HJT kone tahmaa

Tervehdys kaikki!
käännyn teidän puoleenne, ennen kuin ryhdyn asentamaan XP:tä uusiksi.
Suurin ongelma tällä hetkellä koneen hidastelun lisäksi on Käynnistys valikon ja työpöydän alapalkin totaalinen jäätyminen. eli en pysty sammuttamaan tietokonetta muutakuin alt+ctrl+delete yhdistelmällä tehtävien hallinan kautta.

ongelma on ollut jotakuinkin kuukauden ajan läsnä, ja olen etsinyt ratkaisua monista paikoista, mutta nyt on keinot käytetty, ja anon apua osaavimmalta.

tääs HJT lokia:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:23:28, on 22.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera 9.5 beta\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DSP24] Dsp24Set.exe /n
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.line6.net
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 5188 bytes

 

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

==========

Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan:

sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä

Jossakin koneissa hakataan F8:sin sijasta F5:tä

" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.

 

Heps tässä combofix:

ComboFix 08-04-20.5 - Omistaja 2008-04-22 22:19:41.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.3073 [GMT 3:00]
Running from: C:\Documents and Settings\Omistaja\Työpöytä\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-03-22 to 2008-04-22 )))))))))))))))))
.

2008-04-22 21:21 . 2008-04-22 21:21 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-04-22 17:43 . 2008-04-22 17:43 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Line 6
2008-04-22 17:43 . 2008-03-22 01:01 521,088 --a------ C:\WINDOWS\system32\drivers\GPWADrv.sys
2008-04-22 17:43 . 2008-03-22 01:01 167,936 --a------ C:\WINDOWS\system32\L6GPAsio.dll
2008-04-22 17:43 . 2008-03-22 01:01 29,312 --a------ C:\WINDOWS\system32\drivers\l6dp.sys
2008-04-22 17:28 . 2007-11-14 15:18 553 --a------ C:\WINDOWS\USetup.iss
2008-04-22 16:18 . 2008-04-22 16:18 <KANSIO> d-------- C:\Program Files\Kerio
2008-04-22 16:18 . 2002-04-15 12:28 102,912 --------- C:\WINDOWS\system32\drivers\FWDRV.SYS
2008-04-22 08:30 . 2008-04-22 17:58 374 --a------ C:\WINDOWS\GearBox.ini
2008-04-22 07:23 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-22 07:23 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-22 07:23 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-21 14:10 . 2008-04-21 14:10 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Contacts
2008-04-21 14:07 . 2008-04-22 16:16 <KANSIO> d-------- C:\Program Files\Windows Live
2008-04-21 14:07 . 2008-04-21 14:09 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-21 14:07 . 2008-04-21 14:07 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-21 13:08 . 2008-04-21 13:08 131 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-04-21 12:59 . 2008-04-21 12:59 <KANSIO> d-------- C:\Program Files\Sunbelt Software
2008-04-21 08:09 . 2008-04-21 08:09 <KANSIO> d-------- C:\Program Files\TuneUp Utilities 2008
2008-04-21 08:09 . 2008-04-21 08:09 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\TuneUp Software
2008-04-21 08:09 . 2008-04-21 08:09 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-04-21 08:09 . 2008-04-21 08:09 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-04-21 08:09 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-04-21 08:08 . 2008-04-21 08:08 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-20 08:13 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-04-20 08:12 . 2008-04-20 08:12 <KANSIO> d-------- C:\Program Files\MSXML 6.0
2008-04-20 08:11 . 2008-04-20 08:11 <KANSIO> d-------- C:\Program Files\MSBuild
2008-04-20 08:10 . 2008-04-20 08:30 <KANSIO> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-20 08:09 . 2008-04-20 08:09 <KANSIO> d-------- C:\Program Files\Reference Assemblies
2008-04-20 08:08 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-20 08:07 . 2008-04-20 08:16 <KANSIO> d-------- C:\WINDOWS\system32\fi-fi
2008-04-20 08:07 . 2008-04-20 08:28 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-04-20 08:02 . 2008-04-20 08:02 <KANSIO> d--hs---- C:\Documents and Settings\Omistaja\UserData
2008-04-19 11:16 . 2008-04-21 07:45 <KANSIO> d-------- C:\Program Files\Opera 9.5 beta
2008-04-14 10:23 . 2007-04-24 17:30 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-04-14 10:20 . 2008-04-14 10:20 <KANSIO> d-------- C:\Program Files\TVersity
2008-04-12 07:34 . 2004-09-14 17:12 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-04-08 18:49 . 2008-04-08 19:31 43 ---hs---- C:\Documents and Settings\All Users\Application Data\.zreglib
2008-04-06 14:43 . 2008-04-06 14:43 <KANSIO> d-------- C:\Program Files\Outsim
2008-04-06 14:43 . 2008-04-06 14:43 <KANSIO> d-------- C:\Program Files\ASIO4ALL v2
2008-04-06 13:42 . 2008-04-06 14:43 <KANSIO> d-------- C:\Program Files\Image-Line
2008-04-06 13:42 . 2002-07-08 01:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-04-03 08:24 . 2008-04-20 08:37 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-04-03 08:24 . 2008-04-03 08:24 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-04-03 08:24 . 2008-04-20 08:37 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-03 00:16 . 2008-04-03 00:16 700,416 --a------ C:\WINDOWS\system32\L6DriverControlPanel.cpl
2008-04-02 22:20 . 2008-04-04 19:40 <KANSIO> d-------- C:\Program Files\Terragen
2008-04-02 20:27 . 2008-04-02 20:27 <KANSIO> d-------- C:\Program Files\America's Army Server Manager
2008-04-02 20:25 . 2008-04-02 20:43 <KANSIO> d-------- C:\Program Files\America's Army
2008-03-31 12:47 . 2008-03-31 12:47 <KANSIO> d-------- C:\Program Files\OpenAL
2008-03-31 12:47 . 2008-03-31 12:47 409,600 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-03-31 12:47 . 2008-03-31 12:47 114,688 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-03-31 12:42 . 2008-03-31 12:42 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Stop_Motion_Pro_Projects
2008-03-31 08:39 . 2008-03-31 08:39 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Talkback
2008-03-26 17:09 . 2007-01-04 11:41 255,488 -ra------ C:\WINDOWS\system32\drivers\netr73.sys
2008-03-26 14:30 . 2008-03-26 14:30 <KANSIO> d-------- C:\Program Files\SmartFTP Client
2008-03-26 14:29 . 2008-03-26 14:29 <KANSIO> d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-03-24 19:36 . 2008-04-02 22:25 <KANSIO> d-------- C:\Program Files\GPU
2008-03-24 18:27 . 2008-03-24 18:27 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\uk.co.planetside

