idlessä prossun käyttö 30%

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:34:45, on 5.3.2008
Platform: Windows Vista (WinNT 6.00.1904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\ohjelmat\Unlocker\UnlockerAssistant.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\ohjelmat\RivaTuner v2.06\RivaTuner.exe
C:\ohjelmat\SlySoft\AnyDVD\AnyDVDtray.exe
C:\ohjelmat\Fraps\fraps.exe
C:\ohjelmat\NetMeter\NetMeter.exe
C:\Windows\ehome\ehtray.exe
C:\ohjelmat\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\ohjelmat\Everest Ultimate\everest.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\ohjelmat\The All-Seeing Eye\eye.exe
C:\Windows\system32\conime.exe
C:\ohjelmat\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\ohjelmat\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Persojet\Desktop\Selain\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\ohjelmat\FreshDevices\FreshDownload\FDCatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ohjelmat\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common

Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} -

C:\ohjelmat\FreshDevices\FreshDownload\fdiebar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe"

/SHOWHIDE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\ohjelmat\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\ohjelmat\RivaTuner v2.06\RivaTuner.exe" /S
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\ohjelmat\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F

-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-

2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTuner] "C:\ohjelmat\RivaTuner v2.06\RivaTuner.exe" /T
O4 - HKCU\..\Run: [AnyDVD] C:\ohjelmat\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [Fraps] C:\OHJELMAT\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\ohjelmat\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [C:\ohjelmat\NetMeter\NetMeter.exe] C:\ohjelmat\NetMeter\NetMeter.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\ohjelmat\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\RunOnce: [EVEREST AutoStart] C:\ohjelmat\Everest Ultimate\everest.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: FreshDownload - {50462A2A-9E5D-4BDA-AAF8-EC0B32036768} -

C:\ohjelmat\FreshDevices\FreshDownload\fd.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ohjelmat\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\ohjelmat\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} -

C:\Windows\system32\browseui.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program

Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\ohjelmat\CPUCooL\CooLSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\ohjelmat\Norton

AntiVirus\isPwdSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common

Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\AppCore\AppSvc32.exe

--
End of file - 8869 bytes


ja tota jos joku tietää miten tuon wmplayerin sais niin ettei se käynnisty aina kun koneen käynnistää niin voisko kertoo (ei löydy startup listalta eikä käynnistä kansiosta)

 

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

nyt se väheni noin 10% idlessä joka on kasittääkseni ihan normaali vistassa? mutta katso vielä jos näet jotain epäilyttävää joka voi tulevaisuudessa aiheuttaa ongelmia

ComboFix 08-03-05.3 - Persojet 2008-03-06 15:53:36.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.1243 [GMT 2:00]
Running from: C:\Users\Persojet\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\setup.exe

.
((((((((((((((((((((((((( Files Created from 2008-02-06 to 2008-03-06 )))))))))))))))))))))))))))))))
.

