.dll
2008-06-13 22:03 . 2008-04-23 07:41	218,624	--a------	C:\Windows\System32\psisrndr.ax
2008-06-13 22:03 . 2008-01-19 10:33	80,896	--a------	C:\Windows\System32\MSNP.ax
2008-06-13 22:03 . 2008-01-19 10:33	69,632	--a------	C:\Windows\System32\Mpeg2Data.ax
2008-06-13 22:03 . 2008-04-23 07:41	57,856	--a------	C:\Windows\System32\MSDvbNP.ax
2008-06-12 01:57 . 2008-04-25 05:12	1,383,424	--a------	C:\Windows\System32\mshtml.tlb
2008-06-12 01:57 . 2008-04-25 07:35	826,880	--a------	C:\Windows\System32\wininet.dll
2008-06-11 03:52 . 2008-04-26 11:08	1,314,816	--a------	C:\Windows\System32\quartz.dll
2008-06-11 03:34 . 2008-05-10 04:33	113,664	--a------	C:\Windows\System32\drivers\rmcast.sys
2008-06-11 00:59 . 2008-06-11 00:59	<KANSIO>	d--------	C:\Users\TubiJubi\AppData\Roaming\Media Player Classic
2008-06-08 22:37 . 2008-06-08 22:37	<KANSIO>	d--------	C:\Users\TubiJubi\AppData\Roaming\Talkback
2008-06-08 22:37 . 2008-06-08 22:37	0	--a------	C:\Windows\nsreg.dat
2008-06-07 23:21 . 2008-06-16 18:37	<KANSIO>	d--------	C:\Users\All Users\Test Drive Unlimited
2008-06-07 23:21 . 2008-06-16 18:37	<KANSIO>	d--------	C:\ProgramData\Test Drive Unlimited
2008-06-01 20:17 . 2008-06-17 00:42	<KANSIO>	d--------	C:\Program Files\Windows Live
2008-06-01 20:17 . 2008-06-01 21:04	<KANSIO>	d--hsc---	C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-01 20:16 . 2008-06-17 00:35	<KANSIO>	d--------	C:\Users\All Users\WLInstaller
2008-06-01 20:16 . 2008-06-17 00:35	<KANSIO>	d--------	C:\ProgramData\WLInstaller
2008-05-31 16:42 . 2008-05-31 16:42	<KANSIO>	d--------	C:\Program Files\Highresolution Enterprises
2008-05-30 19:25 . 2008-03-05 15:56	3,786,760	--a------	C:\Windows\System32\D3DX9_37.dll
2008-05-30 19:25 . 2008-03-05 15:56	1,420,824	--a------	C:\Windows\System32\D3DCompiler_37.dll
2008-05-30 19:25 . 2008-03-05 16:03	479,752	--a------	C:\Windows\System32\XAudio2_0.dll
2008-05-30 19:25 . 2008-02-05 23:07	462,864	--a------	C:\Windows\System32\d3dx10_37.dll
2008-05-30 19:25 . 2008-03-05 16:03	238,088	--a------	C:\Windows\System32\xactengine3_0.dll
2008-05-30 19:25 . 2008-03-05 16:00	25,608	--a------	C:\Windows\System32\X3DAudio1_3.dll
2008-05-30 19:05 . 2008-06-21 19:01	<KANSIO>	d--------	C:\Users\All Users\PrevxCSI
2008-05-30 19:05 . 2008-06-21 19:01	<KANSIO>	d--------	C:\ProgramData\PrevxCSI
2008-05-30 19:05 . 2008-05-30 19:05	<KANSIO>	d--------	C:\Program Files\PrevxCSI
2008-05-30 19:05 . 2008-06-20 21:12	17,408	--a------	C:\Windows\System32\drivers\pxark.sys
2008-05-30 18:47 . 2008-05-30 18:47	<KANSIO>	d--------	C:\Users\All Users\Funcom
2008-05-30 18:47 . 2008-05-30 18:47	<KANSIO>	d--------	C:\ProgramData\Funcom
2008-05-30 18:32 . 2008-03-08 05:08	4,240,384	--a------	C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-30 18:32 . 2008-03-08 07:21	1,695,744	--a------	C:\Windows\System32\gameux.dll

