Kone tahmaa jälleen kerran

Joo eli mulla on sellanen ongelma taas kerran, että kun avaan mozillan tai jonkun ohjelman/kansion niin siinä kestää aika kauan että se aukeaa ja se aukeaa silleen lagivasti vähän niinkun. Tässä tämä HJT-loki jos joku asiantunteva henkilö voisi katsoa ja koittaa neuvoa koneen putsauksessa/eheytyksessä.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:43:11, on 1.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [HistoryKill] "C:\Program Files\HistoryKill 2007\histkill.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1208413359640
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4136 bytes

 

Lataa Deckard's System Scanner
Työpöydällesi.

Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman.

[*]Sulje kaikki avoimet ikkunat ja ohjelmat.
[*]Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita.
[*]Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt
[*]Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V )
[*]kopioi ja liitä main.txt ja extra.txt sisältö seuraavaan vastaukseesi.

 

Deckard's System Scanner v20071014.68
Run by Kepi on 2008-05-01 10:12:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2008-05-01 07:12:12 UTC - RP4 - Deckard's System Scanner Restore Point
3: 2008-04-27 16:14:39 UTC - RP3 - ComboFix created restore point
2: 2008-04-27 16:10:06 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-04-27 16:09:04 UTC - RP1 - Järjestelmän tarkistuspiste


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as TINO.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12:27, on 1.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\TINO\Työpöytä\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\TINO.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [HistoryKill] "C:\Program Files\HistoryKill 2007\histkill.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1208413359640
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4158 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080418-142258-985 O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
backup-20080418-142312-625 O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
backup-20080418-142332-769 O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
backup-20080427-194353-194 O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\Icons\FauxS-XP%20(Universal)%20V2[1]\FauxS-XP (Universal) V2 - 67.ico
.cmd - cmdfile - DefaultIcon - C:\WINDOWS\Icons\FauxS-XP%20(Universal)%20V2[1]\FauxS-XP (Universal) V2 - 68.ico
.chm - chm.file - DefaultIcon - unable to read value
.hlp - hlpfile - DefaultIcon - unable to read value
.inf - inffile - DefaultIcon - unable to read value
.ini - inifile - DefaultIcon - C:\WINDOWS\Icons\FauxS-XP%20(Universal)%20V2[1]\FauxS-XP (Universal) V2 - 64.ico
.txt - txtfile - DefaultIcon - C:\WINDOWS\Icons\FauxS-XP%20(Universal)%20V2[1]\FauxS-XP (Universal) V2 - 60.ico


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S2 NVXBAR (nVidia WDM A/V Crossbar) - c:\windows\system32\drivers\nvxbar.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-25 17:15:00 374 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job


