Googlen linkit uudelleenohjautuvat Googleen

Hei, minulla on koneessa sellainen ongelma että kun googlen linkkiä klikkaa, yrittää selain ensin avata linkin sivua mutta sen jälkeen mennään vain takaisin googlen etusivulle. Voi olla että linkkiä täytyy klikata esimerkiksi neljä kertaa ennen kuin oikea linkki avautuu.

Olen myös huomannut että kun Excelissä siirtää solun toiseen kohtaan, tulee välillä ilmoitus "Leikepöytää ei voida tyhjentää koska toinen ohjelma käyttää sitä". Välittömästi tämän jälkeen solun siirto taas onnistuu kunnes kohta taas sama ilmoitus.

Liitteenä on hjt-logi, itse en siitä ymmärrä tuon taivaallista mutta osaisiko joku kertoa onko tuolla jotain roskaa?

Logfile of HijackThis v1.99.1
Scan saved at 12:16:11, on 18.12.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\0mat ohjelmat\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\oracle\ora92\bin\omtsreco.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hjt\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] Disable_By_C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] Disable_By_C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] Disable_By_C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SetRefresh] Disable_By_C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [ShStatEXE] Disable_By_"C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] Disable_By_"C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [AppleSyncNotifier] Disable_By_C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] Disable_By_"C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mxomssmenu] Disable_By_"C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [PaperCut NG Client] Disable_By_"C:\Program Files\PaperCut NG Client\pc-client.exe" /silent
O4 - HKLM\..\Run: [BCSSync] Disable_By_"C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\0mat ohjelmat\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] Disable_By_"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray
O4 - Startup: Microsoft Outlook 2010.lnk = ?
O4 - Startup: Pikakuvake PISTE.lnk = VISIO3\PISTE.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MonacoGamma.lnk = C:\Program Files\Monaco Systems\MonacoOPTIX 2.0\MonacoGamma.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Läh&etä OneNoteen - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNoten linkitetyt &muistiinpanot - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNoten linkitetyt &muistiinpanot - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {640373B0-6978-4FA5-A9FC-420ECBBC61C7} (Web Viewer Class) - http://www.tekla.com/go/webviewer/steel/dll/zkitlib.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136640514052
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B2BE75F3-9197-11CF-ABF4-08000996E931} (Autodesk WHIP! Control) - ftp://ftp.autodesk.com/pub/whip/english/whip.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://sonera-ssl.webex.com/client/T27L10NSP11EP11/webex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PAVO.FI
O17 - HKLM\Software\..\Telephony: DomainName = PAVO.FI
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = PAVO.FI
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DraftSight API Service - Unknown owner - C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe" C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe (file missing)
O23 - Service: Google-päivityspalvelu (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Päivitä-palvelu (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\0mat ohjelmat\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Microsoft SharePoint Workspace Audit Service - Unknown owner - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: SQL Server (HLP) (MSSQL$HLP) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sHLP (file missing)
O23 - Service: SQL Server (PSSOFTWARE) (MSSQL$PSSOFTWARE) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sPSSOFTWARE (file missing)
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

.
Mene Windowsin ControlPaneliin (Ohjauspaneli) ja sieltä Lisää / Poista sovellus
Vistassa (7) Ohjelmat ja toiminnot
Etsi ja poista ohjelma jonka nimessä on:

Google Toolbar
Google Toolbar Helper
Google Toolbar Notifie

-----------------------------------------------

Päivitä ja skannaa Malwarebytes' Anti-Malwarella

* Käynnistä Malwarebytes' Anti-Malware
* Klikkaa päivitys
* Tarkista päivitykset
* Kun ohjelma on latautunut ja päivitykset tehty, valitse Suorita täysi tarkistus ja klikkaa Tarkista.
* Kun tarkistus on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Poista valitut.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi.

Huom. Jos Mbam ei pystynyt poistamaan tiedostoa, se pyytää sinua käynnistämään koneesi uudelleen. Käynnistä koneesi silloin uudelleen heti. Mbam voi tehdä muutoksia rekisteriisi osana puhdistusta. Jos käytät suojausohjelmaa, joka havaitsee rekisterin muutokset, salli Mbamin tehdä muutokset.

---------------------------------

Poista ne rivit jotka ovat vielä jäljellä:

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut rivit
(HJT sammuttaa ohjelman ei poista)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] Disable_By_C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\0mat ohjelmat\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

sekä sammuta ne.(fix Chekked) napista.

----------------------------------------------------

Tyhjennä roskakori ja Käynnistä koneesi uudelleen.

Poista kansio/t, jos löytyy:
C:\Program Files\Google\Google Toolbar\
C:\Program Files\Google\GoogleToolbarNotifier\

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* Kopioi Malwarebytes' Anti-Malwaren Logitiedostot välilehdeltä uusin logi tänne.
*
* Mikä on tilanne ???
*

 

Kiitoksia paljon avusta. Nyt olen tehnyt ohjeen mukaan. Lisää/poista sovelluksella löytyi vain yksi Google Tolbar Helper (tai -Notifer) ja sen poiston jälkeen punaisella merkityistä löytyi alla olevat rivit. Alla myös Malwarebyte- ja hjt-logit. Ongelma ei ainakaan vielä kuitenkaan poistunut, edelleen linkit ohjautuvat Googleen. Selaimena käytän Firefoxia mutta sama ongelma on IE:ssa.

