Hjt logi. voisiko joku vilkaista

Minulla on tälläinen hp:n pakettikone n.vuoden vanha. nyt se oin ruvennut hieman hidastelemaan. ollisikohan tarpeettomia ohjelmia päällä tai jopa viruksia. itse en tuon login päälle mitään tajua jos joku voisi vilkaista sitä ja laittaa vinkkiä miten toimia olisin kiitollinen.

Tässä tämä logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45:37, on 1.3.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\PC Protection Plus\Common\FSM32.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\schtasks.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\jusched.exe
C:\Program Files\PC Protection Plus\FSGUI\fsguidll.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fi_fi&c=81&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PC Protection Plus\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PC Protection Plus\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe
O9 - Extra button: HP Smart -valitse - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: NordicBet - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\NordicBetMPP\MPPoker.exe (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldfi-fi.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.eu/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PC Protection Plus\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\PC Protection Plus\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PC Protection Plus\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\PC Protection Plus\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\PC Protection Plus\ORSP Client\fsorsp.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 7977 bytes

 

scannaa hjt:llä merkkaa paina Fix checked

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

=============

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi

 

Tuossapa tuo malwarebytes logi, troijalainenhan sieltä löytyi:

Malwarebytes' Anti-Malware 1.34
Tietokantaversio: 1813
Windows 6.0.6001 Service Pack 1

1.3.2009 16:39:26
mbam-log-2009-03-01 (16-39-26).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 277332
Kulunut aika: 1 hour(s), 5 minute(s), 56 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 1

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\Users\Janne&Noora\Local Settings\Temporary Internet Files\pse_300_fin.exe (Trojan.Agent) -> Quarantined and deleted successfully.


Vieläkö tulee tehdä muuta?

 

1.Lataa Combofix.exe työpöydällesi yhdestä linkistä:
Combofix1
Combofix2

Älä asenna palautus consolia
2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

tälläisen login compofixista:

ComboFix 09-02-28.01 - Janne&Noora 2009-03-01 19:03:06.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1035.18.3326.2084 [GMT 2:00]
Sijainti: c:\users\Janne&Noora\Desktop\Lataukset\ComboFix.exe
FW: F-Secure PC Protection Plus 7.00 *enabled*
* Uusi palautuspiste luotu
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AutoRun.inf

.
((((( Tiedostot, jotka on luotu seuraavalla aikavõlillõ: 2009-02-01 to 2009-03-01 )))))))))))))))))
.

2009-03-01 15:31 . 2009-03-01 15:31 <KANSIO> d-------- c:\users\Janne&Noora\AppData\Roaming\Malwarebytes
2009-03-01 15:31 . 2009-03-01 15:31 <KANSIO> d-------- c:\users\All Users\Malwarebytes
2009-03-01 15:31 . 2009-03-01 15:31 <KANSIO> d-------- c:\programdata\Malwarebytes
2009-03-01 15:31 . 2009-03-01 15:31 <KANSIO> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-01 15:31 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-01 15:31 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-01 12:45 . 2009-03-01 12:45 <KANSIO> d-------- c:\program files\Trend Micro
2009-03-01 04:49 . 2009-03-01 04:49 <KANSIO> d-------- c:\users\All Users\HP Product Assistant
2009-03-01 04:49 . 2009-03-01 04:49 <KANSIO> d-------- c:\programdata\HP Product Assistant
2009-02-25 23:07 . 2008-12-16 05:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-02-25 23:07 . 2008-12-16 07:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-02-25 23:07 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-02-25 23:07 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-02-12 01:08 . 2008-06-20 03:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-12 01:08 . 2008-06-20 03:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-12 01:08 . 2008-06-20 03:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-12 01:08 . 2008-06-20 03:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-12 01:08 . 2008-06-20 03:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-12 01:08 . 2008-06-20 03:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-12 01:08 . 2008-06-20 03:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-12 01:08 . 2008-06-20 03:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-12 01:00 . 2008-07-27 20:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-12 01:00 . 2008-07-27 20:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-12 01:00 . 2008-07-27 20:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-12 00:59 . 2008-07-27 20:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-12 00:59 . 2008-07-27 20:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-12 00:53 . 2008-12-05 06:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-12 00:53 . 2008-12-05 06:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-12 00:53 . 2008-12-05 06:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-12 00:53 . 2008-12-05 06:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-12 00:53 . 2008-12-05 06:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-11 22:01 . 2009-02-18 20:08 <KANSIO> d-------- C:\Kurssi atk
2009-02-11 08:05 . 2009-01-15 08:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-11 08:04 . 2009-01-15 05:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-05 15:38 . 2009-02-05 15:38 682,280 --a------ c:\windows\System32\pbsvc.exe
2009-02-05 15:38 . 2009-02-05 15:38 22,328 --a------ c:\users\Janne&Noora\AppData\Roaming\PnkBstrK.sys

