kone kaatuilee tasaisin väliajoin

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:46:24, on 21.4.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SiS VGA Utilities\SiSTray.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\ProgramData\bghpznsq\ingfyryv.exe
C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.defaulthomepage.info
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SiSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TouchPadHotKey] C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [bghpznsq] C:\ProgramData\bghpznsq\ingfyryv.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: GlobeTrotter Connect.lnk = C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
O4 - Global Startup: WirelessSelector.lnk = ?
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/Unibet/FlashAX.cab
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: GtDetectSc - OptionNV - C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 7972 bytes

 

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.

========

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

ei löytänyt saastuneita tiedostoja...

 

mimonen loki tuosta combofixsistä tuli

 

no se löysi jotain. tälläsestä se aina herjaa kun se kaaatuu ja tulee sininen tausta
R3 GT72UBUS;GT 72 U BUS;C:\Windows\system32\DRIVERS\gt72ubus.sys [2007-10-09 12:53]


ja tossa loput:

ComboFix 08-05-08.1 - Esprimo 2008-05-09 11:48:23.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1035.18.230 [GMT 3:00]
Running from: C:\Users\Esprimo\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-04-09 to 2008-05-09 )))))))))))))))))
.

2008-05-07 19:00 . 2008-05-07 19:03 1,070 --a------ C:\MIDNIGHT.CLUB.2.V1.0.ENG.RAZOR1911.NOCD.ZIP
2008-05-07 18:46 . 2008-05-07 18:46 <KANSIO> d-------- C:\Program Files\Rockstar Games
2008-05-07 17:02 . 2008-05-07 17:05 <KANSIO> d-------- C:\Users\All Users\Adobe
2008-05-07 16:59 . 2008-05-07 17:03 <KANSIO> d-------- C:\Program Files\Common Files\Adobe
2008-05-03 15:22 . 2008-05-03 15:22 <KANSIO> d-------- C:\Users\Esprimo\Program Files
2008-05-03 00:36 . 2008-05-03 00:36 <KANSIO> d-------- C:\Program Files\BitTorrent
2008-05-02 23:26 . 2008-05-02 23:27 531,768 --a------ C:\WindowsXP-KB922120-v5-x86-FIN.exe
2008-05-02 22:52 . 2008-05-02 22:52 <KANSIO> d-------- C:\Users\Esprimo\AppData\Roaming\PeerNetworking
2008-05-02 18:44 . 2008-05-06 12:39 <KANSIO> d-------- C:\Users\Esprimo\AppData\Roaming\BitTorrent
2008-05-02 18:42 . 2008-05-09 11:52 <KANSIO> d-------- C:\Users\Esprimo\AppData\Roaming\DNA
2008-05-02 18:42 . 2008-05-02 18:42 <KANSIO> d-------- C:\Program Files\DNA
2008-04-30 12:45 . 2008-04-30 12:47 4,178,432 --a------ C:\Nokia_Connectivity_Cable_Driver_rel_6_86_11_0_eng.msi
2008-04-30 12:45 . 2008-04-30 12:45 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-04-24 23:22 . 2008-04-24 23:22 <KANSIO> dr------- C:\Windows\System32\config\systemprofile\Music
2008-04-23 19:32 . 2008-05-08 23:39 109,091,263 --a------ C:\Windows\MEMORY.DMP
2008-04-22 13:31 . 2008-04-22 13:31 <KANSIO> d-------- C:\Program Files\CCleaner
2008-04-21 17:40 . 2008-04-21 17:40 <KANSIO> d-------- C:\Users\Esprimo\AppData\Roaming\Malwarebytes