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-22 18:11 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\.purple
2008-04-22 15:02 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Line 6
2008-04-22 14:58 --------- d-----w C:\Program Files\Line6
2008-04-22 14:35 --------- d-----w C:\Program Files\Sonoma Wire Works
2008-04-22 14:28 --------- d-----w C:\Program Files\Realtek
2008-04-22 13:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-21 10:09 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\AVG7
2008-04-21 05:06 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Azureus
2008-04-20 16:43 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\gtk-2.0
2008-04-19 06:28 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-14 07:23 --------- d-----w C:\Program Files\ffdshow
2008-04-02 17:05 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-15 14:50 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\PC Suite
2008-03-13 08:45 --------- d-----w C:\Program Files\Common Files\Bcgsoft
2008-03-13 08:38 168,462 ----a-w C:\WINDOWS\OG WWII Content Pack #1 for FPSC Uninstaller.exe
2008-03-12 15:22 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\dvdcss
2008-03-11 17:17 --------- d-----w C:\Program Files\Wisdom-soft ScreenHunter 5 Pro
2008-03-10 06:45 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Nokia Multimedia Player
2008-03-10 06:40 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Nokia
2008-03-10 06:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-03-10 06:39 --------- d-----w C:\Program Files\DIFX
2008-03-10 06:38 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-03-10 06:38 --------- d-----w C:\Program Files\Nokia
2008-03-10 06:38 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-03-10 06:38 --------- d-----w C:\Program Files\Common Files\Nokia
2008-03-10 06:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-03-05 14:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll
2008-03-05 14:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll
2008-03-05 14:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll
2008-03-05 13:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll
2008-03-05 13:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll
2008-03-04 17:13 --------- d-----w C:\Program Files\AviSynth 2.5
2008-03-02 15:48 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Ahead
2008-03-02 15:44 --------- d-----w C:\Program Files\Nero
2008-03-02 15:44 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-02 15:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-03-02 14:59 --------- d-----w C:\Program Files\Common Files\Nero
2008-03-01 13:01 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-29 14:40 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Apple Computer
2008-02-28 16:52 --------- d-----w C:\Program Files\coolpro2
2008-02-26 07:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-02-22 10:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-02-22 10:08 --------- d-----w C:\Program Files\Bonjour
2008-02-22 10:02 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-02-22 08:10 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Avid
2008-02-22 08:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avid
2008-02-22 08:02 --------- d-----w C:\Program Files\SafeNet Sentinel
2008-02-22 08:02 --------- d-----w C:\Program Files\Common Files\SafeNet Sentinel
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-13 11:31 16,857,600 ----a-w C:\WINDOWS\RTHDCPL.exe
2008-02-09 07:01 52,736 ----a-w C:\WINDOWS\ipuninst.exe
2008-02-05 21:07 462,864 ----a-w C:\WINDOWS\system32\d3dx10_37.dll
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