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-01 11:11 201,352 ----a-w c:\windows\System32\PnkBstrB.exe
2009-03-01 11:11 140,216 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-03-01 10:40 --------- d-----w c:\users\Janne&Noora\AppData\Roaming\uTorrent
2009-02-27 17:54 --------- d-----w c:\program files\PC Protection Plus
2009-02-26 18:01 5,366 ----a-w c:\users\Janne&Noora\AppData\Roaming\wklnhst.dat
2009-02-25 21:18 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-23 17:01 --------- d-----w c:\users\Janne&Noora\AppData\Roaming\Microgaming
2009-02-23 16:22 34,304 ----a-w c:\windows\system32\drivers\CO_Mon.sys
2009-02-22 07:45 --------- d-----w c:\programdata\Nero
2009-02-22 07:45 --------- d-----w c:\program files\Nero
2009-02-12 00:01 --------- d-----w c:\program files\Windows Mail
2009-02-07 00:16 --------- d-----w c:\users\Janne&Noora\AppData\Roaming\dvdcss
2009-02-05 14:51 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-05 13:26 --------- d-----w c:\program files\Activision
2009-01-29 11:15 64,160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-01-29 11:15 15,688 ----a-w c:\windows\System32\lsdelete.exe
2009-01-29 11:14 --------- dc-h--w c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-29 11:14 --------- d-----w c:\program files\Lavasoft
2009-01-29 11:14 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-23 19:40 --------- d-----w c:\program files\Common Files\PCSuite
2009-01-23 19:40 --------- d-----w c:\program files\Common Files\Nokia
2009-01-23 19:38 --------- d-----w c:\program files\PC Connectivity Solution
2009-01-23 19:37 --------- d-----w c:\programdata\Installations
2009-01-23 19:09 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-01-23 19:03 --------- d-----w c:\program files\Nokia
2009-01-22 18:25 33,408 ----a-w c:\windows\system32\drivers\fsbts.sys
2009-01-18 14:40 --------- d-----w c:\program files\Microsoft Games
2009-01-16 08:11 --------- d-----w c:\programdata\F-Secure
2009-01-16 08:08 --------- d-----w c:\programdata\fssg
2009-01-11 15:49 --------- d-----w c:\users\Janne&Noora\AppData\Roaming\WholeSecurity
2009-01-11 14:48 --------- d-----w c:\users\Janne&Noora\AppData\Roaming\Juniper Networks
2008-07-20 07:56 174 --sha-w c:\program files\desktop.ini
2007-11-09 13:25 57,344 ----a-w c:\program files\mozilla firefox\components\MGSHelper.dll
2008-03-06 18:39 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-06 18:39 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-06 18:39 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-03-20 17:48 22 --sha-w c:\windows\SMINST\HPCD.sys
.