2008-03-05 20:30 . 2008-03-05 20:31 <DIR> d-------- C:\Users\Persojet\AppData\Roaming\Media Player Classic
2008-03-05 19:49 . 2008-03-05 19:51 <DIR> d-------- C:\Users\Persojet\AppData\Roaming\BSplayer PRO
2008-03-05 19:00 . 2008-03-05 19:00 <DIR> d-------- C:\Users\Persojet\AppData\Roaming\Grisoft
2008-03-05 19:00 . 2008-03-05 19:00 <DIR> d-------- C:\Users\All Users\Grisoft
2008-03-05 19:00 . 2008-03-05 19:00 <DIR> d-------- C:\ProgramData\Grisoft
2008-03-05 19:00 . 2007-05-30 14:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-03-03 18:36 . 2008-03-03 18:36 <DIR> dr-h----- C:\Users\Persojet\AppData\Roaming\SecuROM
2008-03-02 13:18 . 2008-03-02 13:18 <DIR> d-------- C:\Users\All Users\Ubisoft
2008-03-02 13:18 . 2008-03-02 13:18 <DIR> d-------- C:\ProgramData\Ubisoft
2008-03-01 22:17 . 2008-01-08 22:00 799,424 -ra------ C:\Windows\System32\tmp3CB4.tmp
2008-03-01 22:17 . 2008-01-08 22:00 799,424 -ra------ C:\Windows\System32\tmp3679.tmp
2008-03-01 22:16 . 2008-03-04 17:00 <DIR> d-------- C:\Users\Persojet\AppData\Roaming\mIRC
2008-03-01 20:05 . 1999-11-02 10:01 6,173 --a------ C:\Windows\System32\drivers\Entech.vxd
2008-03-01 20:05 . 2004-06-22 15:44 5,632 --a------ C:\Windows\System32\drivers\Entech64.sys
2008-03-01 20:05 . 2001-11-19 19:05 3,972 --a------ C:\Windows\System32\drivers\PciBus.sys
2008-02-27 20:01 . 2008-02-27 20:00 691,545 --a------ C:\Windows\unins000.exe
2008-02-27 20:01 . 2008-02-27 20:01 2,546 --a------ C:\Windows\unins000.dat
2008-02-26 17:49 . 2008-02-26 17:49 0 --a------ C:\Windows\Irremote.ini
2008-02-24 18:55 . 2008-02-24 18:55 <DIR> d-------- C:\Windows\Applian FLV Player
2008-02-24 16:32 . 2008-02-24 18:56 <DIR> d-------- C:\Program Files\OpenAL
2008-02-24 16:32 . 2006-12-14 20:47 782,336 -ra------ C:\Windows\System32\tmp197C.tmp
2008-02-24 16:32 . 2008-03-01 22:17 418,480 --a------ C:\Windows\System32\wrap_oal.dll
2008-02-24 16:32 . 2008-03-01 22:17 115,432 --a------ C:\Windows\System32\OpenAL32.dll
2008-02-23 21:17 . 2008-02-23 21:17 <DIR> d-------- C:\Program Files\DivX
2008-02-23 21:17 . 2008-02-23 21:17 679 --a------ C:\Windows\mozver.dat
2008-02-21 04:05 . 2008-02-21 04:05 1,044,480 --a------ C:\Windows\System32\libdivx.dll
2008-02-21 04:05 . 2008-02-21 04:05 200,704 --a------ C:\Windows\System32\ssldivx.dll
2008-02-20 15:50 . 2008-02-20 15:50 <DIR> d-------- C:\Program Files\Nero
2008-02-20 15:50 . 2008-02-26 17:51 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-02-19 22:41 . 2008-02-19 22:41 <DIR> d-------- C:\Users\Persojet\AppData\Roaming\DAEMON Tools Pro
2008-02-19 22:41 . 2008-02-19 22:41 <DIR> d-------- C:\Users\All Users\DAEMON Tools Pro
2008-02-19 22:41 . 2008-02-19 22:41 <DIR> d-------- C:\ProgramData\DAEMON Tools Pro
2008-02-19 20:33 . 2008-03-04 22:10 <DIR> d-------- C:\Users\Persojet\AppData\Roaming\LimeWire
2008-02-19 04:13 . 2008-02-19 04:13 315,392 --a------ C:\Windows\HideWin.exe
2008-02-19 04:05 . 2008-02-19 04:05 <DIR> d-------- C:\Users\Persojet\{ad3d36e2-5184-49c2-b24d-94ec1b3772e0}
2008-02-19 04:04 . 2008-02-19 04:04 <DIR> d-------- C:\Program Files\Realtek AC97
2008-02-19 04:04 . 2006-07-31 11:19 315,392 --a------ C:\Windows\alcupd.exe
2008-02-19 04:04 . 2006-07-31 11:27 217,088 --a------ C:\Windows\alcrmv.exe
2008-02-19 00:11 . 2008-02-19 00:11 278,728 --a------ C:\Windows\System32\drivers\atksgt.sys
2008-02-19 00:11 . 2008-02-19 00:11 25,416 --a------ C:\Windows\System32\drivers\lirsgt.sys
2008-02-18 16:15 . 2008-02-18 16:15 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-18 16:15 . 2008-02-18 16:15 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-18 16:13 . 2008-02-18 16:13 613,888 --a------ C:\Windows\System32\wpd_ci.dll
2008-02-18 16:13 . 2008-02-18 16:13 558,080 --a------ C:\Windows\System32\oleaut32.dll
2008-02-18 16:13 . 2008-02-18 16:13 260,096 --a------ C:\Windows\System32\dpx.dll
2008-02-18 16:13 . 2008-02-18 16:13 224,824 --a------ C:\Windows\System32\clfs.sys
2008-02-18 16:13 . 2008-02-18 16:13 221,696 --a------ C:\Windows\System32\umpnpmgr.dll
2008-02-18 16:13 . 2008-02-18 16:13 101,888 --a------ C:\Windows\System32\drvinst.exe
2008-02-18 16:13 . 2008-02-18 16:13 19,456 --a------ C:\Windows\System32\cfgmgr32.dll
2008-02-18 16:13 . 2008-02-18 16:13 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-02-18 16:08 . 2008-02-18 16:08 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-18 16:08 . 2008-02-18 16:08 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-02-18 16:08 . 2008-02-18 16:08 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-02-18 16:08 . 2008-02-18 16:08 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-02-18 16:08 . 2008-02-18 16:08 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-02-18 16:08 . 2008-02-18 16:08 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-02-18 16:08 . 2008-02-18 16:08 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