------- Sigcheck -------

2007-10-30 19:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2002-09-16 15:00 332928 244a2f9816bc9b593957281ef577d976 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-02-08 17:00 360064 3f89432724dc5d72689e16f3354bccfc C:\WINDOWS\system32\dllcache\tcpip.sys
2008-02-08 17:00 360064 3f89432724dc5d72689e16f3354bccfc C:\WINDOWS\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 17:12 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 01:00 385024]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-16 08:02 579584]
"DSP24"="Dsp24Set.exe" [2004-10-21 15:59 2588672 C:\WINDOWS\system32\Dsp24Set.exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 14:31 16857600 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-14 17:12 15360]
"OfficeWord Monitors"="C:\WINDOWS\System32\Offlce.exe" [ ]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-28 20:04 219136]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"msacm.avis"= ff_acm.acm
"vidc.yv12"= yv12vfw.dll
"Midi1"= ma_cmidn.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Omistaja^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Gamma.lnk]
path=C:\Documents and Settings\Omistaja\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
-r------- 2007-05-25 09:07 1953792 C:\WINDOWS\System32\xRaidSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 04:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2007-12-22 10:23 221568 D:\OHJELMAT\Alcohol120%\Alcohol 120\axcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
-r------- 2007-03-20 09:36 36864 C:\WINDOWS\RaidTool\xInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 16:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\System32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 02:41 81920 C:\WINDOWS\System32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeWord Monitors]
C:\WINDOWS\system32\Offlce.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2007-12-10 11:12 695808 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2008-02-13 14:31 16857600 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a------ 2008-01-04 18:21 2089808 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"NVSvc"=2 (0x2)
"NMIndexingService"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"aawservice"=2 (0x2)
"vsmon"=2 (0x2)
"Macromedia Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\America's Army\\System\\AALoader.exe"=
"C:\\Program Files\\America's Army\\System\\AAEditor.exe"=
"C:\\Program Files\\America's Army Server Manager\\AA Server Manager.exe"=
"C:\\Program Files\\America's Army Server Manager\\AA Server Remote Control.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"D:\\OHJELMAT\\ASIO\\Dxfdsetup.exe"=
"D:\\OHJELMAT\\ASIO\\Wpsetup.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgw.exe"=
"C:\\Program Files\\Adobe\\Adobe Bridge\\Bridge.exe"=
"C:\\Program Files\\Line6\\GuitarPort\\GuitarPort.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26913:TCP"= 26913:TCP:*isabled:BitComet 26913 TCP
"26913:UDP"= 26913:UDP:*isabled:BitComet 26913 UDP

R1 fwdrv;Kerio Personal Firewall Driver;C:\WINDOWS\system32\Drivers\fwdrv.sys [2002-04-15 12:28]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-09-14 17:12]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 21:08]
R3 GPWADrv;Service for L6 GuitarPort Driver (WDM);C:\WINDOWS\system32\Drivers\GPWADrv.sys [2008-03-22 01:01]
R3 L6DP;L6DP;C:\WINDOWS\system32\Drivers\l6dp.sys [2008-03-22 01:01]
S3 DELTAII;Service for M-Audio Delta Driver (WDM);C:\WINDOWS\system32\DRIVERS\deltaII.sys []
S3 DSP24_MK;Service for DSP24/MKII Driver (EWDM);C:\WINDOWS\system32\drivers\d24.sys [2004-10-21 15:59]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-01-20 12:48]
S3 ICM2_01;%DSP24_AU.SvcDesc%;C:\WINDOWS\system32\drivers\D24Wdm.sys [2004-10-21 15:59]
S3 MA_CMIDI;M-Audio USB Driver;C:\WINDOWS\system32\drivers\ma_cmidi.sys [2007-11-14 17:20]
S3 netr73;TL-WN321G Wireless USB Adapter Driver for Vista;C:\WINDOWS\system32\DRIVERS\netr73.sys [2007-01-04 11:41]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-21 08:09]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-04-22 19:00:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 22:21:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-22 22:22:07
ComboFix-quarantined-files.txt 2008-04-22 19:21:52