(((((((((((((((((((((((((((((( Rekisterin kõynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiõ arvoja ja laillisia oletusarvoja ei nõytetõ
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"F-Secure Manager"="c:\program files\PC Protection Plus\Common\FSM32.EXE" [2008-12-04 182936]
"F-Secure TNB"="c:\program files\PC Protection Plus\FSGUI\TNBUtil.exe" [2008-12-04 957024]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-08-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-27 8473120]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-27 81920]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-09 509784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 c:\windows\RtHDVCpl.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3078847A-4376-409A-B465-85A0EFF3C5BC}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{3EB1023C-BDD4-4C6B-A8D6-276801707758}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{749E8365-7A7C-451D-8183-59DBA1ABE416}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{395FC915-A4AB-4265-9A18-9167A6C2B9D7}"= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{9773A0FB-ED29-4179-BA7B-35A65BB75987}"= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{BBFABC7C-4956-4CAF-B227-223F79E726DA}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{3A31D18B-2FC4-4FBE-A0A0-B55FE3312F11}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{0FA54D28-C8CD-4460-9408-8ABEEFC6AC69}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{4B42F2DC-0AAC-4AE8-844D-052CB88DC4B1}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{6F80AABF-02D8-4A77-BD1C-0AF3E1233C15}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"{F55F9932-CF89-4F61-9DB5-E46BAB146D80}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"{E1158C52-FC1D-43FB-9AE2-E2459775CE47}"= UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{F28CD235-7D0A-4F5C-910D-67C796F1641B}"= TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{9BD83D9B-60F6-4217-A843-57E98865E0C7}"= UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4 Warlords
"{034A9CE1-A4AB-4C48-9D61-0421A49AA77F}"= TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4 Warlords
"{9CBF65AF-86CC-4CBA-BC58-B4D22B5F4F30}"= UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:Sid Meier's Civilization 4 Pitboss
"{52C29A16-0355-40DD-8510-4D3A6B7318AF}"= TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:Sid Meier's Civilization 4 Pitboss
"{6FE3BA37-353A-419E-923C-8EE4AA4B7358}"= UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{C1A285C0-BE60-4E14-89D4-D09C95D07E8F}"= TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{97BEF7B9-E4DF-4B71-A7AA-7C2882E310B3}"= UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"{4CD09A69-1505-4C83-ADC6-E861335AC66E}"= TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"{9463FF70-A774-480C-8235-C1CC4D1B383E}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{915AF6B5-E216-4616-900A-92E4D89F58A0}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{A983F74F-CD2A-4ACE-AB35-6965E851C40B}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{719AD103-3FCB-4EF5-8152-D33A4688AA65}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{B690B7FD-B006-42B4-B013-6D57429A51AE}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{7B68707C-0B74-4442-ABFC-8E2E59364201}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{4155B802-3FED-4C21-B461-41407EC3684E}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{3F6064E7-05EF-4D6B-9F78-C493B8D81140}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{09822BC5-3802-4D4E-9BF2-F382C083A8AE}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{20587C25-E506-4C0F-B303-AB6DB039A6B9}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{FD2E72C5-F736-4F1E-9B6B-E0BB125EB915}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{A89C793D-5FC8-4920-9639-74B24D32CBA5}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{6F22C622-3D3B-4BAC-B11E-0D86D3D817B4}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{469E32E3-C1B5-4D43-8574-0C183CB34F7A}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{AEFF5E6F-98C9-4D7B-879C-90490F25C1BD}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{666818E9-DBCA-47AA-8359-6B90D4BF1219}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{ADF5C99B-008B-4EA9-AD38-2F8F0E1C8882}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{8FFABEFC-D9A6-4F85-B801-B6C134DEDF8B}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{7CD44E0E-BD86-4C66-ABB8-56A4DA32E67F}"= UDP:c:\windows\System32\PnkBstrA.exenkBstrA
"{BCC258FB-D6F8-4F0A-BB6F-36BA86F2D75C}"= TCP:c:\windows\System32\PnkBstrA.exenkBstrA
"{8CBA6E45-FC45-4285-A654-71359C690482}"= UDP:c:\windows\System32\PnkBstrB.exenkBstrB
"{A7B7703D-BBF5-4267-A5A8-3EE60EFBFD3A}"= TCP:c:\windows\System32\PnkBstrB.exenkBstrB
"{E8601E99-CC09-4FF2-94CB-ED7FC6B14D75}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{2C6FFBD7-8FF9-4D70-BEAC-38831DD40C87}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{D5F934AB-583F-46FB-AA76-368ACC5CB905}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{8A494684-4D04-47CD-A418-B22482E5B49F}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R0 fsbts;fsbts;c:\windows\System32\drivers\fsbts.sys [2009-01-16 33408]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [2009-01-29 64160]
R1 F-Secure HIPS;F-Secure HIPS;c:\program files\PC Protection Plus\HIPS\drivers\fshs.sys [2009-01-16 67808]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\System32\drivers\fses.sys [2008-04-29 35552]
R1 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [2008-04-29 70944]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\PC Protection Plus\Anti-Virus\minifilter\fsvista.sys [2008-04-29 12384]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\PC Protection Plus\Anti-Virus\minifilter\fsgk.sys [2008-04-29 84616]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\PC Protection Plus\ORSP Client\fsorsp.exe [2009-01-16 55904]
R3 u2kg54l;BUFFALO WLI-U2-KG54L Wireless LAN Driver;c:\windows\System32\drivers\u2kg54l.sys [2008-07-17 863288]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
S3 magpsc;magpsc;c:\windows\System32\drivers\magpsc.sys [2008-05-22 53463]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\PC Protection Plus\Anti-Virus\win2k\fsfilter.sys [2008-04-29 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\PC Protection Plus\Anti-Virus\win2k\fsrec.sys [2008-04-29 25184]