-- Files created between 2008-04-01 and 2008-05-01 -----------------------------

2008-05-01 10:07:20 0 dr-h----- C:\Documents and Settings\Kepi\Recent
2008-04-24 14:45:27 0 d-------- C:\Documents and Settings\Kepi\Application Data\Malwarebytes
2008-04-24 14:45:14 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-24 14:45:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-24 14:36:11 0 d-------- C:\WINDOWS\ERUNT
2008-04-20 19:34:40 0 d-------- C:\Documents and Settings\Kepi\Application Data\teamspeak2
2008-04-20 10:55:29 0 d-------- C:\WINDOWS\pss
2008-04-19 09:53:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-04-19 09:53:24 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-18 14:02:10 0 d-------- C:\Documents and Settings\Kepi\Application Data\AVG7
2008-04-18 14:02:05 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-18 14:01:52 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-04-18 11:14:26 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-04-18 11:02:40 0 d-------- C:\Documents and Settings\Kepi\Application Data\Grisoft
2008-04-18 10:57:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-18 10:57:05 0 d-------- C:\Program Files\QuickTime Alternative
2008-04-17 23:26:17 0 d-------- C:\Documents and Settings\Kepi\Application Data\Ubisoft
2008-04-17 23:26:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-04-17 23:23:14 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-04-17 18:08:31 0 d-------- C:\Program Files\Defraggler
2008-04-17 17:35:29 0 d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-04-17 17:35:11 0 d-------- C:\Documents and Settings\Kepi\Application Data\GRETECH
2008-04-17 17:35:01 0 d-------- C:\Program Files\GRETECH
2008-04-17 15:46:11 0 d--h----- C:\WINDOWS\Icons
2008-04-17 15:43:37 0 d-------- C:\Documents and Settings\Kepi\Application Data\TuneUp Software
2008-04-17 15:25:19 0 d-------- C:\Program Files\Common Files\Stardock
2008-04-17 14:25:03 68096 --a------ C:\WINDOWS\zip.exe
2008-04-17 14:25:03 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-17 14:25:03 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-17 14:25:03 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-17 14:25:03 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-17 14:25:03 98816 --a------ C:\WINDOWS\sed.exe
2008-04-17 14:25:03 80412 --a------ C:\WINDOWS\grep.exe
2008-04-17 14:25:03 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-17 12:45:15 0 d-------- C:\Program Files\uTorrent
2008-04-17 12:45:12 0 d-------- C:\Documents and Settings\Kepi\Application Data\uTorrent
2008-04-17 12:34:29 0 d-------- C:\Program Files\Trend Micro
2008-04-17 10:55:32 0 d-------- C:\Program Files\DC++
2008-04-17 09:17:58 1076 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-17 09:15:17 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-17 09:15:17 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-17 09:15:17 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-17 09:15:16 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-04-17 09:15:16 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-17 09:15:16 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-17 09:15:07 0 d-------- C:\Documents and Settings\Kepi\SmitfraudFix
2008-04-17 09:03:52 0 d-------- C:\Program Files\MSXML 4.0
2008-04-16 23:44:06 0 d-------- C:\Program Files\GameSpy Arcade
2008-04-16 23:39:51 0 d-------- C:\Program Files\Microsoft Games
2008-04-16 21:19:48 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-04-16 21:14:08 0 d-------- C:\Program Files\World of Warcraft
2008-04-16 20:12:23 0 d-------- C:\WINDOWS
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\WinSxS
2008-04-16 20:12:23 0 dr------- C:\WINDOWS\Web
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\twain_32
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\system32
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\system32\wins
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\system32\wbem
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\system32\usmt
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\system32\spool
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\system32\ShellExt
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\system32\Setup
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\system32\ras
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\system32\oobe
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\system32\npp
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\system32\mui
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\system32\inetsrv
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\system32\IME
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\system32\icsxml
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\system32\ias
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\system32\export
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\system32\drivers
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-04-16 20:12:23 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\system32\dhcp
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\system32\config
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\system32\3076
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\system32\2052
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\system32\1054
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\system32\1042
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\system32\1041
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\system32\1037
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\system32\1035
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\system32\1033
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\system32\1031
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\system32\1028
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\system32\1025
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\system
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\security
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\Resources
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\repair
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\mui
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\msapps
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\msagent
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\Media
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\java
2008-04-16 20:12:23 0 d--h----- C:\WINDOWS\inf
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\ime
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\Help
2008-04-16 20:12:23 0 dr--s---- C:\WINDOWS\Fonts
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\Driver Cache
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\Debug
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\Cursors
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\Connection Wizard
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\Config
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\AppPatch
2008-04-16 20:12:23 0 d-------- C:\WINDOWS\addins
2008-04-16 20:02:11 0 d-------- C:\Program Files\CCleaner
2008-04-16 19:53:50 0 d-------- C:\Documents and Settings\Kepi\Application Data\WinRAR
2008-04-16 19:47:47 0 d-------- C:\Documents and Settings\Kepi\DoctorWeb
2008-04-16 19:37:02 0 d-------- C:\Documents and Settings\Kepi\Contacts
2008-04-16 19:32:52 0 d-------- C:\WINDOWS\HistoryKill
2008-04-16 19:32:52 0 d-------- C:\Program Files\HistoryKill 2007
2008-04-16 19:18:59 0 d-------- C:\Program Files\Java
2008-04-16 19:18:58 0 d-------- C:\Program Files\Common Files\Java
2008-04-16 19:17:20 0 d-------- C:\Documents and Settings\Kepi\Application Data\Sun
2008-04-16 19:16:25 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-16 19:15:09 0 d-------- C:\WINDOWS\system32\LogFiles
2008-04-16 19:15:09 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-16 19:09:29 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-04-16 19:08:44 0 d-------- C:\Documents and Settings\Kepi\Application Data\Adobe
