Ratkaistu resurssienhallintaa ja rundll32:sta koskeva ongelma, tämän voi poistaa.

Päivitin BIOSin, jolloin kellonaika siirtyi 2099, F-secure ilmoitti menevänsä umpeen ja koneelle pääsi tulholaisia. Vaikka sainkin kellonajan korjattua ja pahimmat tuholaiset pois koneelta, aiheuttavat windowsin vauriot hieman ongelmia:

1. Yrittäessäni käynnistää Ohjauspaneelia, ilmoittaa Vista resurssienhallinnan lakanneen toimimasta. Tapahtumienvalvonnasta saa selville seuraavaa:

Viallinen sovellus explorer.exe, versio 6.0.6001.18000, aikaleima 0x47918e5d, virhemoduuli mfc42.dll, versio 6.6.8063.0, aikaleima 0x4791a6f4, poikkeuskoodi 0xc0000005, virhepoikkeama 0x000039b2, prosessin tunnus 0xee0, sovelluksen käynnistysaika 0x01c8e728f5da7cde.

- System
- Provider
[ Name] Application Error
- EventID 1000
[ Qualifiers] 0
Level 2
Task 100
Keywords 0x80000000000000
- TimeCreated
[ SystemTime] 2008-07-16T10:00:01.000Z
EventRecordID 59644
Channel Application
Computer Vistakone-KSNK
Security
- EventData
explorer.exe
6.0.6001.18000
47918e5d
mfc42.dll
6.6.8063.0
4791a6f4
c0000005
000039b2
ee0
01c8e728f5da7cde

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2008-07-16T10:00:01.000Z" />
<EventRecordID>59644</EventRecordID>
<Channel>Application</Channel>
<Computer>Vistakone-KSNK</Computer>
<Security />
</System>
- <EventData>
<Data>explorer.exe</Data>
<Data>6.0.6001.18000</Data>
<Data>47918e5d</Data>
<Data>mfc42.dll</Data>
<Data>6.6.8063.0</Data>
<Data>4791a6f4</Data>
<Data>c0000005</Data>
<Data>000039b2</Data>
<Data>ee0</Data>
<Data>01c8e728f5da7cde</Data>
</EventData>
</Event>

2. Yrittäessäni avata Tietoturvakeskusta, imoittaa vista Windows host prosess (Rundll32) lakanneen toimimasta ja tästä Tapahtumienvalvonta kertoo seuraavaa:

Viallinen sovellus rundll32.exe, versio 6.0.6000.16386, aikaleima 0x4549b0e1, virhemoduuli unknown, versio 0.0.0.0, aikaleima 0x00000000, poikkeuskoodi 0xc0000005, virhepoikkeama 0x01be0ef1, prosessin tunnus 0x1a8, sovelluksen käynnistysaika 0x01c8e72b5d65cd8e.

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2008-07-16T10:04:41.000Z" />
<EventRecordID>59645</EventRecordID>
<Channel>Application</Channel>
<Computer>Vistakone-KSNK</Computer>
<Security />
</System>
- <EventData>
<Data>rundll32.exe</Data>
<Data>6.0.6000.16386</Data>
<Data>4549b0e1</Data>
<Data>unknown</Data>
<Data>0.0.0.0</Data>
<Data>00000000</Data>
<Data>c0000005</Data>
<Data>01be0ef1</Data>
<Data>1a8</Data>
<Data>01c8e72b5d65cd8e</Data>
</EventData>
</Event>

- System
- Provider
[ Name] Application Error
- EventID 1000
[ Qualifiers] 0
Level 2
Task 100
Keywords 0x80000000000000
- TimeCreated
[ SystemTime] 2008-07-16T10:04:41.000Z
EventRecordID 59645
Channel Application
Computer Vistakone-KSNK
Security


- EventData

rundll32.exe
6.0.6000.16386
4549b0e1
unknown
0.0.0.0
00000000
c0000005
01be0ef1
1a8
01c8e72b5d65cd8e

Sitten on vielä AVG raportti:

AVG 8.0 Anti-Virus command line scanner
Copyright (c) 1992 - 2008 AVG Technologies
Program version 8.0.134, engine 8.0.0
Virus Database: Version 270.5.0/1555 2008-07-16