2008-04-21 17:39 . 2008-04-21 17:39 <KANSIO> d-------- C:\Users\All Users\Malwarebytes
2008-04-21 17:39 . 2008-04-21 17:39 <KANSIO> d-------- C:\ProgramData\Malwarebytes
2008-04-21 17:39 . 2008-04-21 17:40 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-21 17:14 . 2008-04-21 17:33 <KANSIO> d-------- C:\Program Files\ComboFix
2008-04-21 15:44 . 2008-04-21 15:44 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-04-19 10:52 . 2008-04-19 10:52 <KANSIO> d-------- C:\Users\Esprimo\AppData\Roaming\Nero
2008-04-19 10:44 . 2008-04-19 10:44 <KANSIO> d-------- C:\Users\All Users\Nero
2008-04-19 10:44 . 2008-04-19 10:44 <KANSIO> d-------- C:\ProgramData\Nero
2008-04-19 10:44 . 2008-04-19 10:49 <KANSIO> d-------- C:\Program Files\Common Files\Nero
2008-04-18 20:00 . 2008-04-18 20:00 <KANSIO> d-------- C:\Users\Esprimo\AppData\Roaming\BSplayer Pro
2008-04-18 20:00 . 2008-04-26 17:41 <KANSIO> d-------- C:\Users\Esprimo\AppData\Roaming\BSplayer
2008-04-18 20:00 . 2008-04-18 20:00 <KANSIO> d-------- C:\Program Files\Webteh
2008-04-17 17:50 . 2008-04-17 17:50 <KANSIO> d-------- C:\Program Files\Gabest
2008-04-17 17:39 . 2008-04-17 17:39 <KANSIO> d-------- C:\Users\Esprimo\AppData\Roaming\CyberLink
2008-04-17 17:25 . 2008-04-17 17:37 <KANSIO> d-------- C:\Users\All Users\CyberLink
2008-04-17 17:25 . 2008-04-17 17:37 <KANSIO> d-------- C:\ProgramData\CyberLink
2008-04-17 17:17 . 2001-03-08 18:30 24,064 --------- C:\Windows\System32\msxml3a.dll
2008-04-17 17:14 . 2008-04-17 17:16 <KANSIO> d-------- C:\Program Files\CyberLink
2008-04-14 18:02 . 2008-04-14 18:02 <KANSIO> dr------- C:\Users\Administrator\Searches
2008-04-14 18:01 . 2008-04-14 18:01 <KANSIO> dr------- C:\Users\Administrator\Contacts
2008-04-14 18:01 . 2008-04-14 18:01 <KANSIO> d-------- C:\Users\Administrator\AppData\Roaming\PC Suite
2008-04-14 18:00 . 2008-04-14 18:02 <KANSIO> dr------- C:\Users\Administrator\Videos
2008-04-14 18:00 . 2008-04-14 18:02 <KANSIO> dr------- C:\Users\Administrator\Saved Games
2008-04-14 18:00 . 2008-04-14 18:02 <KANSIO> dr------- C:\Users\Administrator\Pictures
2008-04-14 18:00 . 2008-04-14 18:02 <KANSIO> dr------- C:\Users\Administrator\Music
2008-04-14 18:00 . 2008-04-14 18:02 <KANSIO> dr------- C:\Users\Administrator\Links
2008-04-14 18:00 . 2008-04-14 18:02 <KANSIO> dr------- C:\Users\Administrator\Downloads
2008-04-14 18:00 . 2008-04-14 18:02 <KANSIO> dr------- C:\Users\Administrator\Documents
2008-04-14 18:00 . 2008-04-14 18:02 <KANSIO> d--h----- C:\Users\Administrator\AppData
2008-04-14 18:00 . 2008-04-14 18:11 <KANSIO> d-------- C:\Users\Administrator
2008-04-14 18:00 . 2008-04-14 18:00 524,288 --ahs---- C:\Users\Administrator\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms
2008-04-14 18:00 . 2008-04-14 18:00 524,288 --ahs---- C:\Users\Administrator\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
2008-04-14 18:00 . 2008-05-09 11:48 262,144 --ah----- C:\Users\Administrator\ntuser.dat.LOG1
2008-04-14 18:00 . 2008-04-14 18:00 65,536 --ahs---- C:\Users\Administrator\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
2008-04-14 18:00 . 2008-04-14 18:00 0 --ah----- C:\Users\Administrator\ntuser.dat.LOG2
2008-04-14 17:52 . 2008-04-14 17:54 196,608 --a------ C:\Users\Esprimo\[ CD and DVD Appz ] Nero MPEG2 Video Codec Plugin.exe
2008-04-14 00:51 . 2008-04-14 00:51 <KANSIO> d-------- C:\MP_ROOT
2008-04-14 00:45 . 2008-04-14 00:45 <KANSIO> d-------- C:\Users\Esprimo\AppData\Roaming\Ahead
2008-04-13 18:36 . 2008-04-17 17:35 <KANSIO> d-------- C:\Program Files\DAEMON Tools
2008-04-13 18:29 . 2008-04-13 18:29 646,392 --a------ C:\Windows\System32\drivers\sptd.sys
2008-04-12 17:29 . 2008-04-12 17:30 <KANSIO> d-------- C:\Program Files\Microsoft Silverlight
2008-04-11 07:46 . 2000-05-15 19:47 432,128 --a------ C:\Program Files\MRABBI.EXE
2008-04-11 07:46 . 1998-06-07 15:01 21,648 --a------ C:\Windows\system\CTL3DV2.DLL
2008-04-11 07:46 . 1998-07-31 15:01 19,904 --a------ C:\Program Files\_ISREG16.DLL
2008-04-11 07:46 . 2008-04-11 07:46 0 --a------ C:\Windows\PROTOCOL.INI
2008-04-11 07:45 . 2008-04-11 07:46 <KANSIO> d-------- C:\Program Files\JAELISTA
2008-04-11 07:45 . 2008-04-11 07:46 <KANSIO> d-------- C:\Program Files\HELPIT
2008-04-11 07:45 . 2008-04-11 07:46 <KANSIO> d-------- C:\Program Files\DATA
2008-04-11 07:45 . 1998-02-06 22:25 259,072 --a------ C:\Windows\UN16040B.EXE
2008-04-11 07:45 . 1995-07-13 19:43 26,768 --a------ C:\Windows\system\CTL3D.DLL
2008-04-11 06:09 . 2008-04-26 00:42 <KANSIO> d-------- C:\Temp
2008-04-11 05:25 . 2008-04-11 05:25 <KANSIO> d-------- C:\Program Files\Xilisoft
2008-04-11 00:36 . 2008-04-21 18:46 <KANSIO> d-------- C:\Users\All Users\oxunstcz
2008-04-11 00:36 . 2008-04-21 18:46 <KANSIO> d-------- C:\Users\All Users\bghpznsq
2008-04-11 00:36 . 2008-04-21 18:46 <KANSIO> d-------- C:\ProgramData\oxunstcz
2008-04-11 00:36 . 2008-04-21 18:46 <KANSIO> d-------- C:\ProgramData\bghpznsq
2008-04-09 22:20 . 2008-02-15 02:19 944,184 --a------ C:\Windows\System32\winload.exe
2008-04-09 22:20 . 2008-02-19 08:10 620,088 --a------ C:\Windows\System32\ci.dll
2008-04-09 22:20 . 2008-02-29 09:39 371,712 --a------ C:\Windows\System32\srcore.dll
2008-04-09 22:20 . 2008-02-29 09:38 313,856 --a------ C:\Windows\System32\rstrui.exe
2008-04-09 22:20 . 2008-02-29 09:39 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-09 22:20 . 2008-02-29 09:51 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-09 22:20 . 2008-02-29 09:38 16,384 --a------ C:\Windows\System32\srdelayed.exe
2008-04-09 22:20 . 2008-02-29 09:34 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-04-09 22:20 . 2008-02-29 09:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-09 17:13 . 2008-02-21 07:43 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-04-09 17:10 . 2008-02-29 07:16 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-04-09 17:09 . 2007-12-16 14:42 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-04-09 17:09 . 2007-12-16 14:41 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
2008-04-09 00:09 . 2008-04-09 00:09 <KANSIO> d-------- C:\Users\All Users\Winamp Toolbar
2008-04-09 00:09 . 2008-04-09 00:09 <KANSIO> d-------- C:\ProgramData\Winamp Toolbar
2008-04-09 00:09 . 2008-04-09 00:09 <KANSIO> d-------- C:\Program Files\Winamp Toolbar