2008-04-16 19:07:30 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-16 19:07:25 0 d-------- C:\Documents and Settings\Kepi\Application Data\Mozilla
2008-04-16 19:05:46 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-16 19:05:40 0 d-------- C:\Program Files\Windows Live
2008-04-16 19:05:31 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-16 18:46:01 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-04-16 18:46:00 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-04-16 18:46:00 6550 --a------ C:\WINDOWS\jautoexp.dat
2008-04-16 18:45:55 113 --a------ C:\WINDOWS\system32\zonedon.reg
2008-04-16 18:45:54 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2008-04-16 18:29:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-04-16 18:24:59 0 d-------- C:\WINDOWS\system32\PreInstall
2008-04-16 18:19:44 0 d-------- C:\Documents and Settings\Kepi\Application Data\Comodo
2008-04-16 18:19:43 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-04-16 18:19:42 0 d-------- C:\Program Files\COMODO
2008-04-16 18:17:33 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-16 18:17:30 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-04-16 18:17:29 0 dr------- C:\Program Files
2008-04-16 18:17:29 0 d-------- C:\Program Files\Common Files
2008-04-16 18:17:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-16 18:17:14 0 d--h----- C:\Documents and Settings\Default User\Verkkoympäristö
2008-04-16 18:17:14 0 d-------- C:\Documents and Settings\Default User\Työpöytä
2008-04-16 18:17:14 0 d--h----- C:\Documents and Settings\Default User\Tulostinympäristö
2008-04-16 18:17:14 0 d-------- C:\Documents and Settings\Default User\Suosikit
2008-04-16 18:17:14 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-04-16 18:17:14 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-04-16 18:17:14 0 d--h----- C:\Documents and Settings\Default User\Mallit
2008-04-16 18:17:14 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-04-16 18:17:14 0 dr------- C:\Documents and Settings\Default User\Käynnistä-valikko
2008-04-16 18:17:14 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-04-16 18:17:14 0 d-------- C:\Documents and Settings\All Users\Työpöytä
2008-04-16 18:17:14 0 dr------- C:\Documents and Settings\All Users\Tiedostot
2008-04-16 18:17:14 0 d-------- C:\Documents and Settings\All Users\Suosikit
2008-04-16 18:17:14 0 d--h----- C:\Documents and Settings\All Users\Mallit
2008-04-16 18:17:14 0 dr------- C:\Documents and Settings\All Users\Käynnistä-valikko
2008-04-16 18:17:04 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-04-16 18:17:04 0 d-------- C:\WINDOWS\system32\CatRoot
2008-04-16 18:16:58 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-04-16 18:16:58 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-04-16 18:16:58 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-04-16 18:16:58 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-04-16 18:16:44 0 d-------- C:\Documents and Settings
2008-04-16 18:09:01 0 d--h----- C:\WINDOWS\$hf_mig$
2008-04-16 18:04:20 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-16 18:02:20 0 d-------- C:\WINDOWS\nview
2008-04-16 18:01:58 0 d-------- C:\NVIDIA
2008-04-16 17:56:21 0 d-------- C:\Documents and Settings\Kepi\Application Data\Macromedia
2008-04-16 17:53:49 45056 --a------ C:\WINDOWS\system32\vusetup.dll
2008-04-16 17:53:43 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-04-16 17:51:17 49152 -r------- C:\WINDOWS\system32\ChCfg.exe
2008-04-16 17:50:49 0 d-------- C:\Program Files\Realtek Sound Manager
2008-04-16 17:50:47 0 d-------- C:\Program Files\AvRack
2008-04-16 17:50:38 0 d-------- C:\Program Files\Realtek AC97
2008-04-16 17:50:26 315392 -r------- C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool>
2008-04-16 17:49:24 0 d-------- C:\WINDOWS\OPTIONS
2008-04-16 17:47:28 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-16 17:46:04 0 d-------- C:\Program Files\VIA
2008-04-16 17:45:59 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-16 17:41:40 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-04-16 17:41:15 0 d---s---- C:\Documents and Settings\Kepi\UserData
2008-04-16 17:39:01 0 d-------- C:\Documents and Settings\LocalService\Käynnistä-valikko
2008-04-16 17:38:40 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-04-16 17:38:36 0 d-------- C:\WINDOWS\Prefetch
2008-04-16 17:37:21 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-04-16 17:34:40 0 d-------- C:\WINDOWS\provisioning
2008-04-16 17:34:40 0 d-------- C:\WINDOWS\peernet
2008-04-16 17:33:31 0 d-------- C:\WINDOWS\ServicePackFiles
2008-04-16 17:31:47 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-04-16 17:30:32 0 d-------- C:\WINDOWS\EHome
2008-04-16 17:27:29 0 d--hs---- C:\WINDOWS\Installer
2008-04-16 17:27:27 0 d-------- C:\Documents and Settings\Kepi\Application Data\Identities
2008-04-16 17:27:19 0 dr------- C:\Documents and Settings\Kepi\Omat tiedostot
2008-04-16 17:27:18 0 d--h----- C:\Documents and Settings\Kepi\Verkkoympäristö
2008-04-16 17:27:18 0 d-------- C:\Documents and Settings\Kepi\Työpöytä
2008-04-16 17:27:18 0 d--h----- C:\Documents and Settings\Kepi\Tulostinympäristö
2008-04-16 17:27:18 0 dr------- C:\Documents and Settings\Kepi\Suosikit
2008-04-16 17:27:18 0 dr-h----- C:\Documents and Settings\Kepi\SendTo
2008-04-16 17:27:18 1835008 --ah----- C:\Documents and Settings\Kepi\NTUSER.DAT
2008-04-16 17:27:18 0 d--h----- C:\Documents and Settings\Kepi\Mallit
2008-04-16 17:27:18 0 d--h----- C:\Documents and Settings\Kepi\Local Settings
2008-04-16 17:27:18 0 dr------- C:\Documents and Settings\Kepi\Käynnistä-valikko
2008-04-16 17:27:18 0 d---s---- C:\Documents and Settings\Kepi\Cookies
2008-04-16 17:27:18 0 dr-h----- C:\Documents and Settings\Kepi\Application Data
2008-04-16 17:26:54 0 d--hs---- C:\System Volume Information
2008-04-16 17:26:53 229376 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-04-16 17:26:53 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-04-16 17:26:53 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-04-16 17:26:53 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-04-16 17:26:53 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-04-16 17:26:53 229376 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-04-16 17:26:53 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-04-16 17:26:53 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-04-16 17:26:53 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-04-16 17:26:53 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-04-16 17:24:19 0 d-------- C:\WINDOWS\system32\xircom
2008-04-16 17:24:19 0 d-------- C:\Program Files\microsoft frontpage
2008-04-16 17:24:17 0 -rahs---- C:\MSDOS.SYS
2008-04-16 17:24:17 0 -rahs---- C:\IO.SYS
2008-04-16 17:24:17 229376 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-04-16 17:24:17 0 --a------ C:\CONFIG.SYS
2008-04-16 17:24:17 0 --a------ C:\AUTOEXEC.BAT
2008-04-16 17:23:40 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-04-16 17:23:32 0 dr------- C:\WINDOWS\Offline Web Pages
2008-04-16 17:23:32 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-04-16 17:23:12 0 d-------- C:\WINDOWS\system32\DirectX
2008-04-16 17:22:36 0 d---s---- C:\WINDOWS\Tasks
2008-04-16 17:22:33 0 d-------- C:\Program Files\Common Files\MSSoap
2008-04-16 17:22:30 0 d-------- C:\WINDOWS\system32\Macromed
2008-04-16 17:22:30 0 d-------- C:\WINDOWS\srchasst
2008-04-16 17:22:28 0 d-------- C:\Program Files\Movie Maker
2008-04-16 17:22:25 0 d-------- C:\WINDOWS\system32\Restore
2008-04-16 17:22:25 0 d-------- C:\WINDOWS\PCHealth
2008-04-16 17:22:10 21672 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-16 17:22:07 0 d-------- C:\WINDOWS\Registration
2008-04-16 17:21:49 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-16 17:21:49 0 d-------- C:\Program Files\Online Services
2008-04-16 17:21:47 0 d-------- C:\Program Files\Messenger
2008-04-16 17:21:43 0 d-------- C:\Program Files\MSN Gaming Zone
2008-04-16 17:21:15 0 d-------- C:\Program Files\Windows NT
2008-04-16 17:21:12 0 d-------- C:\WINDOWS\system32\MsDtc
2008-04-16 17:21:12 0 d-------- C:\WINDOWS\system32\Com


-- Find3M Report ---------------------------------------------------------------

2008-04-16 21:01:53 283024 --a------ C:\WINDOWS\system32\perfh00B.dat
2008-04-16 21:01:53 48448 --a------ C:\WINDOWS\system32\perfc00B.dat
2008-04-16 18:17:14 62 --ahs---- C:\Documents and Settings\Kepi\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11.06.2007 12:25]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [18.04.2008 14:01]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [19.04.2008 17:15]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05.12.2007 01:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HistoryKill"="C:\Program Files\HistoryKill 2007\histkill.exe" [29.03.2007 06:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp




-- End of Deckard's System Scanner: finished at 2008-05-01 10:14:05 ------------

 

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: Other (040B) - see http://preview.tinyurl.com/mhhp6

CPU 0: Intel(R) Celeron(R) D CPU 3.33GHz
Percentage of Memory in Use: 34%
Physical Memory (total/avail): 1022.42 MiB / 674.58 MiB
Pagefile Memory (total/avail): 2459.65 MiB / 2149.51 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1921.07 MiB

C: is Fixed (NTFS) - 189.91 GiB total, 174.66 GiB free.
D: is CDROM (No Media)
E: is Fixed (NTFS) - 149.05 GiB total, 138.93 GiB free.

\\.\PHYSICALDRIVE1 - Maxtor 6L200P0 - 189.92 GiB - 1 partition
\PARTITION0 (bootable) - Asennettava tiedostojärjestelmä - 189.91 GiB - C:

\\.\PHYSICALDRIVE0 - WDC WD1600BB-00RDA0 - 149.05 GiB - 1 partition
\PARTITION0 - Asennettava tiedostojärjestelmä - 149.05 GiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: COMODO Firewall Pro v3.0 (COMODO)
AV: AVG 7.5.524 v7.5.524 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Kepi\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOMEDDI-8F6BBWG
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Kepi
LOGONSERVER=\\HOMEDDI-8F6BBWG
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0604
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\TINO\LOCALS~1\Temp
TMP=C:\DOCUME~1\TINO\LOCALS~1\Temp
USERDOMAIN=HOMEDDI-8F6BBWG
USERNAME=TINO
USERPROFILE=C:\Documents and Settings\Kepi
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

TINO (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 - Suomi --> MsiExec.exe /I{AC76BA86-7AD7-1035-7B44-A81200000003}
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
COMODO Firewall Pro --> C:\Program Files\COMODO\Firewall\cfpconfg.exe -u
DC++ 0.699 --> "C:\Program Files\DC++\uninstall.exe"
Defraggler (remove only) --> "C:\Program Files\Defraggler\uninst.exe"
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
GOM Player --> "C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HistoryKill 2007 --> "C:\WINDOWS\HistoryKill\uninstall.exe" "/U:C:\Program Files\HistoryKill 2007\irunin.xml"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Java(TM) 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Halo --> "C:\Program Files\Microsoft Games\Halo\UNINSTAL.EXE" /runtemp /addremove
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Päivitys Windows XP:lle (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
QuickTime Alternative 2.5.0 --> "C:\Program Files\QuickTime Alternative\unins000.exe"
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0xb -removeonly
REALTEK Gigabit and Fast Ethernet NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0xb REMOVE
Suojauspäivitys ohjelmistolle Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923789) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Suojauspäivitys Windows XP:lle (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB944338) --> "C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB947864) --> "C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
VIA Ohjelmistoalustan laitehallinta --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
Windows Live installer --> MsiExec.exe /X{5C29C5F5-A9C9-4E89-A606-13E165E7C55F}
Windows Live Messenger --> MsiExec.exe /X{A9174A72-1B46-445B-B3CF-90ED2C63D83B}
Windows Liven kirjautumisavustaja --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type467 / Success
Event Submitted/Written: 05/01/2008 10:09:18 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type456 / Success
Event Submitted/Written: 04/30/2008 01:34:52 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type441 / Success
Event Submitted/Written: 04/29/2008 08:52:40 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type434 / Success
Event Submitted/Written: 04/29/2008 02:29:41 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type426 / Success
Event Submitted/Written: 04/29/2008 11:45:47 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2204 / Error
Event Submitted/Written: 05/01/2008 10:07:35 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Palvelua nVidia WDM A/V Crossbar ei voi käynnistää. Virhekoodi on
%%2

Event Record #/Type2187 / Error
Event Submitted/Written: 04/30/2008 01:34:19 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Palvelua nVidia WDM A/V Crossbar ei voi käynnistää. Virhekoodi on
%%2

Event Record #/Type2167 / Error
Event Submitted/Written: 04/29/2008 07:57:55 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Palvelua nVidia WDM A/V Crossbar ei voi käynnistää. Virhekoodi on
%%2

Event Record #/Type2147 / Error
Event Submitted/Written: 04/29/2008 02:27:48 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Palvelua nVidia WDM A/V Crossbar ei voi käynnistää. Virhekoodi on
%%2

Event Record #/Type2129 / Error
Event Submitted/Written: 04/29/2008 11:44:40 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Palvelua nVidia WDM A/V Crossbar ei voi käynnistää. Virhekoodi on
%%2



-- End of Deckard's System Scanner: finished at 2008-05-01 10:14:05 ------------

 

Poista lisää poista sovelutuksesta

AVG Anti-Spyware 7.5

=================

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.

==============

Lataa NoLop työpöydällesi yhdestä seuraavista linkeistä...
Linkki1
Linkki2
Linkki3

1.Sulje kaikki ohjelmat, koska tämä vaihe vaatii uudelleenkäynnistyksen
2.Tuplaklikkaa NoLop.exe ajaaksesi sen
3.Klikkaa nappulaa "Search and Destroy"
<<Tietokoneesi skannataan saastuneiden tiedostojen osalta>>
4, Kun skannaus on valmis, sinua pyydetään käynnistämään kone uudestaan, jos infektio löytyy. Klikkaa OK
5. Klikkaa "REBOOT"-painiketta.
6. NoLopin pitäisi antaa viesti. Jos ei, tuplaklikkaa ohjelmaa ja se valmistuu. Lähetä C:\NoLop.log-tiedoston sisältö uuden HijackThis-lokin kera.
-- Jos saat seuraavan virheen, "mscomctl.ocx or one of its dependencies are not correctly registered," lataa mscomctl.ocx ja tallenna se system32-hakemistoosi (yleensä c:\Windows\system32). Tämän jälkeen aja ohjelma uudestaan.

 

Malwarebytes' Anti-Malware 1.11
Tietokantaversio: 704

Tarkistustyyppi: Täysi tarkistus (C:\|E:\|)
Tarkistetut kohteet: 51076
Kulunut aika: 26 minute(s), 40 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)

 

sitten tuo NoLop

 

NoLop ei löytänyt mitään infektioita. Ja tässä tämä HJT-loki:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:10:57, on 1.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [HistoryKill] "C:\Program Files\HistoryKill 2007\histkill.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1208413359640
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 3859 bytes

 

Pistetääs tuo pois käynnistyvistä

Käynnistä > suorita kirjoita msconfig > ok
Käynnistys välilehti

Ota alla olevien edestä ruksi pois

histkill

käytä ja ok
Käynnistä kone uudelleen ja laita pikkuseen neliöön ruksi ja paina sitten vasta ok

 

Mutta tuo HistoryKill on ihan hyvä ohjelma koneen käynnistyksessä, siis mulla ei käynnistys oo niin hidas mutta kaikki muu mitä koneella tekee..

 

sitten on keskusmuistin lisäys 2gigaan

============

Lataa OTMoveIt
OTMoveIt ja tallenna se työpöydällesi.

Tuplaklikkaa OTMoveIt.exe.
Klikkaa CleanUp!.
Valitse Yes kun kysytään "Begin cleanup Process?".
Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.

HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.

 

Vedin tuon ohjelman läpi, enkä huomaa minkäänlaista eroa vieläkään Oisko viellä jotai?

 

Eli siis tämä kone on vieläkin yhtä hidas kuin ennen, onkos vielä jotain juttuja jotka voisi auttaa edes pikkasen?

 

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

============
Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan:

sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä

Jossakin koneissa hakataan F8:sin sijasta F5:tä

" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.

 

ComboFix 08-05-01.1 - TINO 2008-05-02 9:41:12.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.693 [GMT 3:00]
Running from: C:\Documents and Settings\Kepi\Työpöytä\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-04-02 to 2008-05-02 )))))))))))))))))
.

2008-05-01 15:04 . 2008-05-01 15:04 1,066,176 --a------ C:\WINDOWS\system32\mscomctl.ocx
2008-05-01 14:07 . 2008-05-01 14:07 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-24 14:45 . 2008-04-24 14:45 <KANSIO> d-------- C:\Documents and Settings\Kepi\Application Data\Malwarebytes
2008-04-24 14:45 . 2008-04-24 14:45 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-24 14:36 . 2008-04-24 14:36 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-04-20 19:34 . 2008-04-20 19:34 <KANSIO> d-------- C:\Documents and Settings\Kepi\Application Data\teamspeak2
2008-04-20 19:34 . 2008-04-20 19:34 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2008-04-20 10:45 . 2004-09-14 16:12 16,384 --a------ C:\WINDOWS\system32\ipsink.ax
2008-04-20 10:45 . 2004-09-14 16:12 16,384 --a--c--- C:\WINDOWS\system32\dllcache\ipsink.ax
2008-04-20 10:45 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2008-04-20 10:45 . 2004-08-03 23:10 15,360 --a--c--- C:\WINDOWS\system32\dllcache\streamip.sys
2008-04-20 10:45 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008-04-20 10:45 . 2004-08-03 23:10 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys
2008-04-20 10:45 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-04-20 10:45 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2008-04-20 00:44 . 2008-04-20 00:45 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-04-19 17:15 . 2008-04-19 17:15 139,008 --a------ C:\WINDOWS\system32\guard32.dll
2008-04-19 17:15 . 2008-04-19 17:15 87,312 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-04-19 17:15 . 2008-04-19 17:15 23,824 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-04-19 09:53 . 2008-04-19 09:53 <KANSIO> d-------- C:\Program Files\Common Files\Adobe
2008-04-18 14:02 . 2008-05-01 14:27 <KANSIO> d-------- C:\Documents and Settings\Kepi\Application Data\AVG7
2008-04-18 14:02 . 2008-04-18 14:02 <KANSIO> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-18 14:01 . 2008-04-18 14:02 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-04-18 11:14 . 2008-04-18 13:58 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-04-18 10:57 . 2008-04-18 10:57 <KANSIO> d-------- C:\Program Files\QuickTime Alternative
2008-04-18 10:57 . 2008-04-18 10:57 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-18 10:57 . 2008-03-28 21:07 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-04-18 10:57 . 2008-03-28 21:07 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-04-18 10:57 . 2008-04-18 10:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-18 10:57 . 2008-04-18 10:57 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-17 23:26 . 2008-04-17 23:26 <KANSIO> d-------- C:\Documents and Settings\Kepi\Application Data\Ubisoft
2008-04-17 23:26 . 2008-04-17 23:26 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-04-17 23:23 . 2008-04-17 23:25 <KANSIO> d--h----- C:\WINDOWS\msdownld.tmp
2008-04-17 18:08 . 2008-04-17 18:08 <KANSIO> d-------- C:\Program Files\Defraggler
2008-04-17 17:35 . 2008-04-17 17:35 <KANSIO> d-------- C:\Program Files\GRETECH
2008-04-17 17:35 . 2008-04-17 17:35 <KANSIO> d-------- C:\Documents and Settings\Kepi\Application Data\GRETECH
2008-04-17 17:35 . 2008-04-17 17:35 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-04-17 15:46 . 2008-04-17 15:46 <KANSIO> d--h----- C:\WINDOWS\Icons
2008-04-17 15:43 . 2008-04-17 15:43 <KANSIO> d-------- C:\Documents and Settings\Kepi\Application Data\TuneUp Software
2008-04-17 15:43 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-04-17 15:25 . 2008-04-17 15:25 <KANSIO> d-------- C:\Program Files\Common Files\Stardock
2008-04-17 14:58 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-17 14:58 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-17 12:45 . 2008-04-17 12:45 <KANSIO> d-------- C:\Program Files\uTorrent
2008-04-17 12:45 . 2008-04-28 15:44 <KANSIO> d-------- C:\Documents and Settings\Kepi\Application Data\uTorrent
2008-04-17 12:34 . 2008-04-17 12:34 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-04-17 10:55 . 2008-04-17 12:21 <KANSIO> d-------- C:\Program Files\DC++
2008-04-17 09:28 . 2004-09-14 16:12 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-04-17 09:15 . 2008-04-27 18:55 <KANSIO> d-------- C:\Documents and Settings\Kepi\SmitfraudFix
2008-04-17 09:15 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-17 09:15 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-17 09:15 . 2008-04-14 19:28 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-17 09:15 . 2008-04-12 13:49 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-17 09:15 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-17 09:03 . 2008-04-17 09:03 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2008-04-16 23:44 . 2008-04-18 13:39 <KANSIO> d-------- C:\Program Files\GameSpy Arcade
2008-04-16 23:39 . 2008-04-16 23:39 <KANSIO> d-------- C:\Program Files\Microsoft Games
2008-04-16 21:19 . 2008-04-16 21:19 <KANSIO> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-04-16 21:14 . 2008-04-19 11:27 <KANSIO> d-------- C:\Program Files\World of Warcraft
2008-04-16 19:47 . 2008-04-27 18:55 <KANSIO> d-------- C:\Documents and Settings\Kepi\DoctorWeb
2008-04-16 19:37 . 2008-04-16 20:57 <KANSIO> d-------- C:\Documents and Settings\Kepi\Contacts
2008-04-16 19:33 . 2008-04-16 20:57 10 --a------ C:\WINDOWS\WININIT.INI
2008-04-16 19:32 . 2008-04-16 19:32 <KANSIO> d-------- C:\WINDOWS\HistoryKill
2008-04-16 19:32 . 2008-04-16 19:32 <KANSIO> d-------- C:\Program Files\HistoryKill 2007
2008-04-16 19:32 . 2008-04-16 19:36 204 --a------ C:\WINDOWS\RtlRack.ini
2008-04-16 19:26 . 2008-04-16 19:26 268 --ah----- C:\sqmdata02.sqm
2008-04-16 19:26 . 2008-04-16 19:26 244 --ah----- C:\sqmnoopt02.sqm
2008-04-16 19:22 . 2008-04-16 19:22 268 --ah----- C:\sqmdata01.sqm
2008-04-16 19:22 . 2008-04-16 19:22 244 --ah----- C:\sqmnoopt01.sqm
2008-04-16 19:20 . 2008-04-16 19:20 268 --ah----- C:\sqmdata00.sqm
2008-04-16 19:20 . 2008-04-16 19:20 244 --ah----- C:\sqmnoopt00.sqm
2008-04-16 19:19 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-16 19:18 . 2008-04-16 19:19 <KANSIO> d-------- C:\Program Files\Java
2008-04-16 19:18 . 2008-04-16 19:18 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-04-16 19:16 . 2008-04-16 19:16 <KANSIO> d-------- C:\Program Files\Windows Media Connect 2
2008-04-16 19:16 . 2006-10-04 17:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-04-16 19:16 . 2006-10-04 17:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-04-16 19:16 . 2006-10-04 17:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-04-16 19:15 . 2008-04-16 19:15 <KANSIO> d-------- C:\WINDOWS\system32\LogFiles