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

O4 - HKLM\..\Run: [IgfxTray] Disable_By_C:\WINDOWS\System32\igfxtray.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe


O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present



Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Tietokantaversio: v2012.12.21.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
PASI :: PASIHP3000 [järjestelmänvalvoja]

21.12.2012 10:32:57
mbam-log-2012-12-21 (10-32-57).txt

Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistussuodattimia valittu: Muisti | Käynnistys | Rekisteri | Tietojärjestelmä | Heuristinen/Ylimäärinen | Heuristinen/Shuriken | Mahdollisesti haitallinen ohjelma | Mahdollisesti haitallinen muutos
Käytöstä poistetut tarkistusvalinnat: Vertaisverkko (Peer-to-Peer)
Tarkistettuja kohteita: 565068
Kulunut aika: 2 tunti(a), 15 minuutti(a), 55 sekunti(a)

Epäilyttäviä muistiprosesseja: 0
(Ei haitallisia kohteita)

Epäilyttäviä muistimoduuleja: 0
(Ei haitallisia kohteita)

Epäilyttäviä rekisteriavaimia: 0
(Ei haitallisia kohteita)

Epäilyttäviä rekisteriarvoja: 0
(Ei haitallisia kohteita)

Epäilyttäviä rekisterikohteita: 0
(Ei haitallisia kohteita)

Epäilyttäviä kansioita: 0
(Ei haitallisia kohteita)

Epäilyttäviä tiedostoja: 0
(Ei haitallisia kohteita)

(loppu)

Logfile of HijackThis v1.99.1
Scan saved at 13:15:15, on 21.12.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\oracle\ora92\bin\omtsreco.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\0mat ohjelmat\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\hjt\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HotKeysCmds] Disable_By_C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] Disable_By_C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SetRefresh] Disable_By_C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [ShStatEXE] Disable_By_"C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] Disable_By_"C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [AppleSyncNotifier] Disable_By_C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] Disable_By_"C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mxomssmenu] Disable_By_"C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [PaperCut NG Client] Disable_By_"C:\Program Files\PaperCut NG Client\pc-client.exe" /silent
O4 - HKLM\..\Run: [BCSSync] Disable_By_"C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] Disable_By_"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray
O4 - Startup: Microsoft Outlook 2010.lnk = ?
O4 - Startup: Pikakuvake PISTE.lnk = VISIO3\PISTE.EXE
O4 - Global Startup: MonacoGamma.lnk = C:\Program Files\Monaco Systems\MonacoOPTIX 2.0\MonacoGamma.exe
O8 - Extra context menu item: Läh&etä OneNoteen - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNoten linkitetyt &muistiinpanot - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNoten linkitetyt &muistiinpanot - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {640373B0-6978-4FA5-A9FC-420ECBBC61C7} (Web Viewer Class) - http://www.tekla.com/go/webviewer/steel/dll/zkitlib.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136640514052
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B2BE75F3-9197-11CF-ABF4-08000996E931} (Autodesk WHIP! Control) - ftp://ftp.autodesk.com/pub/whip/english/whip.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://sonera-ssl.webex.com/client/T27L10NSP11EP11/webex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PAVO.FI
O17 - HKLM\Software\..\Telephony: DomainName = PAVO.FI
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = PAVO.FI
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DraftSight API Service - Unknown owner - C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe" C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe (file missing)
O23 - Service: Google-päivityspalvelu (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Päivitä-palvelu (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\0mat ohjelmat\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\0mat ohjelmat\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Microsoft SharePoint Workspace Audit Service - Unknown owner - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: SQL Server (HLP) (MSSQL$HLP) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sHLP (file missing)
O23 - Service: SQL Server (PSSOFTWARE) (MSSQL$PSSOFTWARE) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sPSSOFTWARE (file missing)
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

Sorry, tuo uudelleenkäynnistys unohtui välissä.. ehdin siis käynnistää sekä Firefoxin että IE:n ennen uudelleenkäynnistystä, menikö homma uusiksi? Alla hjt-logi uudelleenkäynnistyksen jälkeen: (uudelleenohjautuvuus ei poistunut)