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-07 16:25 --------- d-----w C:\Users\Esprimo\AppData\Roaming\Microgaming
2008-05-07 15:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-06 19:08 --------- d-----w C:\Users\Esprimo\AppData\Roaming\Winamp
2008-04-30 09:49 --------- d-----w C:\Program Files\Nokia
2008-04-19 07:44 --------- d-----w C:\Program Files\Nero
2008-04-18 21:20 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-17 14:13 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-11 04:47 25,114 ----a-w C:\Program Files\DEISL1.ISU
2008-04-10 21:35 --------- d-----w C:\Users\Esprimo\AppData\Roaming\F-Secure
2008-04-09 23:53 --------- d-----w C:\Program Files\Windows Mail
2008-04-08 21:10 --------- d-----w C:\Program Files\Winamp
2008-04-08 16:13 --------- d-----w C:\Users\Esprimo\AppData\Roaming\Nokia Multimedia Player
2008-04-08 11:19 --------- d-----w C:\Program Files\F-Secure Internet Security
2008-04-05 13:57 --------- d-----w C:\Users\Esprimo\AppData\Roaming\Nokia
2008-04-02 16:48 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-01 19:25 --------- d-----w C:\Program Files\AC3Filter
2008-04-01 18:57 --------- d-----w C:\Program Files\ffdshow
2008-04-01 17:54 --------- d-----w C:\Program Files\LEAD Technologies, Inc
2008-03-31 20:37 --------- d-----w C:\ProgramData\PC Suite
2008-03-31 20:14 --------- d-----w C:\Users\Esprimo\AppData\Roaming\PC Suite
2008-03-31 20:05 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-03-31 20:05 --------- d-----w C:\Program Files\Common Files\Nokia
2008-03-31 20:00 --------- d-----w C:\ProgramData\Downloaded Installations
2008-03-31 18:27 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-31 18:27 --------- d-----w C:\Program Files\Windows Live
2008-03-31 17:58 --------- d-----w C:\ProgramData\WLInstaller
2008-03-31 17:23 --------- d-----w C:\Program Files\DC++
2008-03-31 16:11 --------- d-----w C:\Program Files\MP4 Player
2008-03-31 15:09 --------- d-----w C:\Program Files\Xvid
2008-03-31 12:22 --------- d-----w C:\Program Files\Option
2008-03-27 18:36 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-03-27 18:36 --------- d-----w C:\Program Files\Windows Defender
2008-03-27 18:36 --------- d-----w C:\Program Files\Windows Collaboration
2008-03-27 18:36 --------- d-----w C:\Program Files\Windows Calendar
2008-03-27 12:04 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-27 12:03 60,064 ----a-w C:\Windows\system32\drivers\fsdfw.sys
2008-03-27 11:55 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-03-27 11:55 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-03-27 11:55 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-03-27 11:55 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-03-27 11:53 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-03-27 11:53 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-03-27 11:53 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-03-27 11:53 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-03-27 11:53 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-03-27 11:53 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-03-27 11:53 2,048 ----a-w C:\Windows\System32\msxml6r.dll
2008-03-27 11:53 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-03-27 11:53 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-03-27 11:53 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-03-27 11:53 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-03-27 11:53 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-03-27 11:53 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-03-27 11:52 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-03-27 11:33 905,400 ----a-w C:\Windows\System32\winresume.exe
2008-03-27 11:32 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-03-27 11:31 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-03-27 11:31 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-03-27 11:31 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-03-27 11:31 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2008-03-27 11:31 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2008-03-27 11:31 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2008-03-27 11:31 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2008-03-27 11:31 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-03-27 11:31 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-03-27 11:31 193,536 ----a-w C:\Windows\system32\drivers\usbhub.sys
2008-03-27 11:31 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys
2008-03-27 11:30 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2008-03-27 11:30 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2008-03-27 11:30 39,936 ----a-w C:\Windows\System32\slcinst.dll
2008-03-27 11:30 351,232 ----a-w C:\Windows\System32\SLUI.exe
2008-03-27 11:30 33,280 ----a-w C:\Windows\System32\slwmi.dll
2008-03-27 11:30 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2008-03-27 11:30 223,232 ----a-w C:\Windows\System32\SLC.dll
2008-03-27 11:30 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2008-03-27 11:30 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2008-03-27 11:29 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-27 11:29 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-27 11:29 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-03-27 11:29 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-03-27 11:29 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-27 11:29 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-27 11:29 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-03-27 11:28 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-03-27 11:28 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-03-27 11:28 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-03-27 11:28 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-03-27 11:28 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-03-27 11:25 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-03-27 11:25 --------- d-----w C:\ProgramData\F-Secure
2008-03-27 11:22 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-03-27 11:22 --------- d-----w C:\ProgramData\fssg
2008-03-27 11:01 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-03-27 11:01 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-03-27 11:01 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-03-27 11:01 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-03-27 11:01 33,624 ----a-w C:\Windows\System32\wups.dll
2008-03-27 11:01 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-03-27 11:01 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-03-27 11:00 31,232 ----a-w C:\Windows\System32\wuapp.exe
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot@2008-04-21_17.32.37,38 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-21 13:59:20 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-09 04:12:19 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-04-09 23:53:02 51,200 ----a-w C:\Windows\inf\infpub.dat
+ 2008-04-29 10:49:13 51,200 ----a-w C:\Windows\inf\infpub.dat
- 2008-04-09 23:53:02 86,016 ----a-w C:\Windows\inf\infstor.dat
+ 2008-04-29 10:49:13 86,016 ----a-w C:\Windows\inf\infstor.dat
- 2008-04-09 23:51:59 86,016 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-04-29 10:49:12 86,016 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-04-30 09:50:07 3,262 ----a-r C:\Windows\Installer\{4F1DCA42-2030-437C-A94E-736692A499C1}\ARPPRODUCTICON.exe
+ 2008-05-07 14:05:00 295,606 ----a-r C:\Windows\Installer\{AC76BA86-7AD7-1035-7B44-A81200000003}\SC_Reader.exe
- 2008-04-21 13:59:22 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-08 20:39:41 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-04-21 13:59:22 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-05-08 20:39:41 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-04-21 14:14:51 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-05-09 08:12:26 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-21 14:05:36 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-08 20:42:18 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-04-21 14:16:18 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-05-09 08:47:58 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-21 14:05:30 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-08 20:42:52 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-08 20:42:52 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-04-21 13:09:48 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-09 07:49:20 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-21 13:09:48 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-09 07:49:20 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-21 13:09:48 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-09 07:49:20 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-21 14:17:26 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-05-09 08:48:14 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2007-11-29 07:39:42 16,896 ----a-w C:\Windows\System32\drivers\ccdcmb.sys
+ 2007-11-29 07:39:40 19,328 ----a-w C:\Windows\System32\drivers\ccdcmbo.sys
+ 2006-11-02 08:55:05 28,160 ----a-w C:\Windows\System32\drivers\usbser.sys
+ 2007-11-29 07:39:42 8,064 ----a-w C:\Windows\System32\drivers\usbser_lowerflt.sys
+ 2007-11-29 07:39:52 8,064 ----a-w C:\Windows\System32\drivers\usbser_lowerfltj.sys
+ 2007-11-29 07:39:42 16,896 ----a-w C:\Windows\System32\DriverStore\FileRepository\ccdcmb.inf_e2dc4c9b\ccdcmb.sys
