AfterDawn.com Mainosta sivuillamme
User Käyttäjä Salasana  
  Puuttuuko tunnus? Liity jäseneksi nyt!.
Salasana hukassa? Klikkaa tästä. 		 
  Etusivu   Uutiset   Oppaat   Ohjelmat   Sanasto   Laitevertailu   Profiilit   Keskustelu  
 Yksityisviestit     Luo uusi yksityisviesti     Kaikki uudet viestit     Ilman vastauksia olevat viestiketjut     Hae viestejä
keskiviikko 15.1.2025 / 21:55
Hae keskustelualueilta:        In English   Suomeksi   På svenska
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > todella hidas kone,pöpöt poistettu,silti hidas
Näytä aiheet
 
Keskustelualueet
Keskustelualueet
Todella hidas kone,pöpöt poistettu,silti hidas
  Siirry:
 
Kirjoittaja Viesti
Miccis
Member
_ 		5. joulukuuta 2012 @ 13:27 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Kone tökki ja hidasteli ja sekoili joten skannasin koneen ja pöpöjä löytyi. Poistin pöpöt onnistuneesti, mutta kone tökkii ja hidastelee edelleen.
Tässä lokit:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Tietokantaversio: v2012.12.03.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
HP_Omistaja :: KOTIKONE [järjestelmänvalvoja]

3.12.2012 16:22:35
mbam-log-2012-12-03 (16-22-35).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|E:\|K:\|)
Tarkistussuodattimia valittu: Muisti | Käynnistys | Rekisteri | Tietojärjestelmä | Heuristinen/Shuriken | Mahdollisesti haitallinen ohjelma | Mahdollisesti haitallinen muutos
Käytöstä poistetut tarkistusvalinnat: Heuristinen/Ylimäärinen | Vertaisverkko (Peer-to-Peer)
Tarkistettuja kohteita: 133160
Kulunut aika: 2 tunti(a), 33 minuutti(a), 31 sekunti(a)

Epäilyttäviä muistiprosesseja: 0
(Ei haitallisia kohteita)

Epäilyttäviä muistimoduuleja: 0
(Ei haitallisia kohteita)

Epäilyttäviä rekisteriavaimia: 0
(Ei haitallisia kohteita)

Epäilyttäviä rekisteriarvoja: 0
(Ei haitallisia kohteita)

Epäilyttäviä rekisterikohteita: 0
(Ei haitallisia kohteita)

Epäilyttäviä kansioita: 2
C:\Documents and Settings\All Users\Application Data\IBUpdaterService (PUP.InstallBrain) -> Karanteenattu ja poistettu onnistuneesti.
C:\Program Files\Savings Sidekick (PUP.CrossRider.SSK) -> Karanteenattu ja poistettu onnistuneesti.

Epäilyttäviä tiedostoja: 7
C:\Documents and Settings\All Users\Application Data\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Karanteenattu ja poistettu onnistuneesti.
C:\Documents and Settings\HP_Omistaja\Local Settings\Application Data\ftq.exe (Trojan.Ransom) -> Karanteenattu ja poistettu onnistuneesti.
C:\Documents and Settings\HP_Omistaja\Local Settings\Application Data\Savings Sidekick\Chrome\Savings Sidekick.crx (PUP.CrossRider.SSK) -> Karanteenattu ja poistettu onnistuneesti.
C:\Program Files\Savings Sidekick\Savings SidekickInstaller.log (PUP.CrossRider.SSK) -> Karanteenattu ja poistettu onnistuneesti.
C:\Program Files\Savings Sidekick\ButtonUtil.dll (PUP.CrossRider.SSK) -> Karanteenattu ja poistettu onnistuneesti.
C:\Program Files\Savings Sidekick\Savings Sidekick.ico (PUP.CrossRider.SSK) -> Karanteenattu ja poistettu onnistuneesti.
C:\Program Files\Savings Sidekick\Savings Sidekick.ini (PUP.CrossRider.SSK) -> Karanteenattu ja poistettu onnistuneesti.

(loppu)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:24:20, on 5.12.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\HP_Omistaja\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup...b?1346051997343
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4915 bytes
[ + lainaa]
kalminen
AfterDawn Addict
_ 		6. joulukuuta 2012 @ 12:27 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
.
Ole hyvä ja lataa Combofix yhdestä alla olevista linkeistä:

Linkki 3

* TÄRKEÄÄ !!! Tallenna ComboFix.exe työpöydällesi

* Sulje/ota pois päältä kaikki virustorjunta- ja haittaohjelmien poisto-ohjelmat, jotta ne eivät häiritse ComboFixin ajoa.
(ei palomuuria)
* Tuplaklikkaa Combofix.exe ja noudata ohjeita.

* Osana skannausta Combofix tarkistaa onko palautuskonsoli asennettuna. Nykypäivän haittaohjelmien takia on erittäin suositeltua olla asennettuna palautuskonsoli ennen haittaohjelmien poistoa. Windowsin palautuskonsoli mahdollistaa käynnistyksen erityiseen palautustilaan. Palautuskonsolin kautta voimme auttaa sinua helpommin mikäli haittaohjelmien poiston yhteydessä ilmenee ongelmia.

* Seuraa ohjeita ja salli Combofixin ladata ja asentaa Microsoftin palautuskonsoli, ja kun pyydetään, hyväksy ohjelman takuuehdot asentaaksesi palautuskonsolin.

**Huomaa: Jos palautuskonsoli on jo asennettuna, Combofix jatkaa eteenpäin.




Kun Microsoftin palautuskonsoli on asennettu, sinun pitäisi nähdä seuraava viesti:




Klikkaa Kyllä jatkaaksesi skannausta.

Varoitus: ÄLÄ aja ComboFixia ilman valvontaa. Se ei ole lelu ja sitä ei tule käyttää rutiininomaisesti päivittäin.

Jos tarvitset apua, katso yksityiskohtaisempi ohje:
http://www.bleepingcomputer.com/combofix/fi/combofixin-kayttoohje

Kun ComboFix on valmis, se luo raportin. Ole hyvä ja kopioi/liitä
seuraavat raportit vastaukseesi:

C:\ComboFix.txt

-------------------------------------------------------

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut rivit
(HJT sammuttaa ohjelman ei poista)

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')

sekä sammuta ne.(fix Chekked) napista.

----------------------------------------------------

Tyhjennä roskakori ja Käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* C:\ComboFix.txt raportti
*
* Mikä on tilanne ???
*
:)
[ + lainaa]
(:)
Miccis
Member
_ 		6. joulukuuta 2012 @ 15:37 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Hidas tää on edelleen. Tässä lokit:

ComboFix 12-12-04.01 - HP_Omistaja 06.12.2012 14:45:17.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.358.1035.18.1919.1352 [GMT 2:00]
Sijainti: c:\documents and settings\HP_Omistaja\Omat tiedostot\Lataukset\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
* Uusi palautuspiste luotu
.
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\HP_Omistaja\Local Settings\Application Data\6o4v7yr6ikfw18072u
c:\documents and settings\HP_Omistaja\Local Settings\Application Data\Savings Sidekick
c:\documents and settings\HP_Omistaja\WINDOWS
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\ps2.bat
c:\windows\system32\sp
c:\windows\system32\sqlite3.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
E:\Autorun.inf
.
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2012-11-06 to 2012-12-06 )))))))))))))))))
.
.
2012-12-06 12:40 . 2012-12-06 12:40 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05BDDD52-BFF5-48F6-9FD4-17DF2C7C90D7}\MpKsl614caa08.sys
2012-12-02 09:30 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05BDDD52-BFF5-48F6-9FD4-17DF2C7C90D7}\mpengine.dll
2012-12-01 08:35 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-09 10:44 . 2012-11-09 10:46 -------- d-----w- c:\documents and settings\HP_Omistaja\Application Data\Nokia
2012-11-09 10:44 . 2012-11-09 10:44 -------- d-----w- c:\documents and settings\HP_Omistaja\Application Data\PC Suite
2012-11-09 10:44 . 2012-11-09 10:44 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2012-11-09 10:43 . 2012-11-09 10:43 -------- d-----w- c:\program files\DIFX
2012-11-09 10:43 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2012-11-09 10:43 . 2012-11-09 10:43 -------- d-----w- c:\program files\PC Connectivity Solution
2012-11-09 10:43 . 2010-02-26 12:32 92672 ----a-w- c:\windows\system32\nmwcdcls.dll
2012-11-09 10:43 . 2012-11-12 12:16 -------- d-----w- c:\program files\Nokia
2012-11-09 10:41 . 2012-11-12 12:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-22 19:56 . 2012-08-04 04:06 1866624 ----a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04 . 2012-08-04 04:05 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-29 17:54 . 2012-08-27 17:44 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-24 12:32 . 2012-09-08 18:24 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 12:32 . 2012-09-08 18:24 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 10:51 . 2012-09-08 18:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-29 10:26 . 2012-10-29 10:24 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
c:\documents and settings\Default User\Käynnistä-valikko\Ohjelmat\Käynnistys\
AutoTBar.exe [2003-9-30 57344]
.
c:\documents and settings\Default User\Käynnistä-valikko\Ohjelmat\Käynnistys\
AutoTBar.exe [2003-9-30 57344]
.
c:\documents and settings\Default User\Käynnistä-valikko\Ohjelmat\Käynnistys\
AutoTBar.exe [2003-9-30 57344]
.
c:\documents and settings\Default User\Käynnistä-valikko\Ohjelmat\Käynnistys\
AutoTBar.exe [2003-9-30 57344]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\RevConnect\\DCPlusPlus.exe"=
"c:\\Documents and Settings\\HP_Omistaja\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
.
R1 MpKsl614caa08;MpKsl614caa08;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05BDDD52-BFF5-48F6-9FD4-17DF2C7C90D7}\MpKsl614caa08.sys [6.12.2012 14:40 29904]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [18.10.2011 2:43 78136]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [5.9.2012 21:15 23456]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [18.10.2011 2:43 181432]
.
--- Muut muistissa olevat ajurit/palvelut ---
.
*NewlyCreated* - MPKSL614CAA08
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
'Ajoitetut tehtävät'-kansion sisältö
.
2012-12-06 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 14:25]
.
.
------- Täydentävä tarkistus -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q105&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q105&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\HP_Omistaja\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.100.1
FF - ProfilePath - c:\documents and settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\xhxh9xho.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.suomi24.fi/
FF - ExtSQL: 2012-10-22 17:40; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: !HIDDEN! 2012-09-07 14:15; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-06 14:50
Windows 5.1.2600 Service Pack 3 NTFS
.
tarkistaa piilotettuja prosesseja ...
.
tarkistaa piilotettuja käynnistysarvoja ...
.
tarkistaa piilotettuja tiedostoja ...
.
tarkistus on valmis
piilotetut tiedostot: 0
.
**************************************************************************
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\???|’’’’"??|ž»Ów*]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"
.
Valmistumisajankohta: 2012-12-06 14:52:08
ComboFix-quarantined-files.txt 2012-12-06 12:52
.
Ennen ajoa: 55 769 980 928 tavua vapaana
Ajon jälkeen: 55 831 891 968 tavua vapaana
.
- - End Of File - - 59E92DFA3944362B2EFB2EC2495C345C