--- Muut muistissa olevat ajurit/palvelut ---

*Deregistered* - PnkBstrK
*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35b3e183-eb99-11dc-b539-806e6f6e6963}]
\shell\AutoRun\command - E:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7a9464a-89a4-11dd-a88f-c0fac0073cf9}]
\shell\AutoRun\command - L:\CDCheck.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f31f4b53-ec79-11dc-8cef-001e900a12e4}]
\shell\AutoRun\command - J:\autorun.exe
\shell\directx\command - j:\directx9\dxsetup.exe
\shell\setup\command - J:\setup.exe
.
'Ajoitetut tehtõvõt'-kansion sisõlt÷

2009-02-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-09 13:15]

2009-03-01 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\PCPROT~1\ANTI-V~1\fsav.exe [2008-12-04 15:57]
.
- - - - POISTETUT J-M-RIVIT - - - -

HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe


.
------- Tõydentõvõ tarkistus -------
.
uStart Page = hxxp://www.google.fi/
LSP: c:\program files\PC Protection Plus\FSPS\program\FSLSP.DLL
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
FF - ProfilePath - c:\users\Janne&Noora\AppData\Roaming\Mozilla\Firefox\Profiles\ktidsduk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fi/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fi-fi&FORM=MICPFI&q=
1 tiedosto(a) on siirretty.
FF - component: c:\program files\Mozilla Firefox\components\MGSHelper.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Janne&Noora\AppData\Roaming\Mozilla\Firefox\Profiles\ktidsduk.default\extensions\npfax@microgaming.co.uk\platform\WINNT_x86-msvc\plugins\npfax.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-01 19:05:33
Windows 6.0.6001 Service Pack 1 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja kõynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'winlogon.exe'(968)
c:\program files\PC Protection Plus\FWES\Program\fsdc32.dll

- - - - - - - > 'lsass.exe'(724)
c:\program files\PC Protection Plus\FWES\Program\fsdc32.dll

- - - - - - - > 'csrss.exe'(592)
c:\program files\PC Protection Plus\FWES\Program\fsdc32.dll

- - - - - - - > 'csrss.exe'(656)
c:\program files\PC Protection Plus\FWES\Program\fsdc32.dll
.
Valmistumisajankohta: 2009-03-01 19:07:58
ComboFix-quarantined-files.txt 2009-03-01 17:07:54

Ennen ajoa: 174 715 817 984 tavua vapaana
Ajon jõlkeen: 178,132,828,160 tavua vapaana

272 --- E O F --- 2009-02-25 21:08:24

 

Nyt tuon alla olevan lainauksen sisällön Kopioit / liität Tyhjään muistioon
käynnistä nappi >apuohjelmat > muistio

Tallenna nimellä

Kohde: Työpöytä

Tiedostonnimi: CFScript.txt

Tallennusmuoto: Kaikki tiedostot

Sitten raahaa CFScript ComboFix.exeen kuten alla.