.
((((((((((((((((((((((((((((((((((((   Find3M-raportti   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-22 12:03	---------	d-----w	C:\Users\TubiJubi\AppData\Roaming\foobar2000
2008-06-22 10:27	352,615	---ha-w	C:\Windows\system32\drivers\vsconfig.xml
2008-06-21 15:54	---------	d-----w	C:\Users\TubiJubi\AppData\Roaming\AVG7
2008-06-21 14:37	---------	d-----w	C:\Program Files\Microsoft.NET
2008-06-19 20:40	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-06-19 19:57	---------	d-----w	C:\Program Files\NVIDIA Corporation
2008-06-19 15:52	---------	d-----w	C:\Program Files\RevConnect
2008-06-17 05:06	2,782,720	----a-w	C:\Windows\Internet Logs\xDB7EA1.tmp
2008-06-16 21:09	799,744	----a-w	C:\Windows\Internet Logs\xDB87C5.tmp
2008-06-16 16:43	2,932,224	----a-w	C:\Windows\Internet Logs\xDB88ED.tmp
2008-06-15 21:30	565,248	----a-w	C:\Windows\Internet Logs\xDB8120.tmp
2008-06-15 20:08	2,738,176	----a-w	C:\Windows\Internet Logs\xDB840D.tmp
2008-06-15 19:58	---------	d-----w	C:\Users\TubiJubi\AppData\Roaming\mIRC
2008-06-15 15:14	---------	d-----w	C:\Program Files\mIRC
2008-06-15 10:47	2,872,832	----a-w	C:\Windows\Internet Logs\xDB926F.tmp
2008-06-14 14:44	---------	d-----w	C:\ProgramData\NVIDIA
2008-06-14 13:58	1,977,350	----a-w	C:\Windows\Internet Logs\tvDebug.zip
2008-06-14 13:53	3,469,312	----a-w	C:\Windows\Internet Logs\xDBAC07.tmp
2008-06-14 08:34	174	--sha-w	C:\Program Files\desktop.ini
2008-06-14 08:27	---------	d-----w	C:\Program Files\Windows Sidebar
2008-06-14 08:27	---------	d-----w	C:\Program Files\Windows Photo Gallery
2008-06-14 08:27	---------	d-----w	C:\Program Files\Windows Mail
2008-06-14 08:27	---------	d-----w	C:\Program Files\Windows Journal
2008-06-14 08:27	---------	d-----w	C:\Program Files\Windows Defender
2008-06-14 08:27	---------	d-----w	C:\Program Files\Windows Collaboration
2008-06-14 08:27	---------	d-----w	C:\Program Files\Windows Calendar
2008-06-14 08:14	82,432	----a-w	C:\Windows\System32\axaltocm.dll
2008-06-14 08:14	101,888	----a-w	C:\Windows\System32\ifxcardm.dll
2008-06-13 20:26	---------	d-----w	C:\Program Files\Opera
2008-06-11 22:35	2,729,472	----a-w	C:\Windows\Internet Logs\xDBC476.tmp
2008-06-11 00:02	---------	d-----w	C:\ProgramData\Microsoft Help
2008-06-10 10:23	2,265,600	----a-w	C:\Windows\Internet Logs\xDB6CE5.tmp
2008-06-09 19:32	2,935,808	----a-w	C:\Windows\Internet Logs\xDB818D.tmp
2008-06-09 10:27	1,155,584	----a-w	C:\Windows\Internet Logs\xDB84B9.tmp
2008-06-09 08:29	2,681,856	----a-w	C:\Windows\Internet Logs\xDB8BF9.tmp
2008-06-08 15:02	2,767,360	----a-w	C:\Windows\Internet Logs\xDBFAF1.tmp
2008-06-06 19:10	2,724,352	----a-w	C:\Windows\Internet Logs\xDB94FE.tmp
2008-06-05 20:30	2,930,176	----a-w	C:\Windows\Internet Logs\xDB8C95.tmp
2008-06-04 18:42	3,906,048	----a-w	C:\Windows\Internet Logs\xDB9887.tmp
2008-06-01 16:18	---------	d-----w	C:\Program Files\SpeedFan
2008-05-30 16:24	---------	d-----w	C:\ProgramData\Media Center Programs
2008-04-30 14:27	442,368	----a-w	C:\Windows\System32\NVUNINST.EXE
2008-04-04 14:27	539,676	----a-w	C:\Users\TubiJubi\Shockwave_Installer_Slim.exe
2008-03-30 17:39	2,597,888	----a-w	C:\Windows\Internet Logs\xDB908B.tmp
2008-03-30 17:39	1,412,608	----a-w	C:\Windows\Internet Logs\xDB93A8.tmp
2008-03-30 10:29	319,456	----a-w	C:\Windows\DIFxAPI.dll
2008-03-29 14:35	306,688	----a-w	C:\Windows\System32\avisynth.dll
2008-03-26 13:53	2,816,512	----a-w	C:\Windows\Internet Logs\xDB8F63.tmp
2008-03-26 13:53	1,382,912	----a-w	C:\Windows\Internet Logs\xDB9222.tmp
2008-03-23 12:17	86,016	----a-w	C:\Windows\System32\OpenAL32.dll
2008-03-23 12:17	262,144	----a-w	C:\Windows\System32\wrap_oal.dll
2008-03-20 07:08	22,328	----a-w	C:\Users\TubiJubi\AppData\Roaming\PnkBstrK.sys
.