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:36:19, on 6.12.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\HP_Omistaja\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup...b?1346051997343
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4141 bytes
[ + lainaa]
kalminen
AfterDawn Addict
_ 		7. joulukuuta 2012 @ 13:08 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
.
Aika kasa pöpöjä silltä löytyi vieläkin !!!

Sulla on tuo Suomi24 onko sieltä pomppinut mainoksia ???

Jollain OnLine scannerilla kannattaisi vielä varmistaa =>

Lataa työpöydälle ja asenna => Tämä ensin

Tarkista koneesi F-Securen online skannerilla

- Valitse kieli: Suomi
- Laita ruxi => Olen lukenut käyttöoikeusehdot ja hyväksyn ne
- Klikkaa nappia => Suorita tarkistus
- Laita pallukka => Täysi tarkistus kohtaan
- Klikkaa Käynnistä nappulaa.

* Jos viruksia löytyi
* Jos viruksia löytyi Puhdista tiedostot -kohdan merkki on kohdassa: "Automaattinen" ja paina "Seuraava".
* Kun puhdistus on suoritettu paina "Täysi raportti". Raportti aukeaa selaimeesi.
Mene raportti sivulle ja paina Ctrl ja A maalataksesi koko sivuston tekstin
ja paina Ctrl ja C kopioidaksesi maalatun tekstin.

* Liitä F-securen skannaus raportti seuraavaan viestiisi painamalla Ctrl ja V vastaus kenttään.

:)
[ + lainaa]
(:)
Miccis
Member
_ 		9. joulukuuta 2012 @ 19:17 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Suomi24 ei pompi mitään,mut joiltain muilta sivustoilta kylläkin.
Tällänen raportti:

Tarkistusraportti
Sunnuntai, Joulukuu 9, 2012 18:02:31 - 19:02:22

Tietokoneen nimi: KOTIKONE
Tarkistuksen tyyppi: Tarkista järjestelmä haitta-, vakoilu- ja rootkit-ohjelmien varalta
Kohde: C:\ D:\ E:\ K:\
Haittaohjelmia ei löytynyt
Tilastot
Tarkistettu:

Tiedostot: 48718
Järjestelmä: 3458
Ei tarkistettu: 10

Toimenpiteet:

Puhdistettu: 0
Nimetty uudelleen: 0
Poistettu: 0
Ei puhdistettu: 0
Lähetetty: 0

Tarkistamattomat tiedostot:

C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\QOOBOX\BACKENV\VIKPEV00
C:\QOOBOX\BACKENV\SETPATH.BAT
C:\DOCUMENTS AND SETTINGS\HP_OMISTAJA\LOCAL SETTINGS\TEMP\HSPERFDATA_HP_OMISTAJA\3436

Valinnat
Tarkistusohjelmat:

Tarkistusvalinnat:

Tarkista määritetyt tiedostot COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR TMP
Käytä lisäheuristiikkaa

Copyright © 1998-2009 Tuotetuki | Lähetä virusesimerkki F-Securelle
F-Secure ei ole vastuussa kolmansien osapuolten luomasta tai julkaisemasta materiaalista, johon on linkkejä F-Securen WWW-sivuilla. Ellet muutoin erikseen ilmoita, hyväksyt, että esimerkiksi sähköpostitse tai F-Securen CGI-sähköpostin kautta palvelimiimme lähetetty materiaali voidaan julkaista F-Securen WWW-sivuilla tai painetuissa julkaisuissa. Voit tarkastella F-Securen julkista Web-sivustoa napsauttamalla alleviivattuja linkkejä. Kun teet näin, käyntisi ja toimialueesi nimi kirjataan salassa pidettäviin käyttötilastoihin. Näitä tietoja ei luovuteta kolmansille osapuolille. Hyväksyt, ettet ryhdy toimiin meitä vastaan lähettämäsi materiaalin osalta. Ellet muutoin erikseen ilmoita, materiaalia lähettämällä oikeutat F-Securen käyttämään materiaalissa mainittuja asioita F-Securen tuotteissa/julkaisussa ilman vastuuvelvollisuutta.
[ + lainaa]
kalminen
AfterDawn Addict
_ 		10. joulukuuta 2012 @ 12:26 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
.
Ei viruksia enään. (puhdas)

OTL:llä sitä voi vielä siivoilla jos haluat ???