Pre-Run: 37,273,321,472 tavua vapaana
Post-Run: 37,335,076,864 tavua vapaana

256 --- E O F --- 2008-04-20 09:32:13

 

sitten sdfix

 

Huomenta!

tässä SDFix:


SDFix: Version 1.173
Run by Omistaja on ke 23.04.2008 at 06:56

Microsoft Windows XP [versio 5.1.2600]
Running From: C:\DOCUME~1\Omistaja\TYPYT~1\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\TFTP1028 - Deleted
C:\WINDOWS\system32\TFTP1192 - Deleted
C:\WINDOWS\system32\TFTP124 - Deleted
C:\WINDOWS\system32\i - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-23 06:59:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="D:\OHJELMAT\Alcohol120%\Alcohol 120\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:bb,4c,fe,d0,11,7b,8d,fc,34,7d,aa,16,e7,22,fc,f0,85,e6,86,a5,a2,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,de,ed,8f,8f,d7,7f,91,b1,0a,2f,37,9f,9e,6d,47,03,10,..
"khjeh"=hex:b3,a3,4e,d0,68,ab,03,b1,53,01,b0,67,d9,8e,ed,6a,86,39,e3,c9,59,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:98,5c,6e,0b,24,f9,cb,21,ae,ae,c6,90,94,b3,fa,ee,c3,30,90,1f,87,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="D:\OHJELMAT\Alcohol120%\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:bb,4c,fe,d0,11,7b,8d,fc,34,7d,aa,16,e7,22,fc,f0,85,e6,86,a5,a2,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,de,ed,8f,8f,d7,7f,91,b1,0a,2f,37,9f,9e,6d,47,03,10,..
"khjeh"=hex:b3,a3,4e,d0,68,ab,03,b1,53,01,b0,67,d9,8e,ed,6a,86,39,e3,c9,59,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:98,5c,6e,0b,24,f9,cb,21,ae,ae,c6,90,94,b3,fa,ee,c3,30,90,1f,87,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*isabled:Bonjour"
"C:\\Program Files\\America's Army\\System\\AALoader.exe"="C:\\Program Files\\America's Army\\System\\AALoader.exe:*:Enabled:America's Army"
"C:\\Program Files\\America's Army\\System\\AAEditor.exe"="C:\\Program Files\\America's Army\\System\\AAEditor.exe:*:Enabled:America's Army Mission Editor"
"C:\\Program Files\\America's Army Server Manager\\AA Server Manager.exe"="C:\\Program Files\\America's Army Server Manager\\AA Server Manager.exe:*:Enabled:America's Army Server Manager"
"C:\\Program Files\\America's Army Server Manager\\AA Server Remote Control.exe"="C:\\Program Files\\America's Army Server Manager\\AA Server Remote Control.exe:*:Enabled:America's Army Server Remote Control Utility"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:AVG Control Center"
"D:\\OHJELMAT\\ASIO\\Dxfdsetup.exe"="D:\\OHJELMAT\\ASIO\\Dxfdsetup.exe:*:Enabled:ASIO DirectX Full Duplex Setup"
"D:\\OHJELMAT\\ASIO\\Wpsetup.exe"="D:\\OHJELMAT\\ASIO\\Wpsetup.exe:*:Enabled:ASIO Multimedia Setup"
"C:\\Program Files\\Grisoft\\AVG7\\avgw.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgw.exe:*:Enabled:AVG Test Center"
"C:\\Program Files\\Adobe\\Adobe Bridge\\Bridge.exe"="C:\\Program Files\\Adobe\\Adobe Bridge\\Bridge.exe:*:Enabled:Adobe Bridge"
"C:\\Program Files\\Line6\\GuitarPort\\GuitarPort.exe"="C:\\Program Files\\Line6\\GuitarPort\\GuitarPort.exe:*:Enabled:GuitarPort"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\DOCUME~1\Omistaja\TYPYT~1\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Sat 6 Oct 2007 72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Fri 27 Oct 2006 16,384 A.SHR --- "C:\Program Files\eRightSoft\SUPER\_Setup.dll"
Sun 20 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sun 4 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll"
Tue 10 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll"
Tue 10 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll"
Tue 10 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll"
Tue 10 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll"
Tue 10 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll"
Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll"

Finished!