+ 2007-11-29 07:32:38 48,128 ----a-w C:\Windows\System32\DriverStore\FileRepository\ccdcmb.inf_e2dc4c9b\nmwcdcls.dll
+ 2007-11-29 07:39:44 95,744 ----a-w C:\Windows\System32\DriverStore\FileRepository\ccdcmb.inf_e2dc4c9b\nmwcdcocls.dll
+ 2007-11-29 07:33:04 1,419,232 ----a-w C:\Windows\System32\DriverStore\FileRepository\ccdcmb.inf_e2dc4c9b\wdfcoinstaller01005.dll
+ 2007-11-29 07:39:52 8,064 ----a-w C:\Windows\System32\DriverStore\FileRepository\ccdcmbcj.inf_46729562\usbser_lowerfltj.sys
+ 2007-11-29 07:39:42 8,064 ----a-w C:\Windows\System32\DriverStore\FileRepository\ccdcmbm.inf_3be3d500\usbser_lowerflt.sys
+ 2007-11-29 07:39:40 19,328 ----a-w C:\Windows\System32\DriverStore\FileRepository\ccdcmbo.inf_e2175102\ccdcmbo.sys
- 2008-04-09 23:55:34 229,064 ----a-w C:\Windows\System32\FNTCACHE.DAT
+ 2008-04-24 20:35:47 229,064 ----a-w C:\Windows\System32\FNTCACHE.DAT
+ 2008-05-02 16:25:50 2,456 ----a-w C:\Windows\System32\networklist\icons\{99921B0A-1079-4B7D-A105-A1DC90FFB54D}_24.bin
+ 2008-05-02 16:25:51 4,280 ----a-w C:\Windows\System32\networklist\icons\{99921B0A-1079-4B7D-A105-A1DC90FFB54D}_32.bin
+ 2008-05-02 16:25:51 9,560 ----a-w C:\Windows\System32\networklist\icons\{99921B0A-1079-4B7D-A105-A1DC90FFB54D}_48.bin
- 2006-05-29 05:26:36 50,688 ----a-w C:\Windows\System32\nmwcdcls.dll
+ 2007-11-29 07:32:38 48,128 ----a-w C:\Windows\System32\nmwcdcls.dll
- 2006-05-29 05:26:36 30,720 ----a-w C:\Windows\System32\nmwcdcocls.dll
+ 2007-11-29 07:39:44 95,744 ----a-w C:\Windows\System32\nmwcdcocls.dll
- 2008-04-18 16:11:52 106,908 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-05 17:46:37 106,908 ----a-w C:\Windows\System32\perfc009.dat
- 2008-04-18 16:11:52 86,880 ----a-w C:\Windows\System32\perfc00B.dat
+ 2008-05-05 17:46:37 86,880 ----a-w C:\Windows\System32\perfc00B.dat
- 2008-04-18 16:11:52 616,832 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-05 17:46:37 616,832 ----a-w C:\Windows\System32\perfh009.dat
- 2008-04-18 16:11:52 466,232 ----a-w C:\Windows\System32\perfh00B.dat
+ 2008-05-05 17:46:37 466,232 ----a-w C:\Windows\System32\perfh00B.dat
+ 2007-11-29 07:33:04 1,419,232 ----a-w C:\Windows\System32\wdfcoinstaller01005.dll
- 2008-04-21 14:06:25 5,676 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1874232849-1002673451-3882956736-1000_UserData.bin
+ 2008-05-08 20:42:26 6,204 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1874232849-1002673451-3882956736-1000_UserData.bin
- 2008-04-21 14:06:24 53,846 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-08 20:42:26 55,768 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-04-17 19:32:54 4,488 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-05-01 12:17:46 4,488 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-04-21 12:04:18 32,682 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-08 13:12:37 33,972 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-04-18 16:47:04 231,952 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-05-09 04:12:28 249,508 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2008-04-10 15:38:36 54,546 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2008-05-04 19:40:38 70,094 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2008-03-20 01:36 1267040 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 01:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 01:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-27 14:52 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 13:48 157592]
"BitTorrent DNA"="C:\Users\Esprimo\Program Files\DNA\btdna.exe" [2008-05-03 15:22 288576]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 15:34 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-23 15:41 1006264]
"SiSTray"="C:\Program Files\SiS VGA Utilities\SiSTray.exe" [2007-08-14 14:29 552960]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 20:26 4702208 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-08-03 14:22 1826816 C:\Windows\SkyTel.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-10 20:48 869936]
"TouchPadHotKey"="C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe" [2007-08-13 14:47 364544]
"F-Secure Manager"="C:\Program Files\F-Secure Internet Security\Common\FSM32.exe" [2007-05-25 16:12 183208]
"F-Secure TNB"="C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2007-05-25 16:11 740208]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 01:12 2658304]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 21:49 36352]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 13:48 157592]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 18:37 69216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