Logfile of HijackThis v1.99.1
Scan saved at 13:40:54, on 21.12.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\0mat ohjelmat\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\oracle\ora92\bin\omtsreco.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\hjt\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HotKeysCmds] Disable_By_C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] Disable_By_C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SetRefresh] Disable_By_C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [ShStatEXE] Disable_By_"C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] Disable_By_"C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [AppleSyncNotifier] Disable_By_C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] Disable_By_"C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mxomssmenu] Disable_By_"C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [PaperCut NG Client] Disable_By_"C:\Program Files\PaperCut NG Client\pc-client.exe" /silent
O4 - HKLM\..\Run: [BCSSync] Disable_By_"C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] Disable_By_"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray
O4 - Startup: Microsoft Outlook 2010.lnk = ?
O4 - Startup: Pikakuvake PISTE.lnk = VISIO3\PISTE.EXE
O4 - Global Startup: MonacoGamma.lnk = C:\Program Files\Monaco Systems\MonacoOPTIX 2.0\MonacoGamma.exe
O8 - Extra context menu item: Läh&etä OneNoteen - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNoten linkitetyt &muistiinpanot - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNoten linkitetyt &muistiinpanot - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {640373B0-6978-4FA5-A9FC-420ECBBC61C7} (Web Viewer Class) - http://www.tekla.com/go/webviewer/steel/dll/zkitlib.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136640514052
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B2BE75F3-9197-11CF-ABF4-08000996E931} (Autodesk WHIP! Control) - ftp://ftp.autodesk.com/pub/whip/english/whip.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://sonera-ssl.webex.com/client/T27L10NSP11EP11/webex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PAVO.FI
O17 - HKLM\Software\..\Telephony: DomainName = PAVO.FI
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = PAVO.FI
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DraftSight API Service - Unknown owner - C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe" C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe (file missing)
O23 - Service: Google-päivityspalvelu (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Päivitä-palvelu (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\0mat ohjelmat\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\0mat ohjelmat\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Microsoft SharePoint Workspace Audit Service - Unknown owner - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: SQL Server (HLP) (MSSQL$HLP) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sHLP (file missing)
O23 - Service: SQL Server (PSSOFTWARE) (MSSQL$PSSOFTWARE) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sPSSOFTWARE (file missing)
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

.
Kyllä tämä on oikein !!!

Viruksia sielläei näy.

------------------------

Putsataan selaimet =>

Lataa työpöydälle => AdwCleaner

Aja ohjema Hiiren oikealla näppäimellä painat ja valitset =>
Suorita Järjestelmänvalvojana

Paina => Search nappia.
Muistioon aukeaa sivu josta näet mitä poistetaan. (AdwCleaner[R1].txt)
Sammuta kaikki muut ohjelmat paitsi virustorjunta.

Paina Delete nappia ja => OK:ta niin kauankuin kone
käynnistää itsensä uudelleen.

Muistioon aukeaa nyt AdwCleaner[S1].txt tiedosto, jonka sisällön
kopioit vastaus viestiisi tänne.

 

Terve, nyt on edellisen ohjeen mukaiset toimet tehty ja alla pyytämäsi tiedoston sisältö:

# AdwCleaner v2.103 - Logfile created 12/27/2012 at 08:51:24
# Updated 25/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : PASI - PASIHP3000
# Boot Mode : Normal
# Running from : C:\Documents and Settings\pasi\Työpöytä\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\504244733D18C8F63FF584AEB290E3904E791693
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Software
Key Deleted : HKLM\Software\Viewpoint
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run []

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (fi)

File : C:\Documents and Settings\valvomo\Application Data\Mozilla\Firefox\Profiles\j4tvsd4h.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\pasi\Application Data\Mozilla\Firefox\Profiles\fyq5sv93.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\antti\Application Data\Mozilla\Firefox\Profiles\eobf95iz.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Documents and Settings\pasi\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2192 octets] - [27/12/2012 08:49:19]
AdwCleaner[S1].txt - [2149 octets] - [27/12/2012 08:51:24]

########## EOF - C:\AdwCleaner[S1].txt - [2209 octets] ##########

 

.
Avaa AdwCleaner ja klikkaa Uninstall-nappia. Seuraa ohjeita.

------------------------------------------------------------

Onko vielä ongelmia ???

 

Terve,

samalla tavalla uudelleenohjautuu Googleen. Yritin liittää kuvaruutukaappauksen selaimesta (jota en saanut liitettyä..) kun Googleen laitettu hakusanaksi "afterdawn" ja ehdotettua linkkiä klikattu avautumaan uuteen välilehteen. Vasta neljännellä klikkauksella meni oikeaan osoitteeseen.

 

.
Katsotaan josko löytäisimme syyllisen !!!

Lataa työpöydälle => TÄMÄ OTL.exe
* Sulje kaikki päälläolevat ikkunat ja sovellukset. (ei virustorjuntaa)
* XP:ssä Tuplaklikkaa OTL.exeä käynnistääksesi OTListIt:n.
* Vista/7:ssa käynnistät OTL.exen = tee se hiiren oikealla napilla
ja valitset Suorita Järjestelmänvalvojana

* Laita siihen ruxit kuvan mukaan.



* Klikkaa Run Scan nappulaa.
* Kun tarkistus on valmis, OTListIt luo kaksi tekstitiedostoa työpöydälle, tai alapalkkiin OTListIt.Txt ja Extras.txt

* Kopioi ja lähetä tiedostojen sisältö tänne.

 

No niin, muutamalta sivuilta löysin varmistuksen tuon OTL.EXE:n turvallisuudesta, ja alla listat. File Age -kohtaan laitoin kuitenkin 360 pv kun tämä ongelma on ollut jo jonkun aikaa olemassa, nyt vaan alkaa hihat palamaan Voin tehdä uusiksi 30 pv asetuksella mikäli sillