Apua todella tarvitaan,

Hei,

Ongelma on siinä, että streamasin videoita, jonka jälkeen avira tunnisti koneessa 6 virusta. Alkoivat putsata konetta niin, että omat tiedostot deletoitiin täysin ja vain suurin osa järjestelmän tiedostoista selvisi. Onnistuin palauttamaan järjestelmän msconfigista, jonka jälkeen meno muuttui oudoksi. Päivitin mozillan ja flash playerin, javan ja virusohjelmat ja ajoin koneeni malwarebytesillä ja näyttää puhtaalta. Saan kuitenkin ihmeellisiä äänimainoksia koneelleni, vaikka itse en huomaa prosesseissa mitää ihmeellistä. Mikään webselain ei ole edes auki ja tämä voi tapahtua juuri sen jälkeen kun on käynnistänyt koneen eikä ole mitää muuta ehtinyt aloittaa. Olen suhteellisen kokenut käyttäjä mutta tämä on kyllä todella outoa. Käytän pankkitunnuksia päivittäin, joten voisiko joku varmistaa ettei logeissani ole mitää häikkää. kiitos.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:25:39, on 21.4.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Saunalahti\Avustaja\CC3Service.exe
C:\Program Files\Saunalahti\ESUS\ESUS.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\CTFMON.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: ConnectionCentreBHO - {476AAF4E-3AA2-47FE-BEDB-3B45C404513B} - C:\Program Files\Saunalahti\Avustaja\BHO\CC3IEBHO.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Saunalahti Avustaja] "C:\Program Files\Saunalahti\Avustaja\Saunalahti.exe" -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Saunalahti Avustaja Service (CC3Svc) - Unknown owner - C:\Program Files\Saunalahti\Avustaja\CC3Service.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Saunalahti Software Update Service (ESUSClient) - Unknown owner - C:\Program Files\Saunalahti\ESUS\ESUS.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 7269 bytes

 

.
HJT logilla ei näy viruksia, mutta
nykyään pöpöt ei siinä nykään.
Ovat muuttaneet tematiikkaansa.

-----------------------------

En ole kuullut, että terveet koneet juttelis omiaan.
Huolestuminen aihellista, jos ei Saunalahti ole keksinyt omiaan.

-------------------------------------

Ole hyvä ja lataa Combofix yhdestä alla olevista linkeistä:

Linkki 3

* TÄRKEÄÄ !!! Tallenna ComboFix.exe työpöydällesi

* Sulje/ota pois päältä kaikki virustorjunta- ja haittaohjelmien poisto-ohjelmat, jotta ne eivät häiritse ComboFixin ajoa.
(ei palomuuria)
* Tuplaklikkaa Combofix.exe ja noudata ohjeita.

* Osana skannausta Combofix tarkistaa onko palautuskonsoli asennettuna. Nykypäivän haittaohjelmien takia on erittäin suositeltua olla asennettuna palautuskonsoli ennen haittaohjelmien poistoa. Windowsin palautuskonsoli mahdollistaa käynnistyksen erityiseen palautustilaan. Palautuskonsolin kautta voimme auttaa sinua helpommin mikäli haittaohjelmien poiston yhteydessä ilmenee ongelmia.

* Seuraa ohjeita ja salli Combofixin ladata ja asentaa Microsoftin palautuskonsoli, ja kun pyydetään, hyväksy ohjelman takuuehdot asentaaksesi palautuskonsolin.

**Huomaa: Jos palautuskonsoli on jo asennettuna, Combofix jatkaa eteenpäin.



Kun Microsoftin palautuskonsoli on asennettu, sinun pitäisi nähdä seuraava viesti:



Klikkaa Kyllä jatkaaksesi skannausta.

Varoitus: ÄLÄ aja ComboFixia ilman valvontaa. Se ei ole lelu ja sitä ei tule käyttää rutiininomaisesti päivittäin.

Jos tarvitset apua, katso yksityiskohtaisempi ohje:
http://www.bleepingcomputer.com/combofix/fi/combofixin-kayttoohje

Kun ComboFix on valmis, se luo raportin. Ole hyvä ja kopioi/liitä
seuraavat raportit vastaukseesi:

C:\ComboFix.txt

 

Tassa olisi logi

ComboFix 11-04-20.04 - Sipa 21.04.2011 19:28:15.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.358.1035.18.3574.3121 [GMT 3:00]
Sijainti: c:\documents and settings\Sipa\Työpöytä\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
.
Saastunut kopio tiedostosta c:\windows\system32\drivers\volsnap.sys löytyi ja poistettiin
Puhdas kopio palautettiin paikasta - Kitty had a snack
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2011-03-21 to 2011-04-21 )))))))))))))))))
.
.
2011-04-21 11:15 . 2011-04-21 11:15 388096 ----a-r- c:\documents and settings\Sipa\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-21 11:15 . 2011-04-21 11:15 -------- d-----w- c:\program files\Trend Micro
2011-04-18 12:19 . 2011-04-18 12:19 -------- d-----w- c:\documents and settings\NetworkService\Application Data\McAfee
2011-04-18 12:15 . 2011-03-18 17:58 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-04-18 12:15 . 2011-03-18 17:58 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-04-18 12:15 . 2011-03-18 17:58 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-04-18 12:15 . 2011-03-18 17:58 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-04-18 12:15 . 2011-03-18 17:58 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-04-18 12:15 . 2011-03-18 17:58 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-04-18 12:15 . 2011-03-18 17:58 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-04-18 12:15 . 2011-03-18 17:58 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-04-18 12:06 . 2011-04-18 12:06 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-18 08:16 . 2010-07-19 16:18 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-07 05:33 . 2009-09-06 07:48 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2004-09-15 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:52 . 2004-09-15 12:00 1858176 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:08 . 2004-09-15 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:08 . 2004-09-15 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:08 . 2004-09-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:42 . 2004-09-15 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2004-09-15 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-09-15 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:54 . 2008-05-05 04:25 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2004-09-15 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2004-09-15 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-09-15 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2004-09-15 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-09-15 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 18:40 . 2010-07-19 17:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 16:19 . 2009-09-13 12:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2009-09-06 07:47 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-09-06 07:47 677888 ----a-w- c:\windows\system32\mstsc.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-03-18 17:58 . 2011-04-18 12:15 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{476AAF4E-3AA2-47FE-BEDB-3B45C404513B}]
2010-07-09 08:02 95024 ----a-w- c:\program files\Saunalahti\Avustaja\BHO\CC3IEBHO.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-21 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-21 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-21 137752]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-08-15 30003200]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-07 281768]
"Saunalahti Avustaja"="c:\program files\Saunalahti\Avustaja\Saunalahti.exe" [2010-07-09 234800]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
2010-01-19 21:39 3723152 ----a-w- c:\program files\Babylon\Babylon-Pro\Babylon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-30 09:35 136176 ----atw- c:\documents and settings\Sipa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid HD]
2010-05-11 14:43 6061400 ----a-w- e:\program files\Logitech\Vid\Vid.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2010-05-07 16:35 165208 ----a-w- e:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"e:\\Program Files\\Logitech\\Vid\\Vid.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [19.7.2010 19:18 135336]
R2 CC3Svc;Saunalahti Avustaja Service;c:\program files\Saunalahti\Avustaja\CC3Service.exe [9.7.2010 11:02 611120]
R2 ESUSClient;Saunalahti Software Update Service;c:\program files\Saunalahti\ESUS\ESUS.exe [29.6.2010 14:05 381776]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [6.9.2009 11:04 845184]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [5.7.2010 22:23 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [5.7.2010 22:23 8456]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 15:49 227232]
.
'Ajoitetut tehtävät'-kansion sisältö
.
2011-04-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-413027322-839522115-1004Core.job
- c:\documents and settings\Sipa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-30 09:35]
.
2011-04-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-413027322-839522115-1004UA.job
- c:\documents and settings\Sipa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-30 09:35]
.
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://www.google.fi/
uInternet Connection Wizard,ShellNext = iexplore
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
FF - ProfilePath - c:\documents and settings\Sipa\Application Data\Mozilla\Firefox\Profiles\cpeol7wx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1460988&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.ampparit.com
.
- - - - POISTETUT JÄMÄRIVIT - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-21 19:30
Windows 5.1.2600 Service Pack 3 NTFS
.
tarkistaa piilotettuja prosesseja ...
.
tarkistaa piilotettuja käynnistysarvoja ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
tarkistaa piilotettuja tiedostoja ...
.
tarkistus on valmis
piilotetut tiedostot: 0
.
**************************************************************************
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\�•€|ÿÿÿÿ"•€|þ»Ów*]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"
.
Valmistumisajankohta: 2011-04-21 19:30:50
ComboFix-quarantined-files.txt 2011-04-21 16:30
.
Ennen ajoa: 60 235 382 784 tavua vapaana
Ajon jälkeen: 60 333 101 056 tavua vapaana
.
WindowsXP-KB310994-SP2-Home-BootDisk-FIN.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - D7866D54770CEFDD9CB1ABA2E28DA798

 

.
Aina sieltä tauhkaa löytyy !!!

-------------------------

Kirjoita windowsin käynnistävalikon suorita-kenttään Combofix /uninstall paina OK

********************************************************

Lataa työpöydälle => TÄMÄ
* Sulje kaikki päälläolevat ikkunat ja sovellukset.
* Tuplaklikkaa OTL.exeä käynnistääksesi OTListIt:n.
* Laita siihen ruxit kuvan mukaan.



* Klikkaa Run Scan nappulaa.
* Kun tarkistus on valmis, OTListIt luo kaksi tekstitiedostoa työpöydälle, tai alapalkkiin OTListIt.Txt ja Extras.txt
* Kopioi ja lähetä tiedostojen sisältö tänne.


Mikä siellä on tilanne ???

 

OTL.Txt:

OTL logfile created on: 22.4.2011 11:21:21 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Sipa\Työpöytä
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040B | Country: Suomi | Language: FIN | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 85,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 59,22 Gb Free Space | 60,64% Space Free | Partition Type: NTFS
Drive E: | 244,14 Gb Total Space | 237,51 Gb Free Space | 97,28% Space Free | Partition Type: NTFS
Drive F: | 254,36 Gb Total Space | 252,01 Gb Free Space | 99,07% Space Free | Partition Type: NTFS

Computer Name: COREDUO | User Name: Sipa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.04.22 11:19:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sipa\Työpöytä\OTL.exe
PRC - [2011.03.18 20:58:47 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.03.18 11:16:33 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.11.07 12:47:14 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.11.07 12:47:14 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.07.09 11:02:26 | 000,611,120 | ---- | M] (Saunalahti) -- C:\Program Files\Saunalahti\Avustaja\CC3Service.exe
PRC - [2010.07.09 11:01:58 | 000,234,800 | ---- | M] (Saunalahti) -- C:\Program Files\Saunalahti\Avustaja\Saunalahti.exe
PRC - [2010.06.29 14:05:38 | 000,381,776 | ---- | M] () -- C:\Program Files\Saunalahti\ESUS\ESUS.exe
PRC - [2010.01.15 15:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010.01.14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008.04.14 19:12:11 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011.04.22 11:19:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sipa\Työpöytä\OTL.exe
MOD - [2010.08.23 19:12:31 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ) HID (Human Interface Device)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011.03.18 11:16:33 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.11.07 12:47:14 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.07.09 11:02:26 | 000,611,120 | ---- | M] (Saunalahti) [Auto | Running] -- C:\Program Files\Saunalahti\Avustaja\CC3Service.exe -- (CC3Svc)
SRV - [2010.06.29 14:05:38 | 000,381,776 | ---- | M] () [Auto | Running] -- C:\Program Files\Saunalahti\ESUS\ESUS.exe -- (ESUSClient)
SRV - [2010.05.07 19:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2010.01.15 15:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)


========== Driver Services (SafeList) ==========

DRV - [2011.03.18 11:16:35 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.28 11:43:29 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.07.27 11:15:20 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2010.07.27 11:14:58 | 006,842,464 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C270(UVC)
DRV - [2010.07.27 11:12:50 | 000,282,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010.07.27 11:12:26 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010.05.11 16:29:52 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2010.05.11 16:29:50 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010.05.07 19:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009.05.11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.08.07 14:14:00 | 000,111,360 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008.07.25 15:09:24 | 000,845,184 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2008.02.14 09:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2006.04.07 17:06:38 | 000,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VNUSB.sys -- (VNUSB)
DRV - [2004.08.13 13:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1957994488-413027322-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
IE - HKU\S-1-5-21-1957994488-413027322-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1460988&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "www.ampparit.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {8D03DB51-DA47-46a9-8F14-53ABE84263F5}:1.0

FF - HKLM\software\mozilla\Firefox\extensions\\{8D03DB51-DA47-46a9-8F14-53ABE84263F5}: C:\Program Files\Saunalahti\Avustaja\BHO\Firefox [2011.01.01 14:24:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.18 15:15:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.18 15:15:41 | 000,000,000 | ---D | M]

[2009.09.13 15:48:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sipa\Application Data\Mozilla\Extensions
[2011.04.19 12:05:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sipa\Application Data\Mozilla\Firefox\Profiles\cpeol7wx.default\extensions
[2010.01.21 17:09:36 | 000,000,879 | -H-- | M] () -- C:\Documents and Settings\Sipa\Application Data\Mozilla\Firefox\Profiles\cpeol7wx.default\searchplugins\conduit.xml
[2011.04.18 20:03:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.07.19 20:08:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.22 18:25:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.04.18 20:03:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\SIPA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CPEOL7WX.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\SIPA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CPEOL7WX.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2011.03.18 20:58:48 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.01 11:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 11:00:00 | 000,002,062 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bookplus-fi.xml
[2010.01.01 11:00:00 | 000,000,972 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-fi.xml
[2010.01.01 11:00:00 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fi.xml
[2010.01.01 11:00:00 | 000,001,100 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-fi.xml

O1 HOSTS File: ([2011.04.21 19:30:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (ConnectionCentreBHO Class) - {476AAF4E-3AA2-47FE-BEDB-3B45C404513B} - C:\Program Files\Saunalahti\Avustaja\BHO\CC3IEBHO.dll (Saunalahti)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O3 - HKU\S-1-5-21-1957994488-413027322-839522115-1004\..\Toolbar\ShellBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Saunalahti Avustaja] C:\Program Files\Saunalahti\Avustaja\Saunalahti.exe (Saunalahti)
O4 - Startup: C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1957994488-413027322-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1957994488-413027322-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1957994488-413027322-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-1957994488-413027322-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1957994488-413027322-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Nykyinen kotisivu) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Sipa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sipa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.09.06 10:50:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.04.22 11:19:45 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sipa\Työpöytä\OTL.exe
[2011.04.21 19:52:22 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011.04.21 19:27:37 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011.04.21 19:20:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.04.21 14:15:21 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011.04.21 14:15:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sipa\Käynnistä-valikko\Ohjelmat\HiJackThis
[2011.04.18 15:19:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\McAfee
[2011.04.18 15:05:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Sipa\Recent
[2011.04.07 16:41:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sipa\Työpöytä\album.php_tiedostot
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\Sipa\Omat tiedostot\*.tmp files -> C:\Documents and Settings\Sipa\Omat tiedostot\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Sipa\Työpöytä\*.tmp files -> C:\Documents and Settings\Sipa\Työpöytä\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.04.22 11:19:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sipa\Työpöytä\OTL.exe
[2011.04.22 11:13:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2011.04.22 11:13:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.04.21 20:58:05 | 004,550,656 | ---- | M] () -- C:\Documents and Settings\Sipa\ntuser.dat
[2011.04.21 20:58:05 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Sipa\ntuser.ini
[2011.04.21 20:40:00 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-413027322-839522115-1004UA.job
[2011.04.21 19:50:45 | 034,161,834 | -H-- | M] () -- C:\Documents and Settings\Sipa\Local Settings\Application Data\IconCache.db
[2011.04.21 19:30:05 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2011.04.21 19:30:00 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.04.21 19:27:40 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011.04.21 14:25:34 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Sipa\Työpöytä\HiJackThis.lnk
[2011.04.21 12:40:00 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-413027322-839522115-1004Core.job
[2011.04.18 19:59:20 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Sipa\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.18 15:25:55 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.04.18 15:15:50 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Sipa\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011.04.18 15:15:50 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Työpöytä\Mozilla Firefox.lnk
[2011.04.16 17:09:09 | 000,002,387 | ---- | M] () -- C:\Documents and Settings\Sipa\Työpöytä\Microsoft Word.lnk
[2011.04.15 08:51:24 | 000,137,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.04.15 00:21:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.04.07 16:41:31 | 000,143,206 | -H-- | M] () -- C:\Documents and Settings\Sipa\Työpöytä\album.php.htm
[2011.04.05 16:17:43 | 000,035,579 | -H-- | M] () -- C:\Documents and Settings\Sipa\Työpöytä\Terveyden edistäminen klk 2011.odt
[2011.04.05 10:52:54 | 000,027,384 | -H-- | M] () -- C:\Documents and Settings\Sipa\Työpöytä\AIKAS15 oikea.odt
[2011.04.02 17:26:43 | 000,027,647 | -H-- | M] () -- C:\Documents and Settings\Sipa\Työpöytä\AIKAS15.odt
[2011.03.27 14:40:37 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Sipa\Työpöytä\Google Chrome.lnk
[2011.03.27 14:40:37 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Sipa\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011.03.27 09:20:59 | 000,690,576 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2011.03.27 09:20:59 | 000,311,740 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.03.27 09:20:59 | 000,283,356 | ---- | M] () -- C:\WINDOWS\System32\perfh00B.dat
[2011.03.27 09:20:59 | 000,048,660 | ---- | M] () -- C:\WINDOWS\System32\perfc00B.dat
[2011.03.27 09:20:59 | 000,040,128 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\Sipa\Omat tiedostot\*.tmp files -> C:\Documents and Settings\Sipa\Omat tiedostot\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Sipa\Työpöytä\*.tmp files -> C:\Documents and Settings\Sipa\Työpöytä\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.04.21 19:27:40 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011.04.21 19:27:38 | 000,260,352 | RHS- | C] () -- C:\cmldr
[2011.04.21 14:15:21 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\Sipa\Työpöytä\HiJackThis.lnk
[2011.04.18 15:15:49 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Mozilla Firefox.lnk
[2011.04.17 11:57:23 | 004,550,656 | ---- | C] () -- C:\Documents and Settings\Sipa\ntuser.dat
[2011.04.07 16:41:30 | 000,143,206 | -H-- | C] () -- C:\Documents and Settings\Sipa\Työpöytä\album.php.htm
[2011.04.05 15:02:02 | 000,035,579 | -H-- | C] () -- C:\Documents and Settings\Sipa\Työpöytä\Terveyden edistäminen klk 2011.odt
[2011.04.05 10:52:54 | 000,027,384 | -H-- | C] () -- C:\Documents and Settings\Sipa\Työpöytä\AIKAS15 oikea.odt
[2011.04.02 15:30:50 | 000,027,647 | -H-- | C] () -- C:\Documents and Settings\Sipa\Työpöytä\AIKAS15.odt
[2010.11.07 19:38:25 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.07.27 11:03:20 | 010,829,656 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010.07.27 11:03:20 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010.07.27 11:03:18 | 000,290,648 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010.07.27 10:56:04 | 000,090,411 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010.07.20 11:05:30 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Sipa\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.05 22:23:41 | 001,774,720 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2010.07.05 22:23:41 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2010.07.05 22:23:41 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010.07.05 22:23:41 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010.07.05 22:23:41 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010.05.07 19:46:36 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2010.05.07 19:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009.09.13 15:48:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009.09.06 18:44:17 | 000,690,576 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009.09.06 18:44:16 | 000,004,381 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.09.06 18:41:16 | 000,137,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.09.06 12:27:48 | 000,000,413 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.09.06 12:13:47 | 000,024,840 | -H-- | C] () -- C:\Documents and Settings\Sipa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009.09.06 11:03:06 | 034,161,834 | -H-- | C] () -- C:\Documents and Settings\Sipa\Local Settings\Application Data\IconCache.db
[2009.09.06 11:01:53 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4935.dll
[2009.09.06 10:57:33 | 000,019,926 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2009.09.06 10:57:16 | 000,019,609 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009.09.06 10:57:14 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009.09.06 10:57:02 | 000,012,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009.09.06 10:51:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.09.06 10:50:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2009.09.06 10:49:58 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009.09.06 10:49:55 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009.09.06 10:48:38 | 000,021,672 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009.09.06 10:48:28 | 000,000,059 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2009.09.06 10:48:28 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2009.09.06 10:47:48 | 000,026,181 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2009.09.06 10:47:47 | 000,003,836 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2004.09.15 15:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004.09.15 15:00:00 | 001,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2004.09.15 15:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2004.09.15 15:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.09.15 15:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2004.09.15 15:00:00 | 000,311,740 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.09.15 15:00:00 | 000,283,356 | ---- | C] () -- C:\WINDOWS\System32\perfh00B.dat
[2004.09.15 15:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.09.15 15:00:00 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2004.09.15 15:00:00 | 000,253,440 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll
[2004.09.15 15:00:00 | 000,243,832 | ---- | C] () -- C:\WINDOWS\System32\perfi00B.dat
[2004.09.15 15:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.09.15 15:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2004.09.15 15:00:00 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2004.09.15 15:00:00 | 000,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2004.09.15 15:00:00 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2004.09.15 15:00:00 | 000,070,270 | ---- | C] () -- C:\WINDOWS\System32\edit.com
[2004.09.15 15:00:00 | 000,053,904 | ---- | C] () -- C:\WINDOWS\System32\dosx.exe
[2004.09.15 15:00:00 | 000,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2004.09.15 15:00:00 | 000,051,096 | ---- | C] () -- C:\WINDOWS\System32\command.com
[2004.09.15 15:00:00 | 000,048,660 | ---- | C] () -- C:\WINDOWS\System32\perfc00B.dat
[2004.09.15 15:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.09.15 15:00:00 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2004.09.15 15:00:00 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2004.09.15 15:00:00 | 000,040,128 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.09.15 15:00:00 | 000,039,322 | ---- | C] () -- C:\WINDOWS\System32\mem.exe
[2004.09.15 15:00:00 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2004.09.15 15:00:00 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2004.09.15 15:00:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2004.09.15 15:00:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2004.09.15 15:00:00 | 000,034,270 | ---- | C] () -- C:\WINDOWS\System32\perfd00B.dat
[2004.09.15 15:00:00 | 000,033,920 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2004.09.15 15:00:00 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2004.09.15 15:00:00 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2004.09.15 15:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2004.09.15 15:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2004.09.15 15:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.09.15 15:00:00 | 000,027,882 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2004.09.15 15:00:00 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2004.09.15 15:00:00 | 000,020,730 | ---- | C] () -- C:\WINDOWS\System32\debug.exe
[2004.09.15 15:00:00 | 000,019,758 | ---- | C] () -- C:\WINDOWS\System32\graphics.com
[2004.09.15 15:00:00 | 000,015,536 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2004.09.15 15:00:00 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2004.09.15 15:00:00 | 000,014,766 | ---- | C] () -- C:\WINDOWS\System32\kb16.com
[2004.09.15 15:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2004.09.15 15:00:00 | 000,013,727 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2004.09.15 15:00:00 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2004.09.15 15:00:00 | 000,012,706 | ---- | C] () -- C:\WINDOWS\System32\edlin.exe
[2004.09.15 15:00:00 | 000,012,562 | ---- | C] () -- C:\WINDOWS\System32\append.exe
[2004.09.15 15:00:00 | 000,011,717 | ---- | C] () -- C:\WINDOWS\System32\setver.exe
[2004.09.15 15:00:00 | 000,009,026 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2004.09.15 15:00:00 | 000,008,424 | ---- | C] () -- C:\WINDOWS\System32\exe2bin.exe
[2004.09.15 15:00:00 | 000,007,052 | ---- | C] () -- C:\WINDOWS\System32\nlsfunc.exe
[2004.09.15 15:00:00 | 000,005,746 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2004.09.15 15:00:00 | 000,004,848 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2004.09.15 15:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.09.15 15:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004.09.15 15:00:00 | 000,003,340 | ---- | C] () -- C:\WINDOWS\System32\redir.exe
[2004.09.15 15:00:00 | 000,003,041 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2004.09.15 15:00:00 | 000,002,920 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2004.09.15 15:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.09.15 15:00:00 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2004.09.15 15:00:00 | 000,001,258 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2004.09.15 15:00:00 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\loadfix.com
[2004.09.15 15:00:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\share.exe
[2004.09.15 15:00:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\fastopen.exe
[2004.09.15 15:00:00 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\mscdexnt.exe
[2004.09.15 15:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004.09.15 15:00:00 | 000,000,507 | ---- | C] () -- C:\WINDOWS\win.ini
[2004.09.15 15:00:00 | 000,000,344 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2004.09.15 15:00:00 | 000,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2002.10.16 01:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001.10.05 19:31:54 | 000,055,296 | ---- | C] () -- C:\WINDOWS\System32\dvdplay.exe
[2001.10.05 19:31:34 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll
[1999.01.22 18:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010.07.11 17:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2009.09.26 09:24:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010.09.22 17:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Net
[2011.01.01 14:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Emotum
[2011.01.01 14:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Saunalahti
[2010.07.11 17:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sipa\Application Data\Babylon
[2010.09.15 20:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sipa\Application Data\Canon
[2010.09.22 17:07:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sipa\Application Data\DAEMON Tools Net
[2011.03.01 15:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sipa\Application Data\ImgBurn
[2010.07.19 19:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sipa\Application Data\IObit
[2010.09.22 17:16:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sipa\Application Data\Leadertech
[2010.07.05 12:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sipa\Application Data\OpenOffice.org
[2010.08.02 17:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sipa\Application Data\Printer Info Cache
[2011.02.07 02:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sipa\Application Data\StreamTorrent
[2011.04.18 19:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sipa\Application Data\uTorrent

========== Purity Check ==========



< End of report >


Extras.Txt:


OTL Extras logfile created on: 22.4.2011 11:21:21 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Sipa\Työpöytä
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040B | Country: Suomi | Language: FIN | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 85,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 59,22 Gb Free Space | 60,64% Space Free | Partition Type: NTFS
Drive E: | 244,14 Gb Total Space | 237,51 Gb Free Space | 97,28% Space Free | Partition Type: NTFS
Drive F: | 254,36 Gb Total Space | 252,01 Gb Free Space | 99,07% Space Free | Partition Type: NTFS

Computer Name: COREDUO | User Name: Sipa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1957994488-413027322-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "E:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"E:\Program Files\Logitech\Vid\Vid.exe" = E:\Program Files\Logitech\Vid\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0000040B-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 24
"{32A3A4F4-B792-11D6-A78A-00B0D0160210}" = Java(TM) SE Development Kit 6 Update 21
"{350C940b-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{464157E0-100C-4747-A5EC-50AA534C031C}" = Saunalahti Software Update Service
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{AC76BA86-7AD7-1035-7B44-A94000000001}" = Adobe Reader 9.4.0 - Suomi
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B22806DA-C1BF-43AE-8B23-BF0BF2B6AC1E}" = Saunalahti Avustaja
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BE7CD87D-BC9E-4350-9A8E-2EF4A65A2437}" = OpenOffice.org 3.1
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F2B5A2A7-2DF9-4361-8BD5-362714528B51}" = NHL® 09
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Babylon" = Babylon
"DivX Setup.divx.com" = DivX Setup
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 6.0.1 Home Edition
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Ohjelmistoalustan laitehallinta
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 4.0 (x86 fi)" = Mozilla Firefox 4.0 (x86 fi)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SopCast" = SopCast 3.2.8
"Tappio" = Tappio-kirjanpito
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"VLC media player" = VLC media player 1.1.4
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"VobSub" = VobSub v2.23 (Remove Only)
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1957994488-413027322-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18.4.2011 7:46:52 | Computer Name = COREDUO | Source = VSS | ID = 12289
Description = Aseman tilannevedospalvelun virhe: Odottamaton virhe CreateFileW(\\?\Volume{a13cd0f5-9afa-11de-83ed-806d6172696f},0xc0000000,0x00000003,...).
hr = 0x80070005.

Error - 18.4.2011 7:47:19 | Computer Name = COREDUO | Source = VSS | ID = 5013
Description = Aseman tilannevedospalvelun virhe: Tilannevedoksen tallentaja RemovableStorageManager
kutsui toimintoa OpenNtmsSessionW, joka epäonnistui, tila: 0x80070015 (muunnettu:
0x800423f3).

Error - 18.4.2011 7:47:32 | Computer Name = COREDUO | Source = VSS | ID = 12289
Description = Aseman tilannevedospalvelun virhe: Odottamaton virhe CreateFileW(\\?\Volume{a13cd0f5-9afa-11de-83ed-806d6172696f},0xc0000000,0x00000003,...).
hr = 0x80070005.

Error - 18.4.2011 7:47:57 | Computer Name = COREDUO | Source = VSS | ID = 5013
Description = Aseman tilannevedospalvelun virhe: Tilannevedoksen tallentaja RemovableStorageManager
kutsui toimintoa OpenNtmsSessionW, joka epäonnistui, tila: 0x80070015 (muunnettu:
0x800423f3).

Error - 18.4.2011 7:50:41 | Computer Name = COREDUO | Source = VSS | ID = 12289
Description = Aseman tilannevedospalvelun virhe: Odottamaton virhe CreateFileW(\\?\Volume{a13cd0f5-9afa-11de-83ed-806d6172696f},0xc0000000,0x00000003,...).
hr = 0x80070005.

Error - 18.4.2011 7:51:09 | Computer Name = COREDUO | Source = VSS | ID = 5013
Description = Aseman tilannevedospalvelun virhe: Tilannevedoksen tallentaja RemovableStorageManager
kutsui toimintoa OpenNtmsSessionW, joka epäonnistui, tila: 0x80070015 (muunnettu:
0x800423f3).

Error - 18.4.2011 8:14:56 | Computer Name = COREDUO | Source = VSS | ID = 12289
Description = Aseman tilannevedospalvelun virhe: Odottamaton virhe CreateFileW(\\?\Volume{a13cd0f5-9afa-11de-83ed-806d6172696f},0xc0000000,0x00000003,...).
hr = 0x80070005.

Error - 18.4.2011 8:15:23 | Computer Name = COREDUO | Source = VSS | ID = 5013
Description = Aseman tilannevedospalvelun virhe: Tilannevedoksen tallentaja RemovableStorageManager
kutsui toimintoa OpenNtmsSessionW, joka epäonnistui, tila: 0x80070015 (muunnettu:
0x800423f3).

Error - 18.4.2011 8:30:09 | Computer Name = COREDUO | Source = VSS | ID = 12289
Description = Aseman tilannevedospalvelun virhe: Odottamaton virhe CreateFileW(\\?\Volume{a13cd0f5-9afa-11de-83ed-806d6172696f},0xc0000000,0x00000003,...).
hr = 0x80070005.

Error - 18.4.2011 8:30:37 | Computer Name = COREDUO | Source = VSS | ID = 5013
Description = Aseman tilannevedospalvelun virhe: Tilannevedoksen tallentaja RemovableStorageManager
kutsui toimintoa OpenNtmsSessionW, joka epäonnistui, tila: 0x80070015 (muunnettu:
0x800423f3).