Laita tuleva loki tänne.

Sammutat ja käynnistät koneen

 

tämmönen tuli nyt

ComboFix 09-02-28.01 - Janne&Noora 2009-03-01 21:49:32.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1035.18.3326.2382 [GMT 2:00]
Sijainti: c:\users\Janne&Noora\Desktop\Lataukset\ComboFix.exe
Käytetyt komentorivivalitsimet :: c:\users\Janne&Noora\Desktop\CFScript.txt
FW: F-Secure PC Protection Plus 7.00 *enabled*
* Uusi palautuspiste luotu
* Resident AV is active

.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-02-01 to 2009-03-01 )))))))))))))))))
.

2009-03-01 15:31 . 2009-03-01 15:31 <KANSIO> d-------- c:\users\Janne&Noora\AppData\Roaming\Malwarebytes
2009-03-01 15:31 . 2009-03-01 15:31 <KANSIO> d-------- c:\users\All Users\Malwarebytes
2009-03-01 15:31 . 2009-03-01 15:31 <KANSIO> d-------- c:\programdata\Malwarebytes
2009-03-01 15:31 . 2009-03-01 15:31 <KANSIO> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-01 15:31 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-01 15:31 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-01 12:45 . 2009-03-01 12:45 <KANSIO> d-------- c:\program files\Trend Micro
2009-03-01 04:49 . 2009-03-01 04:49 <KANSIO> d-------- c:\users\All Users\HP Product Assistant
2009-03-01 04:49 . 2009-03-01 04:49 <KANSIO> d-------- c:\programdata\HP Product Assistant
2009-02-25 23:07 . 2008-12-16 05:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-02-25 23:07 . 2008-12-16 07:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-02-25 23:07 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-02-25 23:07 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-02-12 01:08 . 2008-06-20 03:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-12 01:08 . 2008-06-20 03:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-12 01:08 . 2008-06-20 03:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-12 01:08 . 2008-06-20 03:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-12 01:08 . 2008-06-20 03:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-12 01:08 . 2008-06-20 03:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-12 01:08 . 2008-06-20 03:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-12 01:08 . 2008-06-20 03:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-12 01:00 . 2008-07-27 20:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-12 01:00 . 2008-07-27 20:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-12 01:00 . 2008-07-27 20:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-12 00:59 . 2008-07-27 20:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-12 00:59 . 2008-07-27 20:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-12 00:53 . 2008-12-05 06:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-12 00:53 . 2008-12-05 06:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-12 00:53 . 2008-12-05 06:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-12 00:53 . 2008-12-05 06:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-12 00:53 . 2008-12-05 06:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-11 22:01 . 2009-02-18 20:08 <KANSIO> d-------- C:\Kurssi atk
2009-02-11 08:05 . 2009-01-15 08:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-11 08:04 . 2009-01-15 05:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-05 15:38 . 2009-02-05 15:38 682,280 --a------ c:\windows\System32\pbsvc.exe
2009-02-05 15:38 . 2009-02-05 15:38 22,328 --a------ c:\users\Janne&Noora\AppData\Roaming\PnkBstrK.sys