2008-04-16 19:15 . 2008-04-16 19:15 <KANSIO> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-16 19:09 . 2008-04-16 19:09 <KANSIO> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-04-16 19:07 . 2008-04-16 19:07 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-16 19:05 . 2008-04-16 19:09 <KANSIO> d-------- C:\Program Files\Windows Live
2008-04-16 19:05 . 2008-04-16 19:08 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-16 19:05 . 2008-04-16 19:05 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-16 18:45 . 2003-02-28 16:38 113 --a------ C:\WINDOWS\system32\zonedon.reg
2008-04-16 18:45 . 2003-02-28 16:38 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2008-04-16 18:19 . 2008-04-19 17:15 <KANSIO> d-------- C:\Program Files\COMODO
2008-04-16 18:19 . 2008-04-16 18:19 <KANSIO> d-------- C:\Documents and Settings\Kepi\Application Data\Comodo
2008-04-16 18:19 . 2008-04-19 17:18 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-04-16 18:19 . 2001-08-17 22:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-04-16 18:18 . 2008-03-20 11:09 1,845,504 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-04-16 18:18 . 2007-03-08 18:38 578,048 -----c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-04-16 18:18 . 2008-02-20 09:51 282,624 -----c--- C:\WINDOWS\system32\dllcache\gdi32.dll
2008-04-16 18:18 . 2004-09-14 16:12 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2008-04-16 18:18 . 2004-09-14 16:06 57,216 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-04-16 18:18 . 2007-03-08 18:37 40,960 -----c--- C:\WINDOWS\system32\dllcache\mf3216.dll
2008-04-16 18:18 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\rtl8139.sys
2008-04-16 18:17 . 2008-04-16 18:17 <KANSIO> d--h----- C:\Documents and Settings\Default User\Verkkoympäristö
2008-04-16 18:17 . 2008-04-16 18:17 <KANSIO> d-------- C:\Documents and Settings\Default User\Työpöytä
2008-04-16 18:17 . 2008-04-16 18:17 <KANSIO> d--h----- C:\Documents and Settings\Default User\Tulostinympäristö
2008-04-16 18:17 . 2008-04-16 18:17 <KANSIO> d-------- C:\Documents and Settings\Default User\Suosikit
2008-04-16 18:17 . 2008-04-16 17:21 <KANSIO> d--h----- C:\Documents and Settings\Default User\Mallit
2008-04-16 18:17 . 2008-04-16 18:17 <KANSIO> dr------- C:\Documents and Settings\Default User\Käynnistä-valikko
2008-04-16 18:17 . 2008-05-01 15:11 <KANSIO> d-------- C:\Documents and Settings\All Users\Työpöytä
2008-04-16 18:17 . 2008-04-16 19:17 <KANSIO> dr------- C:\Documents and Settings\All Users\Tiedostot
2008-04-16 18:17 . 2008-04-16 18:17 <KANSIO> d-------- C:\Documents and Settings\All Users\Suosikit
2008-04-16 18:17 . 2008-04-16 18:17 <KANSIO> d--h----- C:\Documents and Settings\All Users\Mallit
2008-04-16 18:17 . 2008-04-16 17:44 <KANSIO> dr------- C:\Documents and Settings\All Users\Käynnistä-valikko
2008-04-16 18:17 . 2008-04-18 14:01 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-16 18:16 . 2008-04-16 17:24 <KANSIO> d--h----- C:\Documents and Settings\Default User
2008-04-16 18:16 . 2008-04-16 17:23 <KANSIO> d-------- C:\Documents and Settings\All Users
2008-04-16 18:16 . 2008-04-16 17:27 <KANSIO> d-------- C:\Documents and Settings
2008-04-16 18:16 . 2007-07-09 16:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-16 18:16 . 2006-11-27 17:54 539,136 -----c--- C:\WINDOWS\system32\dllcache\msftedit.dll
2008-04-16 18:16 . 2006-11-27 17:54 433,152 -----c--- C:\WINDOWS\system32\dllcache\riched20.dll
2008-04-16 18:14 . 2007-10-25 19:56 8,458,752 -----c--- C:\WINDOWS\system32\dllcache\shell32.dll
2008-04-16 18:14 . 2006-12-20 00:50 134,656 -----c--- C:\WINDOWS\system32\dllcache\shsvcs.dll
2008-04-16 18:09 . 2008-04-16 19:00 <KANSIO> d--h----- C:\WINDOWS\$hf_mig$
2008-04-16 18:04 . 2008-04-16 18:04 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-16 18:02 . 2008-04-16 18:02 <KANSIO> d-------- C:\WINDOWS\nview
2008-04-16 18:02 . 2007-12-05 02:53 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-04-16 18:02 . 2007-12-05 01:41 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-04-16 18:02 . 2008-04-16 18:02 163,353 --a------ C:\WINDOWS\system32\nvapps.xml
2008-04-16 18:02 . 2007-12-05 01:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-19 21:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-16 17:02 --------- d-----w C:\Program Files\CCleaner
2008-04-16 15:17 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-16 15:17 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-16 14:50 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-04-16 14:50 --------- d-----w C:\Program Files\Realtek AC97
2008-04-16 14:50 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-16 14:50 --------- d-----w C:\Program Files\AvRack
2008-04-16 14:46 --------- d-----w C:\Program Files\VIA
2008-04-16 14:45 9,216 ----a-w C:\WINDOWS\system32\drivers\videX32.sys
2008-04-16 14:45 52,736 ----a-w C:\WINDOWS\system32\drivers\ViPrt.sys
2008-04-16 14:45 331,184 ------w C:\WINDOWS\system32\difxapi.dll
2008-04-16 14:45 18,432 ----a-w C:\WINDOWS\system32\vIdeInst.dll
2008-04-16 14:45 16,896 ----a-w C:\WINDOWS\system32\drivers\ViBus.sys
2008-04-16 14:24 558,142 ----a-w C:\WINDOWS\java\Packages\JHJ5FVVH.ZIP
2008-04-16 14:24 155,995 ----a-w C:\WINDOWS\java\Packages\CK0PZTB1.ZIP
2008-04-16 14:24 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-05 13:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll
2008-03-05 13:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll
2008-03-05 13:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll
2008-03-05 12:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll
2008-03-05 12:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:02 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-05 20:07 462,864 ----a-w C:\WINDOWS\system32\d3dx10_37.dll
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HistoryKill"="C:\Program Files\HistoryKill 2007\histkill.exe" [2007-03-29 06:01 302592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-18 14:01 579584]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-04-19 17:15 1572608]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-14 16:12 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-18 14:01 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 01:41 8523776 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 01:41 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