2008-02-18 16:07 . 2008-02-18 16:07 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-18 16:07 . 2008-02-18 16:07 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-18 16:07 . 2008-02-18 16:07 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-18 16:07 . 2008-02-18 16:07 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-18 16:07 . 2008-02-18 16:07 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-18 16:07 . 2008-02-18 16:07 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-18 16:07 . 2008-02-18 16:07 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-02-18 16:03 . 2008-02-18 16:03 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-16 23:57 . 2008-02-16 23:57 <DIR> d-------- C:\Windows\System32\AGEIA
2008-02-16 23:57 . 2008-03-04 16:09 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-16 23:57 . 2008-02-16 23:57 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-02-15 16:04 . 2008-10-02 20:30 60,273 --a------ C:\Windows\System32\pthreadGC2.dll
2008-02-12 16:02 . 2008-02-12 16:02 292,352 --a------ C:\Windows\System32\psisdecd.dll
2008-02-12 16:02 . 2008-02-12 16:02 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-02-12 16:02 . 2008-02-12 16:02 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-02-12 16:02 . 2008-02-12 16:02 68,608 --a------ C:\Windows\System32\Mpeg2Data.ax
2008-02-12 16:02 . 2008-02-12 16:02 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-02-11 20:44 . 2008-02-26 22:04 <DIR> d-------- C:\Program Files\ffdshow
2008-02-11 20:44 . 2007-12-24 13:49 7,680 --a------ C:\Windows\System32\ff_vfw.dll
2008-02-11 20:44 . 2007-12-07 18:28 6,144 --a------ C:\Windows\System32\ff_acm.acm
2008-02-11 20:44 . 2007-07-10 17:10 547 --a------ C:\Windows\System32\ff_vfw.dll.manifest
2008-02-11 20:20 . 2008-02-11 20:20 <DIR> d-------- C:\Program Files\Webteh
2008-02-11 17:37 . 2008-02-11 17:39 <DIR> d-------- C:\Users\Persojet\AppData\Roaming\FLV Extract
2008-02-06 21:07 . 2008-02-26 19:20 54,156 --ah----- C:\Windows\QTFont.qfn
2008-02-06 21:07 . 2008-02-06 21:07 1,409 --a------ C:\Windows\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-06 13:10 --------- d---a-w C:\ProgramData\TEMP
2008-03-05 22:13 --------- d-----w C:\Users\Persojet\AppData\Roaming\uTorrent
2008-03-05 16:05 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-03-05 15:23 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-03-05 14:23 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-03-04 20:11 --------- d-----w C:\Users\Persojet\AppData\Roaming\dvdcss
2008-03-01 18:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-01 17:21 --------- d-----w C:\Program Files\Common Files\Steam
2008-02-27 14:26 --------- d-----w C:\Program Files\Common Files\Microsoft Games
2008-02-27 13:55 --------- d-----w C:\Program Files\Microsoft Games
2008-02-27 13:00 --------- d-----w C:\ProgramData\NVIDIA
2008-02-26 17:04 --------- d-----w C:\ProgramData\WLInstaller
2008-02-26 15:51 --------- d-----w C:\ProgramData\Nero
2008-02-20 01:12 --------- d-----w C:\ProgramData\Symantec
2008-02-20 01:12 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-18 22:11 --------- d-----w C:\ProgramData\Media Center Programs
2008-02-18 14:07 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-18 14:07 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-18 14:07 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-18 14:07 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-18 14:04 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-18 14:04 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-18 14:04 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-18 14:04 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-05 19:06 97,216 ----a-w C:\Windows\system32\drivers\AnyDVD.sys
2008-02-05 16:57 5,632 ----a-w C:\Windows\System32\BReWErS.dll
2008-02-05 14:16 --------- d-----w C:\Users\Persojet\AppData\Roaming\NetMeter
2008-02-03 17:11 22,328 ----a-w C:\Users\Persojet\AppData\Roaming\PnkBstrK.sys
2008-02-03 15:48 --------- d-----w C:\ProgramData\Steam
2008-02-03 15:48 --------- d-----w C:\ProgramData\PopCap Games
2008-02-01 15:40 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-01-31 18:56 --------- d-----w C:\Users\Persojet\AppData\Roaming\Microsoft Games
2008-01-31 18:36 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-31 12:26 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-01-31 12:25 --------- d-----w C:\ProgramData\NVIDIA Corporation
2008-01-31 11:59 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-31 11:33 --------- d-----w C:\Users\Persojet\AppData\Roaming\FreeStone Group
2008-01-31 11:33 --------- d-----w C:\Program Files\Video Card Stability Test
2008-01-30 20:36 --------- d-----w C:\Users\Persojet\AppData\Roaming\InstallShield Installation Information
2008-01-30 17:44 --------- d-----w C:\Users\Persojet\AppData\Roaming\Nero
2008-01-30 14:51 --------- d-----w C:\Program Files\Common Files\Futuremark Shared
2008-01-29 03:20 2,177,576 ----a-w C:\Windows\TBPanel.exe
2008-01-28 18:31 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-01-28 18:11 --------- d-----w C:\Users\Persojet\AppData\Roaming\Softplicity