GlobeTrotter Connect.lnk - C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe [2008-01-10 15:51:02 864256]
WirelessSelector.lnk - C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe [2008-03-27 12:15:43 650752]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E47752EA-08E8-487D-AEEE-0638619F6DB1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{782EA554-8F43-4F78-B7A5-EA728778457F}C:\\program files\\dc++\\dcplusplus.exe"= UDP:C:\program files\dc++\dcplusplus.exeC++
"UDP Query User{0D4414A8-3613-4E48-ACD2-162E3C6AE911}C:\\program files\\dc++\\dcplusplus.exe"= TCP:C:\program files\dc++\dcplusplus.exeC++
"TCP Query User{4A0D6948-357E-4ADC-870D-BB958396703E}C:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= UDP:C:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
"UDP Query User{F81CC65E-ED11-4041-B6AD-722EB797B10D}C:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= TCP:C:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
"TCP Query User{0E7FA418-801A-46B8-82E4-146ABF788B52}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"UDP Query User{F06A0747-DDB5-4514-B2B7-9B4E5DF6BC80}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"{80BCD932-7E57-4F0F-92D7-EB5C2BBCE644}"= UDP:C:\Program Files\DNA\btdna.exeNA
"{7A44EAA1-CE06-4397-A3FA-1C668A5EDD3E}"= TCP:C:\Program Files\DNA\btdna.exeNA
"{EF09376E-EF8E-4098-8F90-9FD4A8CC609A}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{583E44BD-BB7F-446B-8C8A-F8F24D2D3404}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{22F011F6-3678-4FCB-814E-60BE3E38B156}C:\\users\\esprimo\\saved games\\warcraft iii\\war3.exe"= UDP:C:\users\esprimo\saved games\warcraft iii\war3.exe:war3.exe
"UDP Query User{7649277D-9462-4A0D-AADB-553DD76BC330}C:\\users\\esprimo\\saved games\\warcraft iii\\war3.exe"= TCP:C:\users\esprimo\saved games\warcraft iii\war3.exe:war3.exe
"TCP Query User{3A075176-738C-49DD-99E6-7439C505BBA2}C:\\program files\\dna\\btdna.exe"= UDP:C:\program files\dna\btdna.exeNA
"UDP Query User{31A587C0-20FA-49F8-94C5-278BE5785949}C:\\program files\\dna\\btdna.exe"= TCP:C:\program files\dna\btdna.exeNA
"TCP Query User{1196444D-531F-4F5E-AA82-D15D2778CF5B}C:\\users\\esprimo\\saved games\\warcraft iii\\war3.exe"= UDP:C:\users\esprimo\saved games\warcraft iii\war3.exe:war3.exe
"UDP Query User{0E883F63-2FAD-43E2-A82D-A811AA46F925}C:\\users\\esprimo\\saved games\\warcraft iii\\war3.exe"= TCP:C:\users\esprimo\saved games\warcraft iii\war3.exe:war3.exe
"TCP Query User{66F7BCE5-6032-4017-9C97-3C4A85494026}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{F44B9AFA-8F31-4D7B-9B5E-203AFC7876CD}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"TCP Query User{C982AD98-FDD5-4ED7-AAC8-4786C24032F4}C:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= UDP:C:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
"UDP Query User{A1F7A860-F87D-4E3D-B053-679F47CE2CB6}C:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= TCP:C:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\F-Secure Internet Security\HIPS\fshs.sys [2008-03-27 15:00]
R1 FSES;F-Secure Email Scanning Driver;C:\Windows\system32\drivers\fses.sys [2007-05-25 16:09]
R1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys [2008-03-27 15:03]
R1 fsvista;F-Secure Vista Support Driver;C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsvista.sys [2007-05-25 16:08]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51]
R2 GtDetectSc;GtDetectSc;"C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe" [2007-12-18 11:48]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2008-03-26 06:48]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [2007-05-25 16:08]
R3 GT72NDISIPXP;GT 72 IP NDIS;C:\Windows\system32\DRIVERS\Gt51Ip.sys [2007-11-13 15:50]
R3 GT72UBUS;GT 72 U BUS;C:\Windows\system32\DRIVERS\gt72ubus.sys [2007-10-09 12:53]
R3 GTPTSER;GT PT SER;C:\Windows\system32\DRIVERS\gtptser.sys [2007-03-30 12:38]
R3 SiS6350;SiS6350;C:\Windows\system32\DRIVERS\SISGRKMD.sys [2007-08-14 14:30]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSGB6.sys [2007-07-04 11:04]
S3 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor;C:\Windows\TEMP\F-Secure\Anti-Virus\fsblsrv.exe []
S3 upperdev;upperdev;C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 10:39]
S3 UsbserFilt;UsbserFilt;C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 10:39]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2007-05-25 16:09]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2007-05-25 16:09]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f69b5ff-0af7-11dd-a72f-00f1d000f1d0}]
\shell\AutoRun\command - E:\autorun.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3bcc2e64-ff1c-11dc-b173-806e6f6e6963}]
\shell\AutoRun\command - E:\setup.exe AUTORUN=1

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-05-09 00:05:05 C:\Windows\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\F-SECU~1\ANTI-V~1\fsav.exeQ /HARD /POLICY /SCHED /NOBREAK /REPORT=C:\PROGRA~1\F-SECU~1\ANTI-V~1\report.txt
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-09 11:57:11
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-09 12:03:12
ComboFix-quarantined-files.txt 2008-05-09 09:02:59

Pre-Run: 42,926,571,520 tavua vapaana
Post-Run: 42,921,840,640 tavua vapaana

404 --- E O F --- 2008-05-06 19:44:21

 

Tarkista koneesi F-Securen online skannerilla

Huom, skanneri toimii vain Internet Explorer selaimella

* Lue sivun ohjeet huolella läpi
* Klikkaa Start scanning
* Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
* Klikkaa Accept
* Klikkaa Custom Scan
* Säädä asetukset seuraavasti

o "Virus Scan Option" kohdasta valitse Scan whole system
o "Other Scan Option" kohdasta valitse Scan All Files
o Valitse Scan whole system for rootkits
o Valitse Scan whole system for spyware
o Laita ruksi kohtaan Scan inside archives
o Varmista että Use advanced heuristics on valittuna

* Klikkaa Start
* Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
* Odota kärsivällisesti
* Kun sakannaus on suoritettu, klikkaa Automatic cleaning
* Klikkaa Show Report
* Raportti aukeaa selaimessa, kopioi teksti kokonaan
* Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
* Voit sulkea skannerin
* Lähetä raportti viestiketjuusi

Älä tee muuta sillä voi aiheuttaa koneen jumiutumisen

 

no yritin nyt sitä ols:ää,äskön oli kuudes kerta ja olen kyllä ollut kärsivällinen, mutta tulee aina id25 virheilmoitus. Yritin vaihtaa internet asetuksista activeX komponenttia koskevat kohdat mutta ei sekään vaikuttanut. Viimeisellä kerralla kone kaatui kesken skannauksen ja joka kerta on kyllä tullut ongelman kuvausta helpottamiseksi seuraavat tiedot:

Ongelman tunniste:
Ongelmatapahtuman nimi: BlueScreen
Käyttöjärjestelmän versio: 6.0.6000.2.0.0.768.2
Lokaalin tunnus: 1035

Lisätietoja ongelmasta:
BCCode: d1
BCP1: 00000000
BCP2: 00000002
BCP3: 00000000
BCP4: 88B910DC
OS Version: 6_0_6000
Service Pack: 0_0
Product: 768_1

Ongelman kuvausta helpottavat tiedostot:
C:\Windows\Minidump\Mini051108-01.dmp
C:\Users\Esprimo\AppData\Local\Temp\WER-361828-0.sysdata.xml
C:\Users\Esprimo\AppData\Local\Temp\WERA8BC.tmp.version.txt

Lue tietosuojatiedot:
http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x040b




mitä voin enää tehdä?

 

Lataa: RegSeeker.zip työpöydälle:

Pura zip C:\RegSeeker\ kansioon. Sieltä käynnistät RegSeeker.exe ohjelman.
Oikeasa yläkulmassa on Languages.... linkki, josta valitset Suomenkielen.
Vasemmasta alakulmasta ruksit Luo vrmuuskopio ja sitten linkki Puhdista rekisteri
Ruksit kaikkiin muihin kohtiin paitsi "Käyttökelvottomat.." sitten "OK" (odotat hetken).
Ruutuun ilmestyy lista epäkelvoista rekisterimerkinnöistä, jotka alapalkista Valitse kohdasta
klikkaat Valitse kaikki jolloin valitut saavat keltaisen pohjavärin.
Alapalkin Toiminnot linkistä klikkaat Poista valitut kohteet
Ponnahdusikkunaan "Kaikki valitut kohteet poistetaan ? vastaat "OK".
Seuraavaan Ponnahdusikkunaan "Varmuuskopiot" vastaat "OK".
Klikaa vasemmalta Lopeta RegSeeker ja käynnistä koneesi uudelleen.

==============

Korjaus asennusta kannatais kokeilla.
kun kerrran käyttöjärjestelmä siellä tiltailee.