C:\Boot\BCD Locked file. Not tested.
C:\Boot\BCD.LOG Locked file. Not tested.
C:\DCI.0XE Trojan horse Generic10.AGFO Object was moved to Virus Vault.
C:\Documents and Settings\ Locked file. Not tested.
C:\pagefile.sys Locked file. Not tested.
C:\ProgramData\Desktop\ Locked file. Not tested.
C:\ProgramData\Documents\ Locked file. Not tested.
C:\ProgramData\Favorites\ Locked file. Not tested.
C:\ProgramData\Käynnistä-valikko\ Locked file. Not tested.
C:\ProgramData\Mallit\ Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4a01ca539f9ebe127101e2508a4c3f79_6197110f-a090-4320-baf8-ee9dcc04eef0 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cc95e2148edc6b74dd47c8d9a65271d7_6197110f-a090-4320-baf8-ee9dcc04eef0 Locked file. Not tested.
C:\ProgramData\Microsoft\Windows\Start Menu\Ohjelmat\ Locked file. Not tested.
C:\ProgramData\Suosikit\ Locked file. Not tested.
C:\ProgramData\Templates\ Locked file. Not tested.
C:\ProgramData\Tiedostot\ Locked file. Not tested.
C:\ProgramData\Työpöytä\ Locked file. Not tested.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ISE32.0XE Trojan horse Generic10.AGFO Object was moved to Virus Vault.
C:\System Volume Information\ Locked file. Not tested.
C:\Users\Default\AppData\Local\History\ Locked file. Not tested.
C:\Users\Default\AppData\Local\Sivuhistoria\ Locked file. Not tested.
C:\Users\Default\AppData\Local\Temporary Internet Files\ Locked file. Not tested.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Ohjelmat\ Locked file. Not tested.
C:\Users\Default\Cookies\ Locked file. Not tested.
C:\Users\Default\Documents\My Music\ Locked file. Not tested.
C:\Users\Default\Documents\My Pictures\ Locked file. Not tested.
C:\Users\Default\Documents\My Videos\ Locked file. Not tested.
C:\Users\Default\Documents\Omat kuvatiedostot\ Locked file. Not tested.
C:\Users\Default\Documents\Omat musiikkitiedostot\ Locked file. Not tested.
C:\Users\Default\Documents\Omat videotiedostot\ Locked file. Not tested.
C:\Users\Default\Mallit\ Locked file. Not tested.
C:\Users\Default\NetHood\ Locked file. Not tested.
C:\Users\Default\PrintHood\ Locked file. Not tested.
C:\Users\Default\Recent\ Locked file. Not tested.
C:\Users\Default\Templates\ Locked file. Not tested.
C:\Users\Default\Tulostinympäristö\ Locked file. Not tested.
C:\Users\Default\Verkkoympäristö\ Locked file. Not tested.
C:\Users\Public\Documents\My Music\ Locked file. Not tested.
C:\Users\Public\Documents\My Pictures\ Locked file. Not tested.
C:\Users\Public\Documents\My Videos\ Locked file. Not tested.
C:\Users\Public\Documents\Omat kuvatiedostot\ Locked file. Not tested.
C:\Users\Public\Documents\Omat musiikkitiedostot\ Locked file. Not tested.
C:\Users\Public\Documents\Omat videotiedostot\ Locked file. Not tested.
C:\Users\Voima Mipe\AppData\Local\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Users\Voima Mipe\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Locked file. Not tested.
C:\Users\Voima Mipe\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Locked file. Not tested.
C:\Users\Voima Mipe\AppData\Roaming\Microsoft\Windows\Start Menu\Ohjelmat\ Locked file. Not tested.
C:\Users\Voima Mipe\Documents\Omat kuvatiedostot\ Locked file. Not tested.
C:\Users\Voima Mipe\Documents\Omat musiikkitiedostot\ Locked file. Not tested.
C:\Users\Voima Mipe\Documents\Omat videotiedostot\ Locked file. Not tested.
C:\Users\Voima Mipe\Mallit\ Locked file. Not tested.
C:\Users\Voima Mipe\NTUSER.DAT Locked file. Not tested.
C:\Users\Voima Mipe\ntuser.dat.LOG1 Locked file. Not tested.
C:\Users\Voima Mipe\ntuser.dat.LOG2 Locked file. Not tested.
C:\Users\Voima Mipe\Tulostinympäristö\ Locked file. Not tested.
C:\Users\Voima Mipe\Verkkoympäristö\ Locked file. Not tested.
C:\Windows\SERVICE.0XE Trojan horse Generic10.AGFO Object was moved to Virus Vault.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Locked file. Not tested.
C:\Windows\System32\catroot2\edb.log Locked file. Not tested.
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Locked file. Not tested.
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Locked file. Not tested.
C:\Windows\System32\config\COMPONENTS Locked file. Not tested.
C:\Windows\System32\config\COMPONENTS.LOG1 Locked file. Not tested.
C:\Windows\System32\config\COMPONENTS.LOG2 Locked file. Not tested.
C:\Windows\System32\config\DEFAULT Locked file. Not tested.
C:\Windows\System32\config\DEFAULT.LOG1 Locked file. Not tested.
C:\Windows\System32\config\DEFAULT.LOG2 Locked file. Not tested.
C:\Windows\System32\config\RegBack\COMPONENTS Locked file. Not tested.
C:\Windows\System32\config\RegBack\DEFAULT Locked file. Not tested.
C:\Windows\System32\config\RegBack\SAM Locked file. Not tested.
C:\Windows\System32\config\RegBack\SECURITY Locked file. Not tested.
C:\Windows\System32\config\RegBack\SOFTWARE Locked file. Not tested.
C:\Windows\System32\config\RegBack\SYSTEM Locked file. Not tested.
C:\Windows\System32\config\SAM Locked file. Not tested.
C:\Windows\System32\config\SAM.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SAM.LOG2 Locked file. Not tested.
C:\Windows\System32\config\SECURITY Locked file. Not tested.
C:\Windows\System32\config\SECURITY.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SECURITY.LOG2 Locked file. Not tested.
C:\Windows\System32\config\SOFTWARE Locked file. Not tested.
C:\Windows\System32\config\SOFTWARE.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SOFTWARE.LOG2 Locked file. Not tested.
C:\Windows\System32\config\SYSTEM Locked file. Not tested.
C:\Windows\System32\config\SYSTEM.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SYSTEM.LOG2 Locked file. Not tested.
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Ohjelmat\ Locked file. Not tested.
C:\Windows\System32\config\systemprofile\Documents\Omat kuvatiedostot\ Locked file. Not tested.
C:\Windows\System32\config\systemprofile\Documents\Omat musiikkitiedostot\ Locked file. Not tested.
C:\Windows\System32\config\systemprofile\Documents\Omat videotiedostot\ Locked file. Not tested.
C:\Windows\System32\drivers\sptd.sys Locked file. Not tested.
C:\Windows\System32\LogFiles\WMI\RtBackup\ Locked file. Not tested.
C:\Windows\WINUDSPM.0XE Trojan horse Generic10.AGFO Object was moved to Virus Vault.
E:\System Volume Information\ Locked file. Not tested.

------------------------------------------------------------
Objects scanned : 1059913
Found infections : 4
Found PUPs : 0
Healed infections : 4
Healed PUPs : 0
Warnings : 0
------------------------------------------------------------

Ja HiJackThis loki:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:45:36, on 16.7.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
C:\Program Files\ASUS\AASP\1.00.32\aaCenter.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\F-Secure\common\FSM32.EXE
C:\Program Files\anysee\anysee-E30C Plus\anysee_CR.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Topro\TP6810\tppoll10.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Voima Mipe\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 212.162.52.233 irc.westwood.com
O1 - Hosts: 212.162.52.233 servserv.westwood.com
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: qndsfmao - {A8160B32-92A5-48CB-839D-D4C5D05054E4} - C:\Windows\qndsfmao.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [anysee_CR] C:\Program Files\anysee\anysee-E30C Plus\anysee_CR.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TPPOLL10] C:\Program Files\TOPRO\TP6810\TPPOLL10.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [Windows svchost] service.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Päivitys] C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: F-Secure Automatic Update.lnk = ?
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: evgratsm - {423F8C44-E0C4-4B7B-A526-DDDAA8B118F5} - C:\Windows\evgratsm.dll
O21 - SSODL: kvxqmtre - {A2D14308-F8F2-4B03-B793-A6C516EECFF6} - C:\Windows\kvxqmtre.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\Windows\system32\pr2ah4nc.exe

--
End of file - 8206 bytes

Onko kellään formatointia parempia ideoita?

 

Ajoin Combofix.exe:n ja buuttasin, molemmat ongelmat korjaantuivat.

Ts. tämä viestiketju on aivan turha.