:)
[ + lainaa]
(:)
Miccis
Member
_ 		10. joulukuuta 2012 @ 19:51 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
OTL???
[ + lainaa]
kalminen
AfterDawn Addict
_ 		11. joulukuuta 2012 @ 13:46 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
.
Lataa työpöydälle => TÄMÄ OTL.exe
* Sulje kaikki päälläolevat ikkunat ja sovellukset. (ei virustorjuntaa)
* XP:ssä Tuplaklikkaa OTL.exeä käynnistääksesi OTListIt:n.
* Vista/7:ssa käynnistät OTL.exen = tee se hiiren oikealla napilla
ja valitset Suorita Järjestelmänvalvojana

* Laita siihen ruxit kuvan mukaan.




* Klikkaa Run Scan nappulaa.
* Kun tarkistus on valmis, OTListIt luo kaksi tekstitiedostoa työpöydälle, tai alapalkkiin OTListIt.Txt ja Extras.txt

* Kopioi ja lähetä tiedostojen sisältö tänne.
[ + lainaa]
(:)
Miccis
Member
_ 		14. joulukuuta 2012 @ 15:49 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
OTL logfile created on: 14.12.2012 15:41:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\HP_Omistaja\Omat tiedostot\Lataukset
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040B | Country: Suomi | Language: FIN | Date Format: d.M.yyyy

1,87 Gb Total Physical Memory | 1,42 Gb Available Physical Memory | 75,93% Memory free
3,72 Gb Paging File | 3,41 Gb Available in Paging File | 91,65% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70,91 Gb Total Space | 51,64 Gb Free Space | 72,82% Space Free | Partition Type: NTFS
Drive D: | 111,78 Gb Total Space | 92,38 Gb Free Space | 82,64% Space Free | Partition Type: NTFS
Drive E: | 3,63 Gb Total Space | 0,52 Gb Free Space | 14,22% Space Free | Partition Type: FAT32
Drive K: | 465,76 Gb Total Space | 211,64 Gb Free Space | 45,44% Space Free | Partition Type: NTFS

Computer Name: KOTIKONE | User Name: HP_Omistaja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012.12.14 15:38:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Omistaja\Omat tiedostot\Lataukset\OTL.exe
PRC - [2012.12.07 13:51:49 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012.09.12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012.09.12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2008.04.14 08:12:12 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012.05.30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.05.30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.12.07 13:51:49 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012.12.06 20:29:10 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.08.28 20:36:58 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\HP_OMI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012.09.05 21:15:31 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2011.10.18 02:43:42 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2011.10.18 02:43:42 | 000,078,136 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.01.27 20:40:48 | 000,041,160 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2004.10.01 19:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2004.09.30 00:55:50 | 000,229,888 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004.09.24 12:38:40 | 000,012,928 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2004.08.04 06:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004.06.29 19:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004.05.08 19:21:44 | 000,035,840 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2003.09.19 08:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003.07.18 18:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (SISAGP)
DRV - [2003.07.12 00:28:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2001.06.04 15:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=...lion&pf=desktop
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3426104997-1338653425-2505727350-1007\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3426104997-1338653425-2505727350-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3426104997-1338653425-2505727350-1007\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.as...&ctid=CT3220468
IE - HKU\S-1-5-21-3426104997-1338653425-2505727350-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3426104997-1338653425-2505727350-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://www.suomi24.fi/"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?barid={3C7485CF-3FB4-11E2-B0F3-0011D8B34B6D}&src=2&crg=3.1010000.00000&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.09.07 13:15:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.06 20:29:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.09.07 13:15:33 | 000,000,000 | ---D | M]

[2012.08.26 23:13:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Extensions
[2012.12.06 16:58:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\xhxh9xho.default\extensions
[2012.12.06 16:50:26 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\xhxh9xho.default\searchplugins\sweetim.xml
[2012.12.06 20:27:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.12.06 20:27:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.12.06 20:27:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.09.01 11:23:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.12.06 20:29:12 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.09.01 20:02:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.12.06 20:28:05 | 000,002,275 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bookplus-fi.xml
[2012.12.06 20:28:05 | 000,001,185 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-fi.xml
[2012.12.06 20:28:05 | 000,001,396 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fi.xml
[2012.12.06 20:28:05 | 000,001,313 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-fi.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