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-01 19:38 --------- d-----w c:\program files\PC Protection Plus
2009-03-01 17:17 140,216 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-03-01 17:15 201,352 ----a-w c:\windows\System32\PnkBstrB.exe
2009-03-01 10:40 --------- d-----w c:\users\Janne&Noora\AppData\Roaming\uTorrent
2009-02-26 18:01 5,366 ----a-w c:\users\Janne&Noora\AppData\Roaming\wklnhst.dat
2009-02-25 21:18 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-23 17:01 --------- d-----w c:\users\Janne&Noora\AppData\Roaming\Microgaming
2009-02-23 16:22 34,304 ----a-w c:\windows\system32\drivers\CO_Mon.sys
2009-02-22 07:45 --------- d-----w c:\programdata\Nero
2009-02-22 07:45 --------- d-----w c:\program files\Nero
2009-02-12 00:01 --------- d-----w c:\program files\Windows Mail
2009-02-07 00:16 --------- d-----w c:\users\Janne&Noora\AppData\Roaming\dvdcss
2009-02-05 14:51 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-05 13:26 --------- d-----w c:\program files\Activision
2009-01-29 11:15 64,160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-01-29 11:15 15,688 ----a-w c:\windows\System32\lsdelete.exe
2009-01-29 11:14 --------- dc-h--w c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-29 11:14 --------- d-----w c:\program files\Lavasoft
2009-01-29 11:14 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-23 19:40 --------- d-----w c:\program files\Common Files\PCSuite
2009-01-23 19:40 --------- d-----w c:\program files\Common Files\Nokia
2009-01-23 19:38 --------- d-----w c:\program files\PC Connectivity Solution
2009-01-23 19:37 --------- d-----w c:\programdata\Installations
2009-01-23 19:09 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-01-23 19:03 --------- d-----w c:\program files\Nokia
2009-01-22 18:25 33,408 ----a-w c:\windows\system32\drivers\fsbts.sys
2009-01-18 14:40 --------- d-----w c:\program files\Microsoft Games
2009-01-16 08:11 --------- d-----w c:\programdata\F-Secure
2009-01-16 08:08 --------- d-----w c:\programdata\fssg
2009-01-11 15:49 --------- d-----w c:\users\Janne&Noora\AppData\Roaming\WholeSecurity
2009-01-11 14:48 --------- d-----w c:\users\Janne&Noora\AppData\Roaming\Juniper Networks
2008-07-20 07:56 174 --sha-w c:\program files\desktop.ini
2007-11-09 13:25 57,344 ----a-w c:\program files\mozilla firefox\components\MGSHelper.dll
2008-03-06 18:39 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-06 18:39 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-06 18:39 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-03-20 17:48 22 --sha-w c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-03-01_19.06.15,56 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-01 02:49:11 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-03-01 17:05:46 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-03-01 17:05:46 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"F-Secure Manager"="c:\program files\PC Protection Plus\Common\FSM32.EXE" [2008-12-04 182936]
"F-Secure TNB"="c:\program files\PC Protection Plus\FSGUI\TNBUtil.exe" [2008-12-04 957024]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-08-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-27 8473120]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-27 81920]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-09 509784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 c:\windows\RtHDVCpl.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3078847A-4376-409A-B465-85A0EFF3C5BC}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{3EB1023C-BDD4-4C6B-A8D6-276801707758}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{749E8365-7A7C-451D-8183-59DBA1ABE416}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{395FC915-A4AB-4265-9A18-9167A6C2B9D7}"= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{9773A0FB-ED29-4179-BA7B-35A65BB75987}"= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{BBFABC7C-4956-4CAF-B227-223F79E726DA}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{3A31D18B-2FC4-4FBE-A0A0-B55FE3312F11}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{0FA54D28-C8CD-4460-9408-8ABEEFC6AC69}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{4B42F2DC-0AAC-4AE8-844D-052CB88DC4B1}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{6F80AABF-02D8-4A77-BD1C-0AF3E1233C15}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"{F55F9932-CF89-4F61-9DB5-E46BAB146D80}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"{E1158C52-FC1D-43FB-9AE2-E2459775CE47}"= UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{F28CD235-7D0A-4F5C-910D-67C796F1641B}"= TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{9BD83D9B-60F6-4217-A843-57E98865E0C7}"= UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4 Warlords