2008-01-28 18:01 --------- d-----w C:\Users\Persojet\AppData\Roaming\Azureus
2008-01-27 18:59 --------- d-----w C:\Users\Persojet\AppData\Roaming\Microsoft Game Studios
2008-01-27 16:53 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-01-27 11:22 --------- d-----w C:\Users\Persojet\AppData\Roaming\Apple Computer
2008-01-27 11:02 --------- d-----w C:\Program Files\Java
2008-01-27 11:01 --------- d-----w C:\Program Files\Common Files\Java
2008-01-27 02:27 229,888 ----a-w C:\Windows\System32\msshsq.dll
2008-01-27 02:23 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-27 02:23 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-01-27 02:23 --------- d-----w C:\Program Files\Windows Mail
2008-01-27 02:23 --------- d-----w C:\Program Files\Windows Journal
2008-01-27 02:23 --------- d-----w C:\Program Files\Windows Defender
2008-01-27 02:23 --------- d-----w C:\Program Files\Windows Collaboration
2008-01-27 02:23 --------- d-----w C:\Program Files\Windows Calendar
2008-01-27 00:58 --------- d-----w C:\ProgramData\Apple Computer
2008-01-27 00:57 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-27 00:29 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-27 00:29 --------- d-----w C:\Program Files\Windows Live
2008-01-27 00:16 --------- d-----w C:\Users\Persojet\AppData\Roaming\vlc
2008-01-26 23:58 --------- d-----w C:\Users\Persojet\AppData\Roaming\DAEMON Tools
2008-01-26 23:57 --------- d-----w C:\ProgramData\SlySoft
2008-01-26 23:54 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-01-26 23:43 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-01-26 23:43 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-01-26 23:43 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-01-26 23:43 --------- d-----w C:\Program Files\Symantec
2008-01-26 23:23 --------- d-----w C:\ProgramData\LogiShrd
2008-01-26 23:22 --------- d-----w C:\Users\Persojet\AppData\Roaming\Logitech
2008-01-26 23:19 174 --sha-w C:\Program Files\desktop.ini
2008-01-26 23:08 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-01-26 23:08 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-01-26 23:08 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-01-26 23:07 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-01-26 23:07 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-01-26 23:07 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-01-26 23:07 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-01-26 23:07 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-01-26 23:07 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-01-26 23:07 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-01-26 23:07 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-01-26 23:07 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-01-26 23:07 2,923,520 ----a-w C:\Windows\explorer.exe
2008-01-26 23:07 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-01-26 23:05 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-01-26 23:05 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-01-26 23:02 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-01-26 23:01 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-01-26 23:01 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-01-26 23:01 414,208 ----a-w C:\Windows\System32\msscp.dll
2008-01-26 23:01 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-01-26 23:01 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-01-26 23:01 --------- d-----w C:\Users\Persojet\AppData\Roaming\InstallShield
2008-01-26 23:01 --------- d-----w C:\ProgramData\Logitech
2008-01-26 23:01 --------- d-----w C:\Program Files\Logitech
2008-01-26 23:01 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-01-26 23:00 86,016 ----a-w C:\Windows\System32\icfupgd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="C:\ohjelmat\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-02-06 12:06 1682368]
"Fraps"="C:\OHJELMAT\FRAPS\FRAPS.EXE" [2006-10-26 11:44 2838528]
"AlcoholAutomount"="C:\ohjelmat\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 09:20 222080]
"C:\ohjelmat\NetMeter\NetMeter.exe"="C:\ohjelmat\NetMeter\NetMeter.exe" [2007-08-11 15:50 331264]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:34 125440]
"DAEMON Tools Pro Agent"="C:\ohjelmat\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08 136136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-27 01:04 1006264]
"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 17:43 2051096]
"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 17:57 2095640]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\Windows\KHALMNPR.Exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 08:59 115816]
"UnlockerAssistant"="C:\ohjelmat\Unlocker\UnlockerAssistant.exe" [2006-09-07 19:19 15872]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"RivaTunerStartupDaemon"="C:\ohjelmat\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 20:05 2650112]
"Adobe Reader Speed Launcher"="C:\ohjelmat\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 17:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 17:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 17:06 81920]
"RivaTuner"="C:\ohjelmat\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 20:05 2650112]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-01-27 01:10:11 784912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B8237245-1C08-40AF-8356-A566574AEF1E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{C8C3C5D8-8686-4E76-B935-3134EA57646E}"= UDP:E:\Pelit\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{B8F22B6A-52AA-4306-99F8-5B4A45537086}"= TCP:E:\Pelit\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{6F739651-719B-484E-BC2F-75F0D801A18A}"= UDP:E:\Pelit\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{7F0BC3F9-2F7A-4FF8-A4E5-7E577030D7E9}"= TCP:E:\Pelit\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"TCP Query User{2854EC39-030F-4841-8123-FDB33C4AB0F2}C:\ohjelmat\azureus\azureus.exe"= UDP:C:\ohjelmat\azureus\azureus.exe:Azureus|Desc=Azureus
"UDP Query User{52D444AB-52EB-489F-B23B-22497C30228E}C:\ohjelmat\azureus\azureus.exe"= TCP:C:\ohjelmat\azureus\azureus.exe:Azureus|Desc=Azureus
"{CA2BED9C-4277-4F9A-B805-C2FFA4E8CAA2}"= UDP:C:\ohjelmat\µTorrent\utorrent.exe:µTorrent
"{262F6284-2EA0-4850-92F3-99A33E83B689}"= TCP:C:\ohjelmat\µTorrent\utorrent.exe:µTorrent
"{7580892F-46BA-43EE-ABF8-A5B72B10FCBD}"= UDP:E:\Pelit\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{C31381B0-BFA7-4878-B5EC-D99C10CB5B21}"= TCP:E:\Pelit\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"TCP Query User{CD95FABC-5F6F-4502-8037-CE248FCFEDD3}C:\ohjelmat\videolan\vlc\vlc.exe"= UDP:C:\ohjelmat\videolan\vlc\vlc.exe:VLC media player|Desc=VLC media player
"UDP Query User{538F9562-3BEE-4A68-A522-50D1DDF41C01}C:\ohjelmat\videolan\vlc\vlc.exe"= TCP:C:\ohjelmat\videolan\vlc\vlc.exe:VLC media player|Desc=VLC media player
"{42C3A2E2-C41A-4521-A422-68EE0182EE12}"= UDP:C:\ohjelmat\µTorrent\utorrent.exe:µTorrent
"{375F7534-4FE2-4D4A-BE6C-57AAB71ACC07}"= TCP:C:\ohjelmat\µTorrent\utorrent.exe:µTorrent
"{35B1C5D2-F41E-417D-9EAE-BC56EAA91FDF}"= UDP:E:\demot\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo
"{842E6437-6AC0-487B-8293-06C057656016}"= TCP:E:\demot\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo
"TCP Query User{ACBF5659-21EF-49BD-9A11-652D89D44AA1}E:\pelit\steam\steamapps\91samppa91\counter-strike source\hl2.exe"= UDP:E:\pelit\steam\steamapps\91samppa91\counter-strike source\hl2.exe:hl2|Desc=hl2
"UDP Query User{77D67326-0C11-4F5D-9E06-1FCCEBD2F066}E:\pelit\steam\steamapps\91samppa91\counter-strike source\hl2.exe"= TCP:E:\pelit\steam\steamapps\91samppa91\counter-strike source\hl2.exe:hl2|Desc=hl2
"TCP Query User{C1DF1594-A213-4A9A-849A-818F9BAD3CCC}E:\pelit\steam\steamapps\91samppa91\source dedicated server\srcds.exe"= UDP:E:\pelit\steam\steamapps\91samppa91\source dedicated server\srcds.exe:srcds|Desc=srcds
"UDP Query User{24AAE8BE-05D6-4349-A92B-7E6C399029AB}E:\pelit\steam\steamapps\91samppa91\source dedicated server\srcds.exe"= TCP:E:\pelit\steam\steamapps\91samppa91\source dedicated server\srcds.exe:srcds|Desc=srcds
"{2E56FA59-2C53-4DA7-B2A8-9878050A4D03}"= UDP:E:\Pelit\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
"{26B5E306-7891-4134-B4A4-4E8FC1118D6A}"= TCP:E:\Pelit\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
"{97C9CAD7-2893-46FD-8583-99B7ACD49C3E}"= UDP:E:\Pelit\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{A66F9324-BF55-4FAE-8556-19B85806BD55}"= TCP:E:\Pelit\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{C7BA993F-F7F6-4FCB-8875-CA80956939DA}"= UDP:E:\Pelit\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{375CC643-6664-494D-B0D1-CED953FA3361}"= TCP:E:\Pelit\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{03933AF6-4EE5-4958-81CD-C9CB1B646FD9}"= UDP:E:\Pelit\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{137A45A2-9563-4060-A055-8D2244FF2215}"= TCP:E:\Pelit\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{2000650B-7546-4896-9DDD-8EAEF4F06598}"= UDP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{98541AEE-29EB-4DF4-9846-772431A2C538}"= TCP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{BD608C05-4C68-413F-A504-DFDACF4BE0D4}"= UDP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{19B60FBD-4142-4C6D-8EAF-EDF38F3E9E99}"= TCP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{9EBD8B03-1E2C-49FC-B8AD-8D7B56DADB86}"= UDP:E:\Pelit\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{B55A9797-40A6-4A48-B6EB-34E1B365861D}"= TCP:E:\Pelit\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{ECC72B65-BF05-4597-9A9B-F81DEB5C420A}C:\ohjelmat\the all-seeing eye\eye.exe"= UDP:C:\ohjelmat\the all-seeing eye\eye.exe:Yahoo! All-Seeing Eye|Desc=Yahoo! All-Seeing Eye
"UDP Query User{054753AD-D6BD-4AD3-AE3A-50F79253087E}C:\ohjelmat\the all-seeing eye\eye.exe"= TCP:C:\ohjelmat\the all-seeing eye\eye.exe:Yahoo! All-Seeing Eye|Desc=Yahoo! All-Seeing Eye
"{E81BDC2D-B328-4FDD-BF12-26928CDA128D}"= UDP:E:\Pelit\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{1F5686FE-DE5C-4528-8715-2D67D76CE618}"= TCP:E:\Pelit\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"TCP Query User{17F26E2B-D7AC-49FD-9066-B2CF37B0231C}C:\ohjelmat\mozilla firefox\firefox.exe"= UDP:C:\ohjelmat\mozilla firefox\firefox.exe:Firefox|Desc=Firefox
"UDP Query User{86BFC8B6-B0F8-45B1-BE26-904AE82CEB4E}C:\ohjelmat\mozilla firefox\firefox.exe"= TCP:C:\ohjelmat\mozilla firefox\firefox.exe:Firefox|Desc=Firefox
"TCP Query User{B0F94564-BEC8-4439-831B-97A3334A79DB}C:\ohjelmat\videolan\vlc\vlc.exe"= UDP:C:\ohjelmat\videolan\vlc\vlc.exe:VLC media player|Desc=VLC media player
"UDP Query User{B40990B5-70CF-4FA1-A3C3-19998FFF5063}C:\ohjelmat\videolan\vlc\vlc.exe"= TCP:C:\ohjelmat\videolan\vlc\vlc.exe:VLC media player|Desc=VLC media player
"TCP Query User{54736789-FF98-43DD-BE20-7F597F83B2C5}E:\demot\unreal tournament 3 demo\binaries\ut3demo.exe"= UDP:E:\demot\unreal tournament 3 demo\binaries\ut3demo.exe:UT3Demo|Desc=UT3Demo
"UDP Query User{E8A882DF-8AC7-4916-8F98-B705F2779A35}E:\demot\unreal tournament 3 demo\binaries\ut3demo.exe"= TCP:E:\demot\unreal tournament 3 demo\binaries\ut3demo.exe:UT3Demo|Desc=UT3Demo
"TCP Query User{245FA07B-6F9F-48B0-B7D5-103A88C3B20B}E:\pelit\ea games\battlefield 2\bf2.exe"= UDP:E:\pelit\ea games\battlefield 2\bf2.exe:BF2|Desc=BF2
"UDP Query User{60DB45E8-7E34-471A-85F5-5B81766E4B39}E:\pelit\ea games\battlefield 2\bf2.exe"= TCP:E:\pelit\ea games\battlefield 2\bf2.exe:BF2|Desc=BF2
"TCP Query User{74F50E38-29D7-482D-88D2-7950B2F92AE1}E:\pelit\thq\company of heroes\reliccoh.exe"= UDP:E:\pelit\thq\company of heroes\reliccoh.exe:RelicCOH|Desc=RelicCOH
"UDP Query User{083E59BC-55AA-46D3-8905-EE35AD7A7DC1}E:\pelit\thq\company of heroes\reliccoh.exe"= TCP:E:\pelit\thq\company of heroes\reliccoh.exe:RelicCOH|Desc=RelicCOH
"{128415B8-1F7E-4A68-AB36-B6F0DDF05433}"= UDP:E:\Pelit\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne
"{5DEEBCA5-0D38-4773-B12F-5FF3F6F354AF}"= TCP:E:\Pelit\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne
"TCP Query User{DD7E3435-67B0-43C4-8636-C19B365B2F34}E:\pelit\thq\company of heroes\archive.exe"= UDP:E:\pelit\thq\company of heroes\archive.exe:Archive|Desc=Archive
"UDP Query User{C952A581-9AC4-4F5A-B7D6-B3A4816B1B65}E:\pelit\thq\company of heroes\archive.exe"= TCP:E:\pelit\thq\company of heroes\archive.exe:Archive|Desc=Archive
"{36CBCAC0-FFC2-4DC6-8231-EA5E37E50C94}"= UDP:E:\Pelit\Ubisoft\THE SETTLERS - Rise of an Empire\base\bin\Settlers6.exe:THE SETTLERS - Rise of an Empire
"{B4A955D7-D7FA-4FB9-BB69-04A5B9CA2461}"= TCP:E:\Pelit\Ubisoft\THE SETTLERS - Rise of an Empire\base\bin\Settlers6.exe:THE SETTLERS - Rise of an Empire
"TCP Query User{87BC1C48-86AB-4421-98E6-2751D7A9EAE3}C:\ohjelmat\freshdevices\freshdownload\fdgo.exe"= UDP:C:\ohjelmat\freshdevices\freshdownload\fdgo.exe:fdgo|Desc=fdgo
"UDP Query User{05DD06BD-02FB-4192-B0E9-C7B79E855894}C:\ohjelmat\freshdevices\freshdownload\fdgo.exe"= TCP:C:\ohjelmat\freshdevices\freshdownload\fdgo.exe:fdgo|Desc=fdgo
"TCP Query User{314F15F9-B6B1-4CB0-8577-D47E0A1D27FC}E:\pelit\bohemia interactive\arma\beta\arma.exe"= UDP:E:\pelit\bohemia interactive\arma\beta\arma.exe:ArmA|Desc=ArmA
"UDP Query User{CCA6D4EF-51B6-4D71-AB86-542733722F97}E:\pelit\bohemia interactive\arma\beta\arma.exe"= TCP:E:\pelit\bohemia interactive\arma\beta\arma.exe:ArmA|Desc=ArmA
"{D0DCBA84-9223-4BB3-B1DA-F096F291BE3A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{9D8D4AB1-616B-4D1E-A758-49B0BC160A14}"= UDP:E:\Pelit\Eidos\Conflict Denied Ops\ConflictDeniedOps.exe:Conflict: Denied Ops
"{4191E98B-672E-4F0D-9362-E61BEF83B923}"= TCP:E:\Pelit\Eidos\Conflict Denied Ops\ConflictDeniedOps.exe:Conflict: Denied Ops
"TCP Query User{03265DBA-BE15-4958-A912-FEBF52E46FF1}C:\lataukset\[pc] tom clancy's splinter cell double agent [rip] [dopeman]\tcscda\scda-offline\system\splintercell4.exe"= UDP:C:\lataukset\[pc] tom clancy's splinter cell double agent [rip] [dopeman]\tcscda\scda-offline\system\splintercell4.exe:SplinterCell4|Desc=SplinterCell4
"UDP Query User{83E4F21F-DB17-4426-B621-A603B2EF25E9}C:\lataukset\[pc] tom clancy's splinter cell double agent [rip] [dopeman]\tcscda\scda-offline\system\splintercell4.exe"= TCP:C:\lataukset\[pc] tom clancy's splinter cell double agent [rip] [dopeman]\tcscda\scda-offline\system\splintercell4.exe:SplinterCell4|Desc=SplinterCell4
"TCP Query User{7993EE74-4839-424E-87E0-80407112CAAE}C:\ohjelmat\mirc\mirc.exe"= UDP:C:\ohjelmat\mirc\mirc.exe:mIRC|Desc=mIRC
"UDP Query User{022C72F2-C099-4975-874B-FCB5170A1257}C:\ohjelmat\mirc\mirc.exe"= TCP:C:\ohjelmat\mirc\mirc.exe:mIRC|Desc=mIRC
"TCP Query User{88862ADB-3705-45C6-ABFE-8D56A58F1C11}C:\ohjelmat\mirc\mirc crack\mirc.exe"= UDP:C:\ohjelmat\mirc\mirc crack\mirc.exe:mIRC|Desc=mIRC
"UDP Query User{295B5D4C-2A94-479B-ACB8-92DEE9ECEB0B}C:\ohjelmat\mirc\mirc crack\mirc.exe"= TCP:C:\ohjelmat\mirc\mirc crack\mirc.exe:mIRC|Desc=mIRC