O1 HOSTS File: ([2012.12.06 14:50:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKU\S-1-5-21-3426104997-1338653425-2505727350-1007\..\Toolbar\ShellBrowser: (HP-näkymä) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-3426104997-1338653425-2505727350-1007\..\Toolbar\WebBrowser: (HP-näkymä) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - Startup: C:\Documents and Settings\Default User\Käynnistä-valikko\Ohjelmat\Käynnistys\AutoTBar.exe (Hewlett-Packard)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3426104997-1338653425-2505727350-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3426104997-1338653425-2505727350-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3426104997-1338653425-2505727350-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3426104997-1338653425-2505727350-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\HP_Omistaja\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/wind...b?1346051459265 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup...b?1346051997343 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/aut...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta...indows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8A76057-DABA-47DD-88B0-7F8E2D946899}: DhcpNameServer = 192.168.100.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Nykyinen kotisivu) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Omistaja\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Omistaja\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.12.14 00:43:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001.07.28 06:07:38 | 000,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012.12.12 18:05:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\VideoLAN
[2012.12.07 13:58:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Omistaja\Application Data\f-secure
[2012.12.07 13:58:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2012.12.07 13:54:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Omistaja\Local Settings\Application Data\Sun
[2012.12.07 13:52:13 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012.12.07 13:52:07 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012.12.07 13:52:07 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012.12.07 13:52:07 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012.12.07 13:30:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Omistaja\Recent
[2012.12.06 20:27:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.12.06 16:50:09 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM
[2012.12.06 15:30:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.12.06 14:43:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.12.06 14:43:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.12.06 14:43:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.12.06 14:43:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.12.06 14:40:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.06 14:40:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Omistaja\Käynnistä-valikko\Ohjelmat\Valvontatyökalut
[2012.12.06 14:40:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012.12.14 13:38:02 | 000,000,406 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012.12.14 13:28:10 | 000,000,245 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2012.12.14 13:27:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.12.14 13:27:38 | 2012,794,880 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.13 14:10:21 | 000,220,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.12.13 13:40:03 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.12.09 19:41:32 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.12.07 13:51:52 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012.12.07 13:51:48 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012.12.07 13:51:47 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012.12.07 13:51:47 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012.12.07 13:51:47 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012.12.07 13:51:46 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012.12.07 13:26:44 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\All Users\Työpöytä\CCleaner.lnk
[2012.12.06 14:50:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.12.03 16:21:15 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Työpöytä\Malwarebytes Anti-Malware.lnk
[2012.12.02 21:20:03 | 000,005,720 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\6o4v7yr6ikfw18072u
[2012.11.16 14:43:13 | 000,442,624 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.11.16 14:43:13 | 000,438,336 | ---- | M] () -- C:\WINDOWS\System32\perfh00B.dat
[2012.11.16 14:43:13 | 000,095,532 | ---- | M] () -- C:\WINDOWS\System32\perfc00B.dat
[2012.11.16 14:43:13 | 000,071,890 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012.12.13 13:37:59 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012.12.06 14:43:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.12.06 14:43:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.12.06 14:43:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.12.06 14:43:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.12.06 14:43:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.12.02 21:18:50 | 000,005,720 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6o4v7yr6ikfw18072u
[2012.09.16 10:25:28 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\HP_Omistaja\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.07 15:26:51 | 000,000,391 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012.09.07 13:08:50 | 000,179,391 | ---- | C] () -- C:\WINDOWS\hpoins36.dat
[2012.09.07 13:08:50 | 000,000,578 | ---- | C] () -- C:\WINDOWS\hpomdl36.dat
[2012.09.05 15:42:58 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012.09.03 11:30:44 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012.09.03 09:21:43 | 000,000,002 | -HS- | C] () -- C:\Documents and Settings\HP_Omistaja\Application Data\.zreglib
[2012.09.01 13:36:32 | 000,000,085 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2012.08.27 18:36:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.08.26 22:40:29 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\HP_Omistaja\Local Settings\Application Data\fusioncache.dat
[2012.08.04 06:05:23 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2012.08.04 06:05:23 | 000,243,832 | ---- | C] () -- C:\WINDOWS\System32\perfi00B.dat
[2012.08.04 06:05:23 | 000,034,270 | ---- | C] () -- C:\WINDOWS\System32\perfd00B.dat
[2012.08.04 06:05:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2012.08.04 06:05:19 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2012.08.04 06:05:15 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2012.08.04 06:05:10 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2012.08.04 06:04:45 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2012.08.04 06:04:45 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2012.08.04 06:02:55 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2012.08.04 06:02:29 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2005.01.01 17:18:51 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 08:11:46 | 001,498,624 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:54:17 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 08:11:58 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >


OTL Extras logfile created on: 14.12.2012 15:41:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\HP_Omistaja\Omat tiedostot\Lataukset
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040B | Country: Suomi | Language: FIN | Date Format: d.M.yyyy

1,87 Gb Total Physical Memory | 1,42 Gb Available Physical Memory | 75,93% Memory free
3,72 Gb Paging File | 3,41 Gb Available in Paging File | 91,65% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70,91 Gb Total Space | 51,64 Gb Free Space | 72,82% Space Free | Partition Type: NTFS
Drive D: | 111,78 Gb Total Space | 92,38 Gb Free Space | 82,64% Space Free | Partition Type: NTFS
Drive E: | 3,63 Gb Total Space | 0,52 Gb Free Space | 14,22% Space Free | Partition Type: FAT32
Drive K: | 465,76 Gb Total Space | 211,64 Gb Free Space | 45,44% Space Free | Partition Type: NTFS

Computer Name: KOTIKONE | User Name: HP_Omistaja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3426104997-1338653425-2505727350-1007\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes -- (Apple Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour-palvelu -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\RevConnect\DCPlusPlus.exe" = C:\Program Files\RevConnect\DCPlusPlus.exe:*:Enabled:DC++ -- ()
"C:\Documents and Settings\HP_Omistaja\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\HP_Omistaja\Application Data\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\WINDOWS\system32\dxdiag.exe" = C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool -- (Microsoft Corporation)
"C:\Documents and Settings\HP_Omistaja\Local Settings\temp\app3F.exe" = C:\Documents and Settings\HP_Omistaja\Local Settings\temp\app3F.exe:*:Enabled:InHouseSDM Setup


