Netti lähinnä tod. hidas

Netti ei pahemmin yli 10kt/s lataile, 24megan sonera laajakaista on.. ei meinaa spyware ohjelmat mitää löytää eik antivirukset mut olisko tuos jotai?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:52:46, on 21.4.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Windows\System32\V0230Mon.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Advanced System Optimizer\wallpaper.exe
C:\Program Files\Uniblues\SpyEraser\SpyEraser.exe
C:\hostmanager\hm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Filseclab\FilMsg.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Uniblues\RegistryBooster 2\RegistryBooster.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Niles\Desktop\cureit(2).exe
C:\Users\Niles\AppData\Local\Temp\RarSFX1\_start.exe
C:\Users\Niles\AppData\Local\Temp\RarSFX1\setup.exe
C:\hostmanager\hm.exe
C:\Program Files\Filseclab\Twister\twister.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0230Mon.exe] C:\Windows\System32\V0230Mon.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblues\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [Startup Manager] C:\Program Files\Advanced System Optimizer\startUp manager.exe
O4 - HKCU\..\Run: [Systweak Wallpaper Changer] C:\Program Files\Advanced System Optimizer\wallpaper.exe -minimize
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblues\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [HostsMan] C:\hostmanager\hm.exe -s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Startup: OneNoten sisällysluettelo.onetoc2
O4 - Startup: Registration Assassin's Creed.LNK = L:\assassins creed\Register\RegistrationReminder.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O4 - Global Startup: Filseclab Messenger.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7B408BB-64EE-4A6F-9783-E819179C8796}: NameServer = 192.89.123.231,193.210.19.190
O18 - Protocol: tbr - (no CLSID) - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\\PrevxCSI.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SecureSrv - Unknown owner - C:\Program Files\Hide My IP 2007\SecureSrv.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\Windows\system32\sfrem01.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 14038 bytes

 

Scannaa hjt:llä merkkaa paina Fix checked

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O18 - Protocol: tbr - (no CLSID) - (no file)

=============

Poista lisää poista sovelutksesta

&Crawler Toolbar
Best_Security_Tips

Poista kansiot vikasiedossa

C:\PROGRA~1\Crawler
C:\Program Files\Best_Security_Tips

============

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

Crawleria ja best security tipsiä en saanu vikasietotilas poistettuu, jäi vaan jumittaan ku oikeet nappia kohal paino

mut tuos toi toine logiComboFix 08-04-20.5 - Niles 2008-04-22 0:39:28.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1035.18.1259 [GMT 3:00]
Running from: C:\Users\Niles\Desktop\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\internet explorer\msimg32.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-03-21 to 2008-04-21 )))))))))))))))))
.

Tiedostoja ei ole luotu tällä aikavälillä

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-21 20:26 --------- d-----w C:\Program Files\Crawler
2008-04-21 20:20 --------- d-----w C:\Program Files\Conduit
2008-04-21 20:20 --------- d-----w C:\Program Files\Best_Security_Tips
2008-04-21 20:19 2,560 ----a-w C:\Windows\_MSRSTRT.EXE
2008-04-21 19:54 --------- d-----w C:\Program Files\EMCO Malware Destroyer
2008-04-21 18:25 --------- d-----w C:\Program Files\PFConfig
2008-04-21 16:13 --------- d-----w C:\ProgramData\PrevxCSI
2008-04-21 16:12 10,880 ------w C:\Windows\system32\drivers\pxark.sys
2008-04-21 15:51 --------- d-----w C:\Program Files\Trend Micro
2008-04-21 15:04 --------- d-----w C:\ProgramData\WLInstaller
2008-04-21 14:48 --------- d-----w C:\Program Files\BitComet
2008-04-21 14:41 --------- d-----w C:\Program Files\The Cleaner Free
2008-04-21 14:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-21 13:19 --------- d-----w C:\Program Files\Kazaa
2008-04-21 13:07 --------- d---a-w C:\ProgramData\TEMP
2008-04-21 11:20 --------- d-----w C:\Program Files\EPSON
2008-04-21 11:08 --------- d-----w C:\Users\Niles\AppData\Roaming\Shareaza
2008-04-21 11:08 --------- d-----w C:\Program Files\Shareaza
2008-04-21 09:16 --------- d-----w C:\Program Files\Common Files\Filseclab
2008-04-21 08:00 --------- d-----w C:\Users\Niles\AppData\Roaming\Spyware Terminator
2008-04-21 05:20 --------- d-----w C:\Users\Niles\AppData\Roaming\AVG7
2008-04-21 00:38 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-04-21 00:11 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5
2008-04-21 00:04 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-20 23:53 --------- d-----w C:\Program Files\DC++
2008-04-20 23:33 --------- d-----w C:\Users\Niles\AppData\Roaming\Azureus
2008-04-20 22:36 --------- d-----w C:\Program Files\SpywareBlaster
2008-04-20 19:52 --------- d-----w C:\Program Files\Spyware Terminator
2008-04-18 10:01 --------- d-----w C:\Program Files\Filseclab
2008-04-18 09:24 --------- d-----w C:\ProgramData\Spyware Terminator
2008-04-18 06:35 --------- d-----w C:\ProgramData\avg7
2008-04-18 06:24 --------- d-----w C:\Program Files\PeerGuardian2
2008-04-17 22:24 --------- d-----w C:\Program Files\PrevxCSI
2008-04-17 21:37 --------- d-----w C:\Users\Niles\AppData\Roaming\abelhadigital.com
2008-04-17 21:32 --------- d-----w C:\ProgramData\abelhadigital.com
2008-04-17 20:12 --------- d-----w C:\Program Files\a-squared Free
2008-04-17 18:51 --------- d-----w C:\Program Files\Trojan Remover
2008-04-17 16:38 --------- d-----w C:\Program Files\Advanced System Optimizer
2008-04-17 12:03 --------- d-----w C:\Program Files\Uniblues
2008-04-17 12:02 --------- d-----w C:\Program Files\Uniblue
2008-04-17 09:23 --------- d-----w C:\Program Files\Cheetah Burner
2008-04-16 23:51 --------- d-----w C:\Program Files\Nero
2008-04-16 23:51 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-16 19:37 --------- d-----w C:\Program Files\Common Files\NewTech Infosystems
2008-04-16 19:20 6,144 ------w C:\Windows\system32\drivers\NTIDrvr.sys
2008-04-16 16:35 --------- d-----w C:\Users\Niles\AppData\Roaming\InstallShield
2008-04-16 00:20 --------- d-----w C:\Program Files\Azureus
2008-04-15 22:56 --------- d-----w C:\Program Files\gossiper
2008-04-15 22:10 --------- d-----w C:\Users\Niles\AppData\Roaming\FileVOoM
2008-04-15 12:53 --------- d-----w C:\Program Files\Azureus Ultra Accelerator
2008-04-15 12:52 --------- d-----w C:\Users\Niles\AppData\Roaming\BSplayer Pro
2008-04-15 12:52 --------- d-----w C:\Program Files\Webteh
2008-04-15 09:51 --------- d-----w C:\Program Files\Bluetack
2008-04-14 17:38 --------- d-----w C:\Users\Niles\AppData\Roaming\uTorrent
2008-04-14 17:15 --------- d-----w C:\ProgramData\Ubisoft
2008-04-14 17:14 66,872 ------w C:\Windows\System32\PnkBstrA.exe
2008-04-14 17:14 22,328 ------w C:\Windows\system32\drivers\PnkBstrK.sys
2008-04-14 17:14 22,328 ------w C:\Users\Niles\AppData\Roaming\PnkBstrK.sys
2008-04-14 17:14 2,337,865 ------w C:\Windows\System32\pbsvc.exe
2008-04-14 17:14 107,832 ------w C:\Windows\System32\PnkBstrB.exe
2008-04-14 16:53 4 ------w C:\WindowsRegDefrag.dat
2008-04-14 16:36 --------- d-----w C:\Program Files\eMule
2008-04-14 11:31 --------- d-----w C:\ProgramData\eMule
2008-04-14 11:30 --------- d-----w C:\Users\Niles\AppData\Roaming\eMule
2008-04-13 18:31 --------- d-----w C:\Program Files\RegCure
2008-04-13 18:26 --------- d-----w C:\Users\Niles\AppData\Roaming\TrojanHunter
2008-04-13 17:51 --------- d-----w C:\Program Files\TrojanHunter 4.6
2008-04-13 17:45 --------- d-----w C:\Program Files\Common Files\Totem Shared
2008-04-13 17:32 --------- d-----w C:\Program Files\PC Doc Pro
2008-04-13 14:01 --------- d-----w C:\Users\Niles\AppData\Roaming\Uniblue
2008-04-13 11:11 --------- d-----w C:\ProgramData\Active Shield
2008-04-13 11:11 --------- d-----w C:\Program Files\uTorrent
2008-04-13 11:11 --------- d-----w C:\Program Files\PerformanceTest
2008-04-13 11:11 --------- d-----w C:\Program Files\GameSpy Arcade
2008-04-13 10:58 --------- d-----w C:\Users\Niles\AppData\Roaming\Systweak
2008-04-13 10:21 --------- d-----w C:\ProgramData\Uniblue
2008-04-12 22:32 --------- d-----w C:\Program Files\Hide My IP 2007
2008-04-12 14:54 --------- d-----w C:\Users\Niles\AppData\Roaming\Thinking Minds Budiling Bytes
2008-04-11 12:01 --------- d-----w C:\Program Files\Norton Security Scan
2008-04-11 07:52 --------- d-----w C:\Program Files\IObit
2008-04-11 06:32 3,292 ------w C:\Windows\System32\tmp.reg
2008-04-10 23:41 --------- d-----w C:\Users\Niles\AppData\Roaming\Simply Super Software
2008-04-10 23:41 --------- d-----w C:\ProgramData\Simply Super Software
2008-04-10 23:16 --------- d-----w C:\Program Files\CCleaner
2008-04-10 19:43 --------- d-----w C:\Users\Niles\AppData\Roaming\SUPERAntiSpyware.com
2008-04-10 19:43 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-04-10 19:42 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-10 18:48 --------- d-----w C:\ProgramData\eSellerate
2008-04-10 18:00 86,528 ------w C:\Windows\System32\VACFix.exe
2008-04-10 15:51 --------- d-----w C:\Program Files\Ashampoo
2008-04-09 22:10 --------- d-----w C:\Program Files\Windows Mail
2008-04-09 17:47 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-08 19:44 82,432 ------w C:\Windows\System32\IEDFix.exe
2008-04-08 06:54 --------- d-----w C:\Program Files\Panda Security
2008-04-05 16:27 413,696 ------w C:\Windows\System32\wrap_oal.dll
2008-04-05 16:27 110,592 ------w C:\Windows\System32\OpenAL32.dll
2008-04-05 16:25 --------- d--h--r C:\Users\Niles\AppData\Roaming\SecuROM
2008-04-04 15:17 --------- d-----w C:\Users\Niles\AppData\Roaming\ATI
2008-04-04 15:17 --------- d-----w C:\ProgramData\ATI
2008-04-04 15:15 --------- d-----w C:\Program Files\Common Files\ATI Technologies
.

Code:

<pre>
------w       131,097,968 2008-04-16 22:28:07  C:\Users\Niles\Documents\Azureus Downloads\Nero 7 + keygen by Cweb\Nero-7.2.3.2b-ENG .exe
</pre>

------- Sigcheck -------

2007-03-25 09:25 802816 8828315f2976c705d5a668de1aa58555 C:\Windows\System32\drivers\tcpip.sys
2007-09-02 13:47 802816 8828315f2976c705d5a668de1aa58555 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e0926e99e4\tcpip.sys
2007-03-25 09:25 802816 8828315f2976c705d5a668de1aa58555 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a\tcpip.sys
2008-02-19 04:13 806400 52a8bd6294f7d1443c6184c67ae13af4 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4\tcpip.sys
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-19 04:12 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 15:35 125440]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
"Uniblue RegistryBooster 2"="c:\program files\uniblues\registrybooster 2\StartRegistryBooster.exe" [2007-08-16 09:02 99608]
"Startup Manager"="C:\Program Files\Advanced System Optimizer\startUp manager.exe" [2007-06-22 11:55 919280]
"Systweak Wallpaper Changer"="C:\Program Files\Advanced System Optimizer\wallpaper.exe" [2007-06-22 11:55 151280]
"Uniblue SpyEraser"="C:\Program Files\Uniblues\SpyEraser\SpyEraser.exe" [2007-08-16 09:03 1269000]
"HostsMan"="C:\hostmanager\hm.exe" [2007-12-26 11:04 2580992]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-09 03:11 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 12:07 4390912 C:\Windows\RtHDVCpl.exe]
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 10:27 319488]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 00:04 464168]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-11-24 20:20 622592]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 14:51 65536]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 02:11 24576]
"V0230Mon.exe"="C:\Windows\System32\V0230Mon.exe" [2006-07-19 20:00 36961]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 11:44 579584]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-26 03:00 2957824]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-04-07 19:51 873040]
"THGuard"="C:\Program Files\TrojanHunter 4.6\THGuard.exe" [2007-05-11 20:01 1102848]
"TMRUBottedTray"="C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe" [2007-12-19 00:18 288088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-26 00:33 219136]

C:\Users\Niles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNoten sis„llysluettelo.onetoc2 [2008-03-26 04:54:58 3656]
Registration Assassin's Creed.LNK - L:\assassins creed\Register\RegistrationReminder.exe [2008-04-16 19:44:06 967304]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-04-25 09:47:13 528384]
Filseclab Messenger.lnk - C:\Program Files\Common Files\Filseclab\FilMsg.exe [2008-04-09 16:05:18 319488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-03-26 00:33 9216 C:\Windows\System32\avgwlntf.dll

[HKLM\~\startupfolder\C:^Users^Niles^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registration Catz2.LNK]
backup=C:\Windows\pss\Registration Catz2.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
--------- 2007-04-26 20:10 740208 C:\Program Files\Sonera Tietoturva\FSGUI\TNBUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ultimate Spy Killer]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4277375301-1569973774-1729028494-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3C120E4F-CD94-4D27-A532-BEB04895B655}"= UDP:C:\Program Files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{09F4A0DF-FE1D-45D9-81BD-DD8B0DCB5AFE}"= TCP:C:\Program Files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{4F1444F6-F4DF-498C-BA59-F78CA646637F}"= C:\Program Files\Acer Zone\Acer Picture Slide DVD\component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{FB3F8941-3F30-4F34-AAF5-2F1C206385B9}"= C:\Program Files\Acer Zone\Acer Plug and Record\component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{6C68D9DD-E5F6-4402-9121-AE668FF2D614}"= C:\Program Files\Acer Zone\Acer Plug and Record\component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{3DBBB1CC-5409-41DD-A810-2112314C0F4F}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{096B8F0C-F5FF-47AB-B95F-E070D12B7C6F}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6362D413-7EF7-41BF-8671-52ECD8DA469F}"= UDP:C:\Program Files\Sierra\FEARCombat\FEARMP.exe:FEAR Combat
"{575CA018-839B-4FD2-8408-CD4EA340F67B}"= TCP:C:\Program Files\Sierra\FEARCombat\FEARMP.exe:FEAR Combat
"{8A4E3FB2-ABD1-44C9-8B99-F1976A9EDD60}"= UDP:19376:BitComet 19376 TCP
"{7156B722-2552-44F6-A503-6BE2C0F0240F}"= TCP:19376:BitComet 19376 UDP
"{A0737AC2-1DE5-493E-AE1D-CCFD255E7DA6}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{2ECFF249-BCD7-4E1A-8476-747FE98DFB90}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{31DBD8E2-D420-4CDC-A671-20270E4D7755}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{35FE68B5-EEAA-427B-878C-BB59A9AED698}"= UDP:\zoo tycoon 2\zt.exe:Zoo Tycoon 2 Executable
"{FC500490-B772-48D5-A039-26FF30392CB9}"= TCP:\zoo tycoon 2\zt.exe:Zoo Tycoon 2 Executable
"{6F5C2895-43C4-4355-8D35-E2454E2247A9}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{40DAE3BD-668B-4B22-BEA8-8EC9CDFB6856}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{91C721C6-DDF1-4BD1-8227-D11C83A1E8DA}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{523CF92B-C94D-4876-AAB9-6589ADC4EB97}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{3F95FD80-646B-4BC5-A808-A273FB7461F9}"= UDP:C:\Program Files\Midway Games\Hour of Victory\Binaries\LTCG-HOVGame.exe:Hour of Victory
"{D40AA227-9454-4314-B0EB-D05B063330FD}"= TCP:C:\Program Files\Midway Games\Hour of Victory\Binaries\LTCG-HOVGame.exe:Hour of Victory
"{7A41B86F-6411-4487-BB6E-D95FD47AE19B}"= UDP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{881CCA61-93AE-4D74-B22F-359DA74EE9B5}"= TCP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{55CC44D0-90DD-4CA3-AF58-3B0D594454D8}"= UDP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{B93A9090-F28F-4547-AE3C-63C64E7DDA04}"= TCP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{0CC40665-629E-4D62-8333-9333E789B876}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{45009473-5292-4FA3-8370-8DB9C8DEF487}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{B1E5377E-F29C-4B42-8C54-AF5D511B2864}"= UDP:C:\Program Files\THQ\Frontlines-Fuel of War\Binaries\FFOW.exe:Frontlines Game
"{71F44A8A-D106-4DB6-9823-9A3FFDA9857D}"= TCP:C:\Program Files\THQ\Frontlines-Fuel of War\Binaries\FFOW.exe:Frontlines Game
"{3E146978-67B5-46E3-B2E8-D756D779618A}"= UDP:\Turning point fall of liberty\Binaries\LTCG-TPGame.exe:Turning Point - Fall of Liberty
"{BBB7CF7F-B7C1-4DE2-AF55-8BBA4A3E6A37}"= TCP:\Turning point fall of liberty\Binaries\LTCG-TPGame.exe:Turning Point - Fall of Liberty
"{8C9F2655-D842-464C-90D6-1114A9A8365C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{899DEDBA-2B7B-4463-A6BE-D7AD97FA72DE}"= UDP:L:\S.T.A.L.K.E.R shadow of chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{FA4681B2-F0F5-4EFC-A036-C12CB773F873}"= TCP:L:\S.T.A.L.K.E.R shadow of chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{23CBEE5D-549B-49CA-8845-E6B69FFE8715}"= UDP:L:\S.T.A.L.K.E.R shadow of chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{9B42EDCA-380F-4304-8426-82C64928B527}"= TCP:L:\S.T.A.L.K.E.R shadow of chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"TCP Query User{9C889BB7-8594-4BBC-98CC-116509183ED5}C:\\program files\\bitlord2\\bitlord.exe"= UDP:C:\program files\bitlord2\bitlord.exe:
"UDP Query User{CA1428D3-B113-4711-A864-2C052743D8A7}C:\\program files\\bitlord2\\bitlord.exe"= TCP:C:\program files\bitlord2\bitlord.exe:
"{2B19BA19-C27E-4934-88D6-05C25AFB39FE}"= UDP:\kanelynch\kaneandlynch.exe:Kane & Lynch: Dead Men
"{617A544D-0EA3-48AB-9DC0-8D8DF1B5F302}"= TCP:\kanelynch\kaneandlynch.exe:Kane & Lynch: Dead Men
"TCP Query User{750FEC40-A675-4DE6-A7BF-3E49E1CC6683}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{6047838D-14A5-4355-8F40-F872812BD077}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{93C43951-1FF5-458E-8264-8E3D5D08BD86}"= UDP:10284:bitcomet
"{3261F2CE-635D-461C-B589-9497E3B1BBED}"= TCP:10284:bitcomet 2
"TCP Query User{D33F35EF-001A-49C2-8753-4D8B1A827A57}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{F1031A72-DF8E-4F4E-902B-E195B1DE3474}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{A9F1F9A7-551E-4078-AB9E-54B927BFC382}"= UDP:6881:a1