"{034A9CE1-A4AB-4C48-9D61-0421A49AA77F}"= TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4 Warlords
"{9CBF65AF-86CC-4CBA-BC58-B4D22B5F4F30}"= UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:Sid Meier's Civilization 4 Pitboss
"{52C29A16-0355-40DD-8510-4D3A6B7318AF}"= TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:Sid Meier's Civilization 4 Pitboss
"{6FE3BA37-353A-419E-923C-8EE4AA4B7358}"= UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{C1A285C0-BE60-4E14-89D4-D09C95D07E8F}"= TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{97BEF7B9-E4DF-4B71-A7AA-7C2882E310B3}"= UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"{4CD09A69-1505-4C83-ADC6-E861335AC66E}"= TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"{9463FF70-A774-480C-8235-C1CC4D1B383E}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{915AF6B5-E216-4616-900A-92E4D89F58A0}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{A983F74F-CD2A-4ACE-AB35-6965E851C40B}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{719AD103-3FCB-4EF5-8152-D33A4688AA65}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{B690B7FD-B006-42B4-B013-6D57429A51AE}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{7B68707C-0B74-4442-ABFC-8E2E59364201}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{4155B802-3FED-4C21-B461-41407EC3684E}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{3F6064E7-05EF-4D6B-9F78-C493B8D81140}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{09822BC5-3802-4D4E-9BF2-F382C083A8AE}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{20587C25-E506-4C0F-B303-AB6DB039A6B9}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{FD2E72C5-F736-4F1E-9B6B-E0BB125EB915}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{A89C793D-5FC8-4920-9639-74B24D32CBA5}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{6F22C622-3D3B-4BAC-B11E-0D86D3D817B4}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{469E32E3-C1B5-4D43-8574-0C183CB34F7A}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{AEFF5E6F-98C9-4D7B-879C-90490F25C1BD}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{666818E9-DBCA-47AA-8359-6B90D4BF1219}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{ADF5C99B-008B-4EA9-AD38-2F8F0E1C8882}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{8FFABEFC-D9A6-4F85-B801-B6C134DEDF8B}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{7CD44E0E-BD86-4C66-ABB8-56A4DA32E67F}"= UDP:c:\windows\System32\PnkBstrA.exenkBstrA
"{BCC258FB-D6F8-4F0A-BB6F-36BA86F2D75C}"= TCP:c:\windows\System32\PnkBstrA.exenkBstrA
"{8CBA6E45-FC45-4285-A654-71359C690482}"= UDP:c:\windows\System32\PnkBstrB.exenkBstrB
"{A7B7703D-BBF5-4267-A5A8-3EE60EFBFD3A}"= TCP:c:\windows\System32\PnkBstrB.exenkBstrB
"{E8601E99-CC09-4FF2-94CB-ED7FC6B14D75}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{2C6FFBD7-8FF9-4D70-BEAC-38831DD40C87}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{D5F934AB-583F-46FB-AA76-368ACC5CB905}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{8A494684-4D04-47CD-A418-B22482E5B49F}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R0 fsbts;fsbts;c:\windows\System32\drivers\fsbts.sys [2009-01-16 33408]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [2009-01-29 64160]
R1 F-Secure HIPS;F-Secure HIPS;c:\program files\PC Protection Plus\HIPS\drivers\fshs.sys [2009-01-16 67808]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\System32\drivers\fses.sys [2008-04-29 35552]
R1 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [2008-04-29 70944]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\PC Protection Plus\Anti-Virus\minifilter\fsvista.sys [2008-04-29 12384]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\PC Protection Plus\Anti-Virus\minifilter\fsgk.sys [2008-04-29 84616]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\PC Protection Plus\ORSP Client\fsorsp.exe [2009-01-16 55904]
R3 u2kg54l;BUFFALO WLI-U2-KG54L Wireless LAN Driver;c:\windows\System32\drivers\u2kg54l.sys [2008-07-17 863288]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
S3 magpsc;magpsc;c:\windows\System32\drivers\magpsc.sys [2008-05-22 53463]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\PC Protection Plus\Anti-Virus\win2k\fsfilter.sys [2008-04-29 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\PC Protection Plus\Anti-Virus\win2k\fsrec.sys [2008-04-29 25184]