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\IDS-DI~1\20080305.002\IDSvix86.sys [2008-02-13 18:18]
R1 ntiomin;ntiomin;C:\Windows\system32\drivers\ntiomin.sys [2007-11-17 16:24]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\ohjelmat\Everest Ultimate\kerneld.wnt [2007-08-19 14:38]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 19:55]
S1 SysTool;SysTool Overclocking Utility;C:\Windows\system32\DRIVERS\SysTool.sys [2006-11-10 15:08]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-02-29 17:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33d01593-def1-11dc-a5e2-0018f3cc7ea9}]
\shell\AutoRun\command - G:\autorun.exe autorun.hta

*Newly Created Service* - AVGASCLN
.
Contents of the 'Scheduled Tasks' folder
"2008-03-03 19:35:31 C:\Windows\Tasks\Norton AntiVirus - Run Full System Scan - Persojet.job"
- C:\ohjelmat\Norton AntiVirus\Navw32.exeB/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-06 15:56:12
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\\ohjelmat\\NetMeter\\NetMeter.exe"="C:\\ohjelmat\\NetMeter\\NetMeter.exe"
.
Completion time: 2008-03-06 15:56:50
ComboFix-quarantined-files.txt 2008-03-06 13:56:48
.
2008-03-02 19:34:39 --- E O F ---