"{2BA7D965-1C68-4513-A045-571C61B583BD}"= TCP:6881:a2
"{BC2B7072-2E96-482E-9760-ACAA8A7C46A7}"= UDP:10284:bitcomet
"{4091CEA8-62BB-49C5-98F2-109E9B3EEE0B}"= TCP:10284:bitcomet 2
"{7205A933-A5DD-422D-9839-1B345F87154F}"= UDP:6881:az
"{19A8292F-E51C-48C6-8731-F48BA334CA1C}"= TCP:6881:azu
"TCP Query User{C1A9AA73-418A-43EE-A228-E22AA610681C}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{896CCE5D-C5F3-4941-8498-D4B249245EE1}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{01E07BA2-74C3-464A-B7F7-DADBC400180C}"= UDP:50100:ass
"{37DC447F-A1D5-416E-B9E4-9302C78EE65B}"= TCP:50100:asu
"TCP Query User{7FCCD6C4-DCC8-472D-9463-18C7AA1272DC}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{B7509E88-C56A-4F11-8A7D-499A8BD37BB3}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{63C7D927-C4A1-4DB8-B02C-44A066C02ACB}"= UDP:12000:uto
"{8ADEDE27-F0FF-44F2-B9DF-F3464EE74B46}"= TCP:12000:uto1
"TCP Query User{211EEA98-5CFB-4043-9D61-437859D47323}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{90A1B6B7-D623-4771-9F94-6B790FA700DA}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{A8CBAC7B-06D1-45C8-BC7A-1F42E2D9FC6C}"= UDP:L:\rainbow six vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{8C81F49C-C9CE-44D3-839C-4E1487744B47}"= TCP:L:\rainbow six vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{E5747BF7-E73F-4870-B188-888B00F517B5}"= UDP:L:\rainbow six vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"{332FE1E3-A641-4528-BC38-5E8C834FBBFA}"= TCP:L:\rainbow six vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"TCP Query User{802E716D-2B19-41C3-966E-A703F5AF9D5D}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{FB8926EC-F492-421C-BB3A-F0E2AE7B67A0}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{7C436A8B-1766-445A-84DB-3C4D2C6D4232}C:\\program files\\dc++\\dcplusplus.exe"= UDP:C:\program files\dc++\dcplusplus.exeC++
"UDP Query User{BDF70BF1-BF58-44DC-A7F4-E7685C3983FF}C:\\program files\\dc++\\dcplusplus.exe"= TCP:C:\program files\dc++\dcplusplus.exeC++
"{BC8DD5F0-37E6-42E0-AB24-87F2207C00A0}"= UDP:412:dc
"{240E2A48-53CC-41AF-88E3-B54B458704C4}"= TCP:412:dc+
"{44FA65F7-0345-4779-ADB1-B7BC028CD17F}"= UDP:C:\Program Files\Kazaa\Kazaa.exe:Kazaa
"{EC44ADC1-E7E1-42D2-80D6-32C074DFBD5A}"= TCP:C:\Program Files\Kazaa\Kazaa.exe:Kazaa
"TCP Query User{DDD0A489-8108-47AB-9B3F-1D92FB51AEAE}C:\\program files\\kazaa\\ieembed.exe"= UDP:C:\program files\kazaa\ieembed.exe:JDesktop Integration Components binary
"UDP Query User{349C6F14-153D-4211-825A-C9D38F8F5E61}C:\\program files\\kazaa\\ieembed.exe"= TCP:C:\program files\kazaa\ieembed.exe:JDesktop Integration Components binary
"{F72EEEB6-A176-462F-B34A-90D2DC6F2221}"= UDP:L:\assassins creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{D6E70010-4AAC-4D68-98CF-AB00A207053D}"= TCP:L:\assassins creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{521D386F-5E76-400E-AD0A-89A5E6BBD306}"= UDP:L:\assassins creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{72861E1E-046D-4F5E-A349-57614C9F34FC}"= TCP:L:\assassins creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{81A952B4-B15B-49E0-83F8-E2C575FB8F75}"= UDP:L:\assassins creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{0DAE2BCF-A601-45A5-9D86-87B8061CAC4F}"= TCP:L:\assassins creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-07 00:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-07 00:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-07 00:04]
R0 pxark;pxark;C:\Windows\system32\drivers\pxark.sys [2008-04-21 19:12]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Sonera Tietoturva\HIPS\fshs.sys [2008-02-19 21:48]
R1 filar;Filseclab Dynamic Defense System Driver;C:\PROGRA~1\COMMON~1\FILSEC~1\filar.sys [2007-12-18 17:56]
R1 FSES;F-Secure Email Scanning Driver;C:\Windows\system32\drivers\fses.sys [2007-04-26 20:08]
R1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys [2008-03-17 13:43]
R1 fsvista;F-Secure Vista Support Driver;C:\Program Files\Sonera Tietoturva\Anti-Virus\minifilter\fsvista.sys [2007-04-26 20:07]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\Windows\system32\drivers\sp_rsdrv2.sys [2008-03-26 03:00]
R2 acedrv10;acedrv10;C:\Windows\system32\drivers\acedrv10.sys [2007-07-24 10:45]
R2 acehlp10;acehlp10;C:\Windows\system32\drivers\acehlp10.sys [2007-07-11 11:20]
R2 CSIScanner;CSIScanner;"C:\Program Files\PrevxCSI\\PrevxCSI.exe" /service []
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-07 00:04]
R2 RUBotted;Trend Micro RUBotted Service;"C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe" [2007-12-19 00:18]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-12-21 06:55]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-28 10:03]
R3 Ph3xIB32;Philips 713x VU PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 10:43]
R3 SecureSrv;SecureSrv;C:\Program Files\Hide My IP 2007\SecureSrv.exe [2008-03-13 15:36]
R3 TMPassthruMP;TMPassthruMP;C:\Windows\system32\DRIVERS\TMPassthru.sys [2007-11-27 22:51]
R3 V0230Vfx;V0230Vfx;C:\Windows\system32\DRIVERS\V0230Vfx.sys [2006-03-23 20:00]
R3 V0230VID;Live! Cam Video IM Pro;C:\Windows\system32\DRIVERS\V0230VID.sys [2006-07-24 20:00]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-09 04:52]
S3 filpp;Filseclab Process Protection Driver;C:\PROGRA~1\COMMON~1\FILSEC~1\filpp.sys [2007-12-19 21:47]
S3 IMMDRV;Filseclab Twister Kernel Module;C:\PROGRA~1\FILSEC~1\Twister\immdrv.sys [2007-11-26 20:24]
S3 TMPassthru;Trend Micro Passthru Ndis Service;C:\Windows\system32\DRIVERS\TMPassthru.sys [2007-11-27 22:51]