((((((((((((((((((((((((((((((   Rekisterin käynnistyskohteet   )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 23:33 125952]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-03-07 06:26 1694656]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 02:09 486856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 20:25 81920]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2008-04-29 20:51 587568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VFD"="C:\Program Files\ANTEC\VFD\VFD.exe" [2007-04-12 22:55 2048000]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-05-01 18:28 579584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-01-09 04:31 959976]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-11 17:53 5296128 C:\Windows\RtHDVCpl.exe]
"XMouseButton"="C:\Program Files\Highresolution Enterprises\X-Mouse Button Control (32bit Version)\XMouseButtonControl.exe" [2008-04-10 23:53 360448]
"Windows Messanger Control Center"="winlogon.exe" [2008-01-18 23:33 314880 C:\Windows\System32\winlogon.exe]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-02 22:46 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-02 22:46 92704]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-20 20:00 219136]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
UltraMon.lnk - C:\Windows\Installer\{AF0FA6D7-96F3-468A-ABB7-28BE006EA8E9}\IcoUltraMon.ico [2008-03-20 18:11:29 29310]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-03-20 20:00 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3909905682-621011737-3034207932-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{985C573D-6125-4FAB-B8AE-F57B3864D440}"= UDP:D:\Pelit\Crysis\Bin32\Crysis.exe:Crysis_32
"{4D241654-9BDF-48C6-BD28-8738929D9C7F}"= TCP:D:\Pelit\Crysis\Bin32\Crysis.exe:Crysis_32
"{92D3320B-7E3D-449F-9FCC-10C207691199}"= UDP:D:\Pelit\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{5E7AB8C4-B7D8-4809-8A50-B6C3D99074AD}"= TCP:D:\Pelit\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{3D54D13E-09D8-43A9-A5CB-775BB734B73D}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{D1008407-685C-4336-AF34-C9E7FBF296CA}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{261F9989-7A9B-4027-8470-3017BD4E13EF}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{96AC3FD0-E6AE-429A-AE40-3255920067BA}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{A1DF1DD3-4EA4-4352-AA87-2755588B793F}"= C:\Program Files\Cyberlink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{568EADA8-24DD-4C68-BD2A-253950222532}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{2990D32F-092B-46C1-9642-EE3119483351}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{8E31914A-C6FA-4BA1-9F0D-F750C57961C9}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{92A53DB6-78E7-425E-95F3-5290DABC0CDA}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FAC8CBC7-EB8D-46F7-8198-31FCFE5D722F}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D3DC69C4-BC64-440C-BD60-5DE213180100}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{8FDED88C-73FB-43FB-A732-88C4C2EB4362}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{DE77E078-D172-4ECD-9F2B-4D602E0A5704}C:\\program files\\revconnect\\dcplusplus.exe"= UDP:C:\program files\revconnect\dcplusplus.exe:DC++
"UDP Query User{DC6EC8F6-D294-4CA2-950E-718A20CEB10E}C:\\program files\\revconnect\\dcplusplus.exe"= TCP:C:\program files\revconnect\dcplusplus.exe:DC++
"{AFF2FBFD-6A00-497D-B960-591BD19BB72B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C968175D-6B02-4F8D-93F7-A12A072D282D}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{B710AAA0-DB4E-44FC-B7FD-C89C10D4DAA4}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{71D55899-78DE-48FE-8EF9-DF08E9067AAA}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{4D94442D-421A-4AFD-9131-21D39442E9DC}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{4DAF9E33-4200-4698-AFEB-FD602A8F9375}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{607269D0-B443-4916-AA1F-AAA39395D699}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E0A8A8FC-194D-4257-B90F-82359CCD6D11}"= UDP:F:\Media Portal\TvService.exe:MediaPortal TV Server
"{F5DBA908-D39C-4790-9D58-D22ED30AF3AB}"= TCP:F:\Media Portal\TvService.exe:MediaPortal TV Server
"{67DC17BE-80A2-4ACC-B11E-96B639CA75CB}"= UDP:1433:LocalSubnet:LocalSubnet:Microsoft SQL (TCP)
"{2B335C07-9697-4896-B22A-2F938F811F29}"= TCP:1434:LocalSubnet:LocalSubnet:Microsoft SQL (UDP)
"{E1A32676-D912-4C3B-A388-FA8D9669B344}"= UDP:C:\Program Files\Team MediaPortal\MediaPortal TV Server\TvService.exe:MediaPortal TV Server
"{36DCEE54-1793-45D1-9280-95FFAFFEE480}"= TCP:C:\Program Files\Team MediaPortal\MediaPortal TV Server\TvService.exe:MediaPortal TV Server