 

scannaa uusi hjt:n loki

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:12:16, on 6.3.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\ohjelmat\Unlocker\UnlockerAssistant.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\ohjelmat\RivaTuner v2.06\RivaTuner.exe
C:\ohjelmat\SlySoft\AnyDVD\AnyDVDtray.exe
C:\ohjelmat\Fraps\fraps.exe
C:\ohjelmat\NetMeter\NetMeter.exe
C:\Windows\ehome\ehtray.exe
C:\ohjelmat\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\ohjelmat\Everest Ultimate\everest.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\ohjelmat\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Persojet\Desktop\Selain\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\ohjelmat\FreshDevices\FreshDownload\FDCatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ohjelmat\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\ohjelmat\FreshDevices\FreshDownload\fdiebar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\ohjelmat\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\ohjelmat\RivaTuner v2.06\RivaTuner.exe" /S
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\ohjelmat\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTuner] "C:\ohjelmat\RivaTuner v2.06\RivaTuner.exe" /T
O4 - HKCU\..\Run: [AnyDVD] C:\ohjelmat\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [Fraps] C:\OHJELMAT\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\ohjelmat\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [C:\ohjelmat\NetMeter\NetMeter.exe] C:\ohjelmat\NetMeter\NetMeter.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\ohjelmat\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: FreshDownload - {50462A2A-9E5D-4BDA-AAF8-EC0B32036768} - C:\ohjelmat\FreshDevices\FreshDownload\fd.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ohjelmat\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ohjelmat\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\ohjelmat\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\ohjelmat\CPUCooL\CooLSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\ohjelmat\Norton AntiVirus\isPwdSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 8244 bytes

 

Lataa Atribunen ATF Cleaner

Ohjeet;

Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.
Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Jos käytät Operaa selaimenasiKlikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)

 

sori kesti vähän vastaa, juu tein ton cleaner jutun ja se vapautti tilaa huikeat 37GB

 

ok ei lokissa muuta.