*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-04-11 12:01:34 C:\Windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-04-21 21:20:58 C:\Windows\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-04-17 00:04:58 C:\Windows\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-03-31 12:51:35 C:\Windows\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\SONERA~1\ANTI-V~1\fsav.exeQ /HARD /POLICY /SCHED /NOBREAK /REPORT=C:\PROGRA~1\SONERA~1\ANTI-V~1\report.txt
"2008-04-21 21:07:00 C:\Windows\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-04-13 14:30:02 C:\Windows\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-10 15:39:35 C:\Windows\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-13 11:32:36 C:\Windows\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-04-17 22:43:28 C:\Windows\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblues\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 00:41:27
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-22 0:42:43
ComboFix-quarantined-files.txt 2008-04-21 21:42:31

Järjestelmä ei löydä sanomaa numerolle 0x2379 ohjelman Application sanomatiedostossa.
Järjestelmä ei löydä sanomaa numerolle 0x2379 ohjelman Application sanomatiedostossa.

346 --- E O F --- 2008-04-09 17:47:40

 

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.

 

Siin olis tuo


Malwarebytes' Anti-Malware 1.11
Tietokantaversio: 669

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|L:\|)
Tarkistetut kohteet: 252285
Kulunut aika: 1 hour(s), 22 minute(s), 31 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 5
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)

 

scannaa uusi hjt:n loki

 

Mitä köhän nyt tapahtu kun en pysty surittaan järjestelmänvalvojana, ei tapahdu mitää:-S

 

• Avaa HiJackThis
• Klikkaa "Configure" valintaa oikealla alhaalla
• Klikkaa "Misc Tools"
• Klikkaa boxia joka sanoo "Uninstall Manager"
• Klikkaa valintaa "Save list"
• Kopioi ja liitä kyseinen lista muistiosta postiisi

 

Tuos olis tuo lista....

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acer eDataSecurity Management
Acer Empowering Technology
Acer ePerformance Management
Acer Picture Slide DVD
Acer Plug and Record
Acer ScreenSaver
Acer Tour
Acer Zone Main Page
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.0 - Suomi
Adobe Shockwave Player
Advanced System Optimizer
Advanced Video FX Engine
Advanced WindowsCare Personal
AGEIA PhysX v7.11.13
Apple Mobile Device Support -tuki
Apple Software Update
Ashampoo WinOptimizer 5.00
a-squared Free 3.5
Assassin's Creed
ATI AVIVO Codecs
Audiosurf
AVG 7.5
Azureus Vuze
Bee Movie(TM) Game
BitLord v2.0
BLM 2.7.7
Bonjour
Brother MFL-Pro Suite
BS.Player FREE powered by AdVantage
Call of Duty(R) 4 - Modern Warfare(TM)
Canon Utilities ZoomBrowser EX
Cars
Catz2 (remove only)
CCleaner (remove only)
Cheetah DVD Burner
Chicken Little Ace in Action
Cinderella's Dollhouse
Cobra 11 - Crash Time (remove only)
Condemned - Criminal Origins
Creative Live! Cam Center
Creative Live! Cam Manager
Creative Live! Cam Video IM Pro User's Guide (English)
Creative Photo Calendar
Creative Photo Manager
Creative System Information
DC++ 0.705
Deer Hunter - The 2005 Season
Disney-Pixar Ratatouille
DVD Decrypter (Remove Only)
EA SPORTS online 2007
EA SPORTS™ NBA LIVE 08
EPSON Scan
eSobi v2
Evil Dead Regeneration
FEARCombat
Field & Stream® Trophy Bass 4
FIFA 07
FlatOut2
Frontlines: Fuel of War
GameShadow
GameSpy Arcade
Google Toolbar for Internet Explorer
Groove Games\Land Of The Dead
Happyland Adventures - Xmas Edition v1.3
Hauppauge MCE XP/Vista Software Encoder (2.0.24321)
Hide My IP 2007
HijackThis 2.0.2
Hospital Tycoon
Hour of Victory
Hunting Unlimited 2008 1.0
ILLUSION BattleRaper2
Indeo® software
iTunes
Jasc Paint Shop Pro 8
Java 2 Runtime Environment, SE v1.4.2_15
Java 2 SDK, SE v1.4.2_15
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Joost (tm) 0.12.0
Kane and Lynch: Dead Men
Knights of the Temple 2
Lexmark 3100 Series
LiveUpdate 3.2 (Symantec Corporation)
Lula 3D
Malwarebytes' Anti-Malware
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Excel MUI (Finnish) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (Finnish) 2007
Microsoft Office PowerPoint MUI (Finnish) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Finnish) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Swedish) 2007
Microsoft Office Proofing (Finnish) 2007
Microsoft Office Shared MUI (Finnish) 2007
Microsoft Office Word MUI (Finnish) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (2.0.0.14)
Mozilla Firefox (3.0b5)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
muvee autoProducer 4.1
My Horse and Me
My Horse and Me
Mz Vista Force
Need for Speed™ ProStreet
Nero 7 Ultra Edition
NHL Eastside Hockey Manager
NHL® 08
NHL07
Norton Security Scan
OpenAL
Painkiller
PC Doc Pro 3.5
PeerGuardian 2.0
PerformanceTest v6.1
PFConfig 1.0.192
Pirates of the Caribbean - At Worlds End
Prince of Persia T2T
ProtectDisc Helper Driver 10
PunkBuster Services
QuickTime
Realtek High Definition Audio Driver
RegCure 1.5.0.0
Resident Evil 4 1.10
Rock Manager
Rock Tour
RTL Winter Sports 2008
S.T.A.L.K.E.R. - Shadow of Chernobyl
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB946974)
Security Update for Office 2007 (KB947801)
Security Update for Visio 2007 (KB947590)
SightSpeed (remove only)
Skispringen 2007
Soldier of Fortune Payback
Spybot - Search & Destroy
Spyware Terminator
SpywareBlaster 4.0
SUPERAntiSpyware Free Edition
T.sonic Utility
The Cleaner 5
The History Channel: Civil War
TimeShift
Tom Clancy's Rainbow Six Vegas 2
Tony Hawk's American Wasteland (TM)
Tony Hawk's American Wasteland 1.01 Patch
Total Overdose
Trend Micro RUBotted
Trojan Remover 6.6.9
TrojanHunter 4.6
Trophy Bass 2007
Turning Point - Fall of Liberty
Turning Point - Fall of Liberty
Twister Anti-TrojanVirus
Uniblue PowerSuite
Uniblue SpyEraser
Update for Office 2007 (KB946691)
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live OneCare safety scanner
Windows Live Toolbar
Windows Live Writer
Windows Liven kirjautumisavustaja
Windows Liven sähköposti
Windows Liven valokuvavalikoima
Windows Media Player Firefox Plugin
WinRAR archiver
Yahoo! Toolbar
Zoo Tycoon 2