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);C:\Windows\system32\drivers\pe3ah4nc.sys [2007-05-18 22:53]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);C:\Windows\system32\drivers\ps6ah4nc.sys [2007-05-18 22:52]
R0 pxark;pxark;C:\Windows\system32\drivers\pxark.sys [2008-06-20 21:12]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2008-01-30 13:28]
R2 CSIScanner;CSIScanner;"C:\Program Files\PrevxCSI\prevxcsi.exe" /service []
R3 ADM8511;USB To Fast Ethernet/ HomePNA Adapter;C:\Windows\system32\DRIVERS\NETUSB.SYS [2001-10-24 17:43]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\l160x86.sys [2007-06-27 08:00]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;C:\Windows\system32\drivers\IntcHdmi.sys [2007-06-06 11:21]
R3 ttBudget2;TechnoTrend BDA/DVB (BDA);C:\Windows\system32\drivers\ttBudget2.sys [2008-03-04 15:02]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);C:\Windows\system32\pr2ah4nc.exe svc []
S2 TVService;TVService;"F:\Media Portal\TVService.exe" []

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2008-06-22 15:09:29
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-22 15:10:27
ComboFix-quarantined-files.txt  2008-06-22 12:10:16

Pre-Run: 24,516,784,128 tavua vapaana
Post-Run: 24,389,079,040 tavua vapaana

280	--- E O F ---	2008-06-17 18:26:20

Anti-Malware:

Code:

Malwarebytes' Anti-Malware 1.18
Tietokantaversio: 876

16:09:35 22.6.2008
mbam-log-6-22-2008 (16-09-35).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|F:\|)
Tarkistetut kohteet: 202313
Kulunut aika: 43 minute(s), 42 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 1
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 1

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Messanger Control Center (Backdoor.Bot) -> Quarantined and deleted successfully.

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\QooBox\Quarantine\C\Windows\winlogon.exe.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

 

scannaa hjt:llä merkkaa paina Fix checked

O4 - HKLM\..\Run: [Windows Messanger Control Center] winlogon.exe

 

Ei oo enää tommosta kohtaa.

Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:02:51, on 22.6.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\ANTEC\VFD\VFD.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Windows\system32\conime.exe
C:\Program Files\Opera\opera.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://thepiratebay.org/[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [VFD] C:\Program Files\ANTEC\VFD\VFD.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [XMouseButton] C:\Program Files\Highresolution Enterprises\X-Mouse Button Control (32bit Version)\XMouseButtonControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: UltraMon.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GB-PVR Recording Service - WelltonWay - C:\Program Files\Devnz\GBPVR\GBPVRRecordingService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\Windows\system32\pr2ah4nc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TVService - Unknown owner - F:\Media Portal\TVService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 7322 bytes

 

sitten ok..

 

Joo mitään vaikutusta koneen toimintaan ei kyllä ollut. Kai nää ongelmat on sit Vistan "ominaisuuksia"

Suuri kiitos silti, lähtipähän pöpöt pois.