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1CA3A991-B03D-4C92-9922-315E5434E87B}" = PS_AIO_05_C4600_Software_Min
"{1E1746EF-F5BF-4677-8F30-04FE399130DA}" = HP Photosmart C4600 All-In-One Driver Software 14.0 Rel. 5
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{28CFF19D-B92C-4109-A427-F75505E81688}" = cp_dwSharkTaleAlbums1
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C940b-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FCD82D-1CED-436d-B33C-874EEC666D68}" = cp_dwSharkTaleCards1
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06
"{4538A1AF-6894-4F10-ABDA-6CB9E6ACF8B6}" = Microsoft .NET Framework 1.1 Finnish Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C04DF1B-6A39-4299-9DD1-1FA60000266E}" = HP Photosmart -kamerat 4.0
"{55508A44-8225-47AB-9666-1F57A5B5CE2E}" = CP_PLSBusinessFlyers
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6B350CA4-0031-0002-3757-34999AD85AEC}" = InterVideo WinDVD Creator
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{725249C3-B94C-4141-8799-0D3BA43D0812}" = CameraDrivers
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B98685A-4E21-4A4F-A2D6-DC557042BADA}" = HPIZplus450
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901E040B-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Finnish User Interface Pack
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9E0E1E3B-229C-4CF9-8A39-4455477327E4}" = C4600
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.0
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}" = Photosmart 320,370,7400,8100,8400 Series (fin)
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1035-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Suomi
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3F058C0-A21C-452D-8D99-95B1A45F417D}" = InterVideo DiscLabel
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0420D64-8D33-4374-A2B2-9225C7925CA6}" = HP Image Zone Plus 4.5.3
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"504244733D18C8F63FF584AEB290E3904E791693" = Windowsin ohjainpaketti - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"AnyDVD" = AnyDVD
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"DriverAgent.exe" = DriverAgent by eSupport.com
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.30.903
"Google Chrome" = Google Chrome
"Help and Support Additions" = Help and Support Additions
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo & Imaging" = HP Image Zone 4.5.3
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versio 1.65.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 17.0.1 (x86 fi)" = Mozilla Firefox 17.0.1 (x86 fi)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"QuickTime" = QuickTime
"ReverseConnect" = RevConnect
"Revo Uninstaller" = Revo Uninstaller 1.94
"Shop for HP Supplies" = Shop for HP Supplies
"SiS VGA Driver" = SiS VGA Utilities
"uTorrent" = µTorrent
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR-pakkausohjelma
"VLC media player" = VLC media player 2.0.4
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-3426104997-1338653425-2505727350-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 12.9.2012 6:45:43 | Computer Name = KOTIKONE | Source = crypt32 | ID = 131080
Description = Kolmannen osapuolen pääluettelojärjestyksen noutamista kohteesta <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ei voi päivittää automaattisesti. Virhe: 404 (HTTP-vastauksen tila)

Error - 16.9.2012 1:40:44 | Computer Name = KOTIKONE | Source = Application Hang | ID = 1002
Description = Lukkiutunut sovellus firefox.exe, versio 15.0.1.4631, lukkiutumismoduuli
hungapp, versio 0.0.0.0, lukkiutumisosoite 0x00000000.

Error - 16.9.2012 1:40:44 | Computer Name = KOTIKONE | Source = Application Hang | ID = 1002
Description = Lukkiutunut sovellus firefox.exe, versio 15.0.1.4631, lukkiutumismoduuli
hungapp, versio 0.0.0.0, lukkiutumisosoite 0x00000000.

Error - 16.9.2012 1:41:46 | Computer Name = KOTIKONE | Source = Application Hang | ID = 1001
Description = Vikasäiliö-1150946237.

Error - 16.9.2012 1:41:49 | Computer Name = KOTIKONE | Source = Application Hang | ID = 1001
Description = Vikasäiliö-1150946237.

Error - 16.9.2012 6:58:50 | Computer Name = KOTIKONE | Source = Application Hang | ID = 1002
Description = Lukkiutunut sovellus AVIPreview.exe, versio 0.0.0.2111, lukkiutumismoduuli
hungapp, versio 0.0.0.0, lukkiutumisosoite 0x00000000.

Error - 17.9.2012 8:43:05 | Computer Name = KOTIKONE | Source = Application Error | ID = 1000
Description = Virhesovellus plugin-container.exe, versio 15.0.1.4631, moduuli xul.dll,
versio 15.0.1.4631, osoite 0x00985d18.

Error - 17.9.2012 8:43:12 | Computer Name = KOTIKONE | Source = Application Error | ID = 1001
Description = Vikasäiliö-1150649306.

Error - 27.9.2012 5:52:36 | Computer Name = KOTIKONE | Source = crypt32 | ID = 131080
Description = Kolmannen osapuolen pääluettelojärjestyksen noutamista kohteesta <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ei voi päivittää automaattisesti. Virhe: 404 (HTTP-vastauksen tila)

Error - 11.10.2012 13:57:14 | Computer Name = KOTIKONE | Source = Application Hang | ID = 1002
Description = Lukkiutunut sovellus firefox.exe, versio 15.0.1.4631, lukkiutumismoduuli
hungapp, versio 0.0.0.0, lukkiutumisosoite 0x00000000.