 

Jotkut muut ohjelmat kyl näemmä toimii järjestelmänvalvojanakin

 

Poista lisää poista sovelutuksesta

Java 2 Runtime Environment, SE v1.4.2_15
Java(TM) 6 Update 3
LiveUpdate 3.2 (Symantec Corporation)
Yahoo! Toolbar


Poista vikasiedossa kansio

C:\Program Files\Yahoo!

=======

scannaa uusi hjt:n loki

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:06:46, on 22.4.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Windows\System32\V0230Mon.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Advanced System Optimizer\wallpaper.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\hostmanager\hm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Filseclab\FilMsg.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Uniblues\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0230Mon.exe] C:\Windows\System32\V0230Mon.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblues\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [Systweak Wallpaper Changer] C:\Program Files\Advanced System Optimizer\wallpaper.exe -minimize
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [HostsMan] C:\hostmanager\hm.exe -s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Startup Manager] C:\Program Files\Advanced System Optimizer\startUp manager.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Startup: OneNoten sisällysluettelo.onetoc2
O4 - Startup: Registration .LNK = L:\assassins creed\Register\RegistrationReminder.exe
O4 - Startup: Registration Assassin's Creed.LNK = L:\assassins creed\Register\RegistrationReminder.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O4 - Global Startup: Filseclab Messenger.lnk = C:\Program Files\Common Files\Filseclab\FilMsg.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7B408BB-64EE-4A6F-9783-E819179C8796}: NameServer = 192.89.123.231,193.210.19.190
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SecureSrv - Unknown owner - C:\Program Files\Hide My IP 2007\SecureSrv.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\Windows\system32\sfrem01.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 12361 bytes

Tuossa tuo

 

Käynnistä > suorita kirjoita msconfig > ok
Käynnistys välilehti

Ota alla olevien edestä ruksi pois

BrMfcWnd
SpywareTerminatorShield
Trjscan
THGuard
TMRUBottedTray
ehTray
QTTask
jusched


käytä ja ok
Käynnistä kone uudelleen ja laita pikkuseen neliöön ruksi ja paina sitten vasta ok

===========

Onkos tuossa realiaikainen suojaus päällä ota pois jos on päällä.Avaa Windows Defender.
Klikkaa Tools ja General Settings.
Selaa alas ja ota rasti pois Turn on real-time protection (recommended)-kohdasta.
Tämän jälkeen klikkaa Save ja sulje Windows Defender.

 

Onks se vistas tuolta msconfigist ohjelmista, kun pitää ruksit noista pois ottaa...sieltä nuo ainaskin löytys

 

Dodii....otin nuot pois ja defenderis ei tuo päällä ollu...

 

Ok... mites koneen toiminta nytten on

 

No kyllähän tuo auttaa tais, nettikin hiukkasen nopeentu, youtubestakin videoita ilman pätkimist kattoo pystyy:-D thanks!!