 

Vaikuttaa siltä että tahmaaminen on kadonnut??!!

 

Minä kiitän tuhannesti avusta! kone toimii kuin junan vessa taas!=)

 

Ajas tuo vielä

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.

 

nonni, nyt on malware menty läpi:

Malwarebytes' Anti-Malware 1.11
Tietokantaversio: 673

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 149691
Kulunut aika: 49 minute(s), 57 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)


Hmm, vetäsin emolevyn integroidun äänikortin pois käytöstä, ja buuttamisen jälkeen käynnistä valikko oli ja on taas juntturissa..

 

ok...

 

Tässä mun hjt loki:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:01:17, on 24.4.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Norman\Npm\Bin\Zlh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\CNAC4RPK.EXE
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fi/spbasic.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Registry Helper] "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot
O4 - HKCU\..\Run: [Disk Cleaner] "C:\Program Files\Disk Cleaner\DiskCleaner.Exe" /boot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Startup: SSMeteo.LNK = C:\Program Files\StephenSoftware\SSMeteo\SSMeteo.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 9852 bytes

 

hmm, sain selville oman koneeni tahmaajan, se oli AVG.
AVG:n automaattinen käynnistys winkkarin yhteydessä jäädytti koko koneen. testasin tuneup 2008 softalla kaikki ohjelmat läpi, jotka käynnistyvät winkkarin kanssa.

toinen ongelma mitä en ole vielä saanut paikallistettua, on
windowsin "ohjattu uuden laitteen asennus".
lähtee aina koneen käynnistyessä päälle, "ISSCEDRBTA" haluaa asentaa itsensä.
on ilmeisesti jokin bluetooth laite, jota minulla ei koneessani ole.
tähänkun vielä löydetään ratkaisu niin olen iloinen poika!=)

 

Poista lisää poista sovelutuksesta

Ask Toolbar

Poista vikasiedossa kansio

C:\Program Files\AskSBar

===============

scannaa hjt:llä merkkaa paina Fix checked

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

 

en löytänyt mitään ask toolbariin liittyvää, enkä näitä
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

tässsä tuorein HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:02:52, on 30.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera 9.5 beta\opera.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.line6.net
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 4507 bytes

 

MarsWin
epä niin se oli vieras loki ketjussa.

==========

mites kone toimii.

 

Kappas, en huomannut tuota Voitajamarssin lokia=)
Hyvin toimii muuten, sain kaikki error- messaget pois ohjeittesi myötä, mutta joka kerta käynnistyksen yhteydessä "ISSCEDRBTA" haluaa asentaa itsensä, se risoo hieman, kunnen pysty paikallistamaan vikaa. olen poistanut tuon n.10 kertaa laitehallinasta, mutta ei se malta pysyä poissa=(

 

Tuolahan se näyttää olevan

C:\Documents and Settings\All Users\Application Data\Bluetooth

 

Loistavaa, jopas olin puusilmä! taisin alistua koneen armoille liikaa.
Kiitos Hujo jälleen kerran! kyllä sä olet aikamoinen epeli!=)

 

Kiitos kysymästä, aika hyvin! Mutta ihan pikkusen nopeemmaks ku sais käynnistyksen ja sammumisen niin sit olis perfect!. Eli kun käynnistän koneen, kun siihen on tullu se microsoft corporation ja se menee pois, näyttö hetken mustana, sit tulee vistan logo ja tervetuloa, sitten se käynnistyykin nopeesti. Onko normaalia, että ennen vistan tervetulo kohtaa on näyttö hetken mustana? Sammuminen on kanssa hieman hitaanpaa, mitä silloin kun kone oli uusi
Ps. Nopeuttaako tuneup untilies 2008 tietokonetta?