[ System Events ]
Error - 6.12.2012 10:56:56 | Computer Name = KOTIKONE | Source = Service Control Manager | ID = 7023
Description = Palvelu Sovellusten hallinta lopetettiin virheen takia. Virhe: %%126

Error - 6.12.2012 10:56:56 | Computer Name = KOTIKONE | Source = Service Control Manager | ID = 7023
Description = Palvelu Sovellusten hallinta lopetettiin virheen takia. Virhe: %%126

Error - 6.12.2012 10:56:56 | Computer Name = KOTIKONE | Source = Service Control Manager | ID = 7023
Description = Palvelu Sovellusten hallinta lopetettiin virheen takia. Virhe: %%126

Error - 6.12.2012 10:56:57 | Computer Name = KOTIKONE | Source = Service Control Manager | ID = 7023
Description = Palvelu Sovellusten hallinta lopetettiin virheen takia. Virhe: %%126

Error - 10.12.2012 7:55:28 | Computer Name = KOTIKONE | Source = W32Time | ID = 39452689
Description = Aikatoimittajan NTP-asiakas: Manuaalisesti määritetyn vertaisjärjestelmän
"time.windows.com,0x1" DNS-nimiselvityksen yhteydessä tapahtui virhe. NTP-asiakas
yrittää uudelleen 15 minuutin kuluttua. Virhe: Vastaketoimintoa yritettiin palvelimessa,
johon ei voi muodostaa yhteyttä. (0x80072751)

Error - 10.12.2012 7:55:28 | Computer Name = KOTIKONE | Source = W32Time | ID = 39452701
Description = Aikatoimittajan NTP-asiakas on määritetty hakemaan aika vähintään
yhdestä aikalähteestä, mutta yksikään lähde ei ole käytettävissä. Aikalähteeseen
ei yritetä muodostaa yhteyttä 14 minuuttiin. NTP-asiakkaan käytettävissä ei ole
tarkkaa aikalähdettä.

Error - 11.12.2012 6:57:53 | Computer Name = KOTIKONE | Source = W32Time | ID = 39452689
Description = Aikatoimittajan NTP-asiakas: Manuaalisesti määritetyn vertaisjärjestelmän
"time.windows.com,0x1" DNS-nimiselvityksen yhteydessä tapahtui virhe. NTP-asiakas
yrittää uudelleen 15 minuutin kuluttua. Virhe: Vastaketoimintoa yritettiin palvelimessa,
johon ei voi muodostaa yhteyttä. (0x80072751)

Error - 11.12.2012 6:57:53 | Computer Name = KOTIKONE | Source = W32Time | ID = 39452701
Description = Aikatoimittajan NTP-asiakas on määritetty hakemaan aika vähintään
yhdestä aikalähteestä, mutta yksikään lähde ei ole käytettävissä. Aikalähteeseen
ei yritetä muodostaa yhteyttä 14 minuuttiin. NTP-asiakkaan käytettävissä ei ole
tarkkaa aikalähdettä.

Error - 13.12.2012 8:17:07 | Computer Name = KOTIKONE | Source = W32Time | ID = 39452689
Description = Aikatoimittajan NTP-asiakas: Manuaalisesti määritetyn vertaisjärjestelmän
"time.windows.com,0x1" DNS-nimiselvityksen yhteydessä tapahtui virhe. NTP-asiakas
yrittää uudelleen 15 minuutin kuluttua. Virhe: Vastaketoimintoa yritettiin palvelimessa,
johon ei voi muodostaa yhteyttä. (0x80072751)

Error - 13.12.2012 8:17:07 | Computer Name = KOTIKONE | Source = W32Time | ID = 39452701
Description = Aikatoimittajan NTP-asiakas on määritetty hakemaan aika vähintään
yhdestä aikalähteestä, mutta yksikään lähde ei ole käytettävissä. Aikalähteeseen
ei yritetä muodostaa yhteyttä 14 minuuttiin. NTP-asiakkaan käytettävissä ei ole
tarkkaa aikalähdettä.


< End of report >
[ + lainaa]
kalminen
AfterDawn Addict
_ 		15. joulukuuta 2012 @ 13:33 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
.
Mene Windowsin ControlPaneliin (Ohjauspaneli) ja sieltä Lisää / Poista sovellus
Vistassa (7) Ohjelmat ja toiminnot
Etsi ja poista ohjelma jonka nimessä on:

Java(TM) 6 Update 37
Java 2 Runtime Environment, SE v1.4.2_03

-----------------------------------------------------------

Kopioi alla olevasta laatikosta kaikki muistiin. (Ctrl+C) 


:OTL

FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?barid={3C7485CF-3FB4-11E2-B0F3-0011D8B34B6D}&src=2&crg=3.1010000.00000&q="

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta...indows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta...indows-i586.cab (Java Plug-in 1.6.0_37)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta...indows-i586.cab (Java Plug-in 1.6.0_37)

[2012.12.07 13:58:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Omistaja\Application Data\f-secure

[2012.12.07 13:58:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure

[2012.12.06 16:50:09 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM

[2012.12.06 14:40:36 | 000,000,000 | ---D | C] -- C:\Qoobox



:files

C:\Documents and Settings\All Users\Application Data\F-Secure

C:\Documents and Settings\All Users\Application Data\F-Secure

C:\Program Files\SweetIM

C:\Qoobox



:services

HidServ

AppMgmt

WDICA

PDRFRAME

PDRELI

PDFRAME

PDCOMP

PCIDump

lbrtfdc

i2omgmt

Changer

catchme



:commands

[EMPTYTEMP]

Käynnistä OTL.EXE ohjelma. (Vista / 7 tee hiiren kakkosnapilla ja JV:nä)
Liitä muistista texti OTL:n valkoiseen laatikkoon (Custom Scans/Fixes)
Paina sitten Run Fix nappia
Lopuksi se pyytää koneen ReStarttia => OK
Logi aukeaa muistioon josta kopioit sen viestiisi.