R0 ViBus;ViBus;C:\WINDOWS\system32\DRIVERS\ViBus.sys [2008-04-16 17:45]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2008-04-16 17:45]
R0 ViPrt;VIA SATA IDE Device Driver;C:\WINDOWS\system32\DRIVERS\ViPrt.sys [2008-04-16 17:45]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-04-19 17:15]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-04-19 17:15]
S4 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-09-14 16:12]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-04-25 14:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-02 09:42:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-05-02 9:43:19
ComboFix-quarantined-files.txt 2008-05-02 06:43:14

Pre-Run: 187,510,763,520 tavua vapaana
Post-Run: 187,510,648,832 tavua vapaana

237

 

SDFix: Version 1.177
Run by TINO on pe 02.05.2008 at 09:53

Microsoft Windows XP [versio 5.1.2600]
Running From: C:\DOCUME~1\Kepi\TYPYT~1\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-02 09:57:13
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

Remaining Files :


File Backups: - C:\DOCUME~1\Kepi\TYPYT~1\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 16 Apr 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!

 

ok...

uudelleen järjästäminen
levyn eheytys
noilla vintoosan omat työkalut

 

Okei... mitäs sitten? Vieläkään ei nopeutunut yhtään..

 

Lataa Dr.Web CureIt työpöydälle:

Tuplaklikkaa drweb-cureit.exe ja anna sen tehdä express scan
Se skannaa käynnissä olevat ohjelmat ja jos jotain löytyy, klikkaa yes kun se kysyy haluatko poistaa sen. Tämä on vain lyhyt scan.
Kun scan on valmis, Klikkaa Custom scan merkkaa asemat, jotka haluat scannata.
Valitse kaikki asemat. Punainen piste osoittaa, mitkä asemat on valittu.
Klikaa vihreää nuolta oikealla ja scan alkaa.
Klikkaa 'Yes to all', jos kysytään haluatko poistaa/siirtää tiedoston.
Kun scan on valmis, katso voitko klikata next-kuvaketta löytyneiden tiedostojen vieressä:
Jos asia on niin, klikkaa sitä ja sitten klikkaa next-kuvaketta oikealla alhaalla ja valitse Move incurable kuten alla olevalla kuvassa:

Tämä siirtää sen %userprofile%\DoctorWeb\quarantine-hakemistoon.
Tämän jälkeen klikkaa Dr.Web CureIt-valikossa file ja valitse save report list
Tallenna raportti työpöydälle. Raportin nimi on DrWeb.csv
Sulje Dr.Web Cureit.
Käynnistä kone uudelleen !! Tämä siksi, että käytössä olevat tiedostot poistetaan/siirretään käynnistyksen yhteydessä.
Käynnistyksen jälkeen liitä Dr.Web-lokin, jonka tallensit aiemmin, sisältö seuraavaan vastaukseesi.

 

Tässä tämä DrWebin loki:

A0000160.bat;C:\System Volume Information\_restore{E1AC90D9-6E1B-41A4-9837-34EACE08F27D}\RP3;Probably BATCH.Virus;Incurable.Moved.;
A0000166.bat;C:\System Volume Information\_restore{E1AC90D9-6E1B-41A4-9837-34EACE08F27D}\RP3;Probably SCRIPT.Virus;Incurable.Moved.;
A0001493.exe;C:\System Volume Information\_restore{E1AC90D9-6E1B-41A4-9837-34EACE08F27D}\RP4;Probably BACKDOOR.Trojan;Incurable.Moved.;
A0002168.bat;C:\System Volume Information\_restore{E1AC90D9-6E1B-41A4-9837-34EACE08F27D}\RP5;Probably BATCH.Virus;Incurable.Moved.;
A0002174.bat;C:\System Volume Information\_restore{E1AC90D9-6E1B-41A4-9837-34EACE08F27D}\RP5;Probably SCRIPT.Virus;Incurable.Moved.;
A0003566.exe;C:\System Volume Information\_restore{E1AC90D9-6E1B-41A4-9837-34EACE08F27D}\RP5;Tool.Prockill;Incurable.Moved.;

Hei minkätakia tuolta C:system volumesta löytyy aina viruksia kun tarkistaa tolla ohjelmalla koneen?