[ System Events ]
Error - 18.4.2011 9:12:19 | Computer Name = COREDUO | Source = Service Control Manager | ID = 7023
Description = Palvelu Sovellusten hallinta lopetettiin virheen takia. Virhe: %%126

Error - 18.4.2011 9:12:19 | Computer Name = COREDUO | Source = Service Control Manager | ID = 7023
Description = Palvelu Sovellusten hallinta lopetettiin virheen takia. Virhe: %%126

Error - 18.4.2011 9:12:19 | Computer Name = COREDUO | Source = Service Control Manager | ID = 7023
Description = Palvelu Sovellusten hallinta lopetettiin virheen takia. Virhe: %%126

Error - 18.4.2011 9:12:19 | Computer Name = COREDUO | Source = Service Control Manager | ID = 7023
Description = Palvelu Sovellusten hallinta lopetettiin virheen takia. Virhe: %%126

Error - 18.4.2011 9:12:19 | Computer Name = COREDUO | Source = Service Control Manager | ID = 7023
Description = Palvelu Sovellusten hallinta lopetettiin virheen takia. Virhe: %%126

Error - 18.4.2011 9:12:19 | Computer Name = COREDUO | Source = Service Control Manager | ID = 7023
Description = Palvelu Sovellusten hallinta lopetettiin virheen takia. Virhe: %%126

Error - 18.4.2011 9:12:19 | Computer Name = COREDUO | Source = Service Control Manager | ID = 7023
Description = Palvelu Sovellusten hallinta lopetettiin virheen takia. Virhe: %%126

Error - 21.4.2011 12:14:06 | Computer Name = COREDUO | Source = Service Control Manager | ID = 7034
Description = Palvelu Process Monitor lopetti yllättäen toimintansa. Se on tehnyt
näin jo 1 kertaa.

Error - 21.4.2011 12:28:09 | Computer Name = COREDUO | Source = Service Control Manager | ID = 7034
Description = Palvelu Process Monitor lopetti yllättäen toimintansa. Se on tehnyt
näin jo 1 kertaa.

Error - 22.4.2011 4:18:33 | Computer Name = COREDUO | Source = Service Control Manager | ID = 7034
Description = Palvelu Process Monitor lopetti yllättäen toimintansa. Se on tehnyt
näin jo 1 kertaa.


< End of report >

 

.

Koodi:

Mikä siellä on tilanne ???
:)

Onko se häirikkö SopCast ad = mainos ???
(SopAdver.exe)

 

Poistin adv- kansion kokonaan, katotaan korjaako ongelman. Aika outoa sinänsä, koska tätä ei ole ennen tapahtunut ja sopcast on streaming softa, jota olen käyttänyt jo toista vuotta. Tämä virus ei alunperin tullut edes sopcastin kautta, vaan nettisivulta, jossa streamasin divxn kautta. No, mutta tuo combofixi taisi löytää siis jotain epäilyttävää.

 

.
Jo vain !!!
ComboFix löyti poisti ja korjasi

Koodi:

((((((((((((((((((((( Muut poistot ))))))))))))))))))

c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
.
Saastunut kopio tiedostosta c:\windows\system32\drivers\volsnap.sys löytyi ja poistettiin
Puhdas kopio palautettiin paikasta - Kitty had a snack :p

*.job => ajastettu toiminto (kännistellyt jotain sopimatonta)

Tämä => c:\windows\system32\drivers\volsnap.sys kuuluu Winukan käyttiksen
tiedostoihin, mutta virus oli sen saastuttanut.
ComboFix poisti sen ja korvasi terveellä.

XP:ssä tervekin tiedosto voi saastua,

Tämän => SopCast.exe voi tarkistuttaa Jotissa onko puhas.

-----------------------------------------------------

Kopioi alla olevasta laatikosta kaikki muistiin. (Ctrl+C)

Koodi:

:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {8D03DB51-DA47-46a9-8F14-53ABE84263F5}:1.0
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found 
O3 - HKU\S-1-5-21-1957994488-413027322-839522115-1004\..\Toolbar\ShellBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. 
:commands
[EMPTYTEMP]
[EMPTYFLASH]

Käynnistä OTL.EXE ohjelma. (Vista / 7 tee hiiren kakkosnapilla ja JV:nä)
Liitä muistista texti OTL:n valkoiseen laatikkoon (Custom Scans/Fixes)
Paina sitten Run Fix nappia
Lopuksi se pyytää koneen ReStarttia => OK
Logi aukeaa muistioon josta kopioit sen viestiisi.
Tällä kertaa ei tule enään Extra.txt logia.

*********************************************************************

Koodi:

Mikä siellä koneella on tilanne 
Toimiiko ???
:)