--- Muut muistissa olevat ajurit/palvelut ---

*Deregistered* - PnkBstrK
*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35b3e183-eb99-11dc-b539-806e6f6e6963}]
\shell\AutoRun\command - E:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7a9464a-89a4-11dd-a88f-c0fac0073cf9}]
\shell\AutoRun\command - L:\CDCheck.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f31f4b53-ec79-11dc-8cef-001e900a12e4}]
\shell\AutoRun\command - J:\autorun.exe
\shell\directx\command - j:\directx9\dxsetup.exe
\shell\setup\command - J:\setup.exe
.
'Ajoitetut tehtävät'-kansion sisältö

2009-02-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-09 13:15]

2009-03-01 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\PCPROT~1\ANTI-V~1\fsav.exe [2008-12-04 15:57]
.
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://www.google.fi/
LSP: c:\program files\PC Protection Plus\FSPS\program\FSLSP.DLL
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
FF - ProfilePath - c:\users\Janne&Noora\AppData\Roaming\Mozilla\Firefox\Profiles\ktidsduk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fi/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fi-fi&FORM=MICPFI&q=
FF - component: c:\program files\Mozilla Firefox\components\MGSHelper.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Janne&Noora\AppData\Roaming\Mozilla\Firefox\Profiles\ktidsduk.default\extensions\npfax@microgaming.co.uk\platform\WINNT_x86-msvc\plugins\npfax.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-01 21:52:08
Windows 6.0.6001 Service Pack 1 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'winlogon.exe'(968)
c:\program files\PC Protection Plus\FWES\Program\fsdc32.dll

- - - - - - - > 'lsass.exe'(724)
c:\program files\PC Protection Plus\FWES\Program\fsdc32.dll

- - - - - - - > 'Explorer.exe'(4824)
c:\program files\PC Protection Plus\Spam Control\fsscoepl.dll

- - - - - - - > 'csrss.exe'(592)
c:\program files\PC Protection Plus\FWES\Program\fsdc32.dll


- - - - - - - > 'csrss.exe'(656)
c:\program files\PC Protection Plus\FWES\Program\fsdc32.dll
.
Valmistumisajankohta: 2009-03-01 21:54:27
ComboFix-quarantined-files.txt 2009-03-01 19:54:23
ComboFix2.txt 2009-03-01 17:08:01

Ennen ajoa: 175 888 547 840 tavua vapaana
Ajon jälkeen: 175,856,295,936 tavua vapaana

266 --- E O F --- 2009-02-25 21:08:24

 

kirjoita suorita luukkuun

ComboFix /u

Klikkaa ok

=========

 

Kiitos paljon, tuntuu ainakin että ikkunoiden aukeaminen nopeutui.

 

Lataa Atribunen ATF Cleaner

Ohjeet;

Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.
Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Jos käytät Operaa selaimenasiKlikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)

 

Okei tuokin tuli tehtyä. Oliko tälläiselle ihme hp product assistyantille mitään tehtävissä, joka kerta kun käynnistä koneen uudelleen pamahtaa näytölle tuollainen ikkuna jossa lukee että please wait windows configures hpproduct assistant. sitten se latailee hetken kohta se on sitten vailla uudelleen asennusta kun ei löydä jotain msi tiedostoa? varsinaisesti se ei paljon haittaa ärsyttää vaan kun se pompii päälle muutaman kerran ennen kuin se häviää!

 

Niin nuo on niitä hp:n juttuja.

Onkos se kone hp vai tulostin

 

kone sekä tulostin on hp:n. uskon kylläkin että tulostimesta johtuu tuo.

 

Jos se on tulostimesta johtuva niin poista sen asennus ja laita uudestaan asennus takaisin.

 

Ok. kiitos!