:)
[ + lainaa]
(:)
Miccis
Member
_ 		15. joulukuuta 2012 @ 18:07 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
All processes killed
========== OTL ==========
Prefs.js: "http://search.sweetim.com/search.asp?barid={3C7485CF-3FB4-11E2-B0F3-0011D8B34B6D}&src=2&crg=3.1010000.00000&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Documents and Settings\HP_Omistaja\Application Data\f-secure folder moved successfully.
C:\Documents and Settings\All Users\Application Data\F-Secure\Daas2\cert folder moved successfully.
C:\Documents and Settings\All Users\Application Data\F-Secure\Daas2 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\F-Secure folder moved successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT folder moved successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer folder moved successfully.
C:\Program Files\SweetIM\Toolbars folder moved successfully.
C:\Program Files\SweetIM folder moved successfully.
C:\Qoobox\Quarantine\Registry_backups folder moved successfully.
C:\Qoobox\Quarantine\E folder moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp folder moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\sp folder moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\config\systemprofile\WINDOWS folder moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\config\systemprofile folder moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\config folder moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32 folder moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\HP_Omistaja\WINDOWS folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\HP_Omistaja\Local Settings\Application Data\Savings Sidekick folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\HP_Omistaja\Local Settings\Application Data folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\HP_Omistaja\Local Settings folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\HP_Omistaja folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Default User\WINDOWS folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Default User folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings folder moved successfully.
C:\Qoobox\Quarantine\C folder moved successfully.
C:\Qoobox\Quarantine folder moved successfully.
Folder move failed. C:\Qoobox\BackEnv scheduled to be moved on reboot.
C:\Qoobox folder moved successfully.
========== FILES ==========
File\Folder C:\Documents and Settings\All Users\Application Data\F-Secure not found.
File\Folder C:\Documents and Settings\All Users\Application Data\F-Secure not found.
File\Folder C:\Program Files\SweetIM not found.
File\Folder C:\Qoobox not found.
========== SERVICES/DRIVERS ==========
Service HidServ stopped successfully!
Service HidServ deleted successfully!
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
Service catchme stopped successfully!
Service catchme deleted successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 11358 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: HP_Omistaja
->Temp folder emptied: 558698024 bytes
->Temporary Internet Files folder emptied: 996704 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 448177989 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1543 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 59770 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 144985 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 730 bytes

Total Files Cleaned = 962,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12152012_164914

Files\Folders moved on Reboot...
File\Folder C:\Qoobox\BackEnv not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
[ + lainaa]
kalminen
AfterDawn Addict
_ 		15. joulukuuta 2012 @ 18:18 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
.
Miltäs se kone nyt tuntuu ???
:)
[ + lainaa]
(:)
Miccis
Member
_ 		15. joulukuuta 2012 @ 21:20 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Selain on edeleen pirun hidas. Koneen käynnistäminen kestää ja netin avaamiseen menee varmaan minuutti. Siis koneen avaamisen jälkeen. Sivujen aukeeminenkin kestää jokseenkin kauan. Verrattuna nyt mitä oon muilla koneilla käynyt. Onhan tää vanha vempele, mut ei kai sen pitäis ihan näin vaikuttaa?
[ + lainaa]
kalminen
AfterDawn Addict
_ 		16. joulukuuta 2012 @ 14:03 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
.
Virukset ja roskat on poistettu !!!
Etänä sille en muuta voi.

Tutustu nekon ohjeisiin koneen nopeuttamiseksi => TÄÄLLTÄ

:)
[ + lainaa]
(:)
Mainos
_ 		__
 
_
Miccis
Member
_ 		17. joulukuuta 2012 @ 12:12 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Ok. Täytynee käydä sieltä katsastamassa lisää. Iso Kiitos sulle avusta.
[ + lainaa]
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > todella hidas kone,pöpöt poistettu,silti hidas
 

Apua ongelmiin: AfterDawnin keskustelualueet | AfterDawnin Vastaukset
Uutiset: IT-alan uutiset | Uutisia puhelimista
Musiikkia: MP3Lizard.com
Tuotearviot: Laitevertailu | Vertaa puhelimia | Vertaa kännykkäliittymiä
Pelit: Pelitiedostot, pelidemot ja trailerit
Ohjelmat: download.fi | AfterDawnin ohjelma-alueet
International: AfterDawn in English | Software downloads | Free, legal MP3s | AfterDawn på svenska
RSS -syötteet: AfterDawnin uutiset | Uusimmat ohjelmapäivitykset | Keskustelualueiden viestit
Tietoja: Tietoa AfterDawn Oy:stä | Mainosta sivuillamme | Sivuston käyttöehdot ja tietoja yksityisyydensuojasta
Ota yhteyttä: Lähetä palautetta | Ota yhteyttä mainosmyyntiimme
 
  © 1999-2025 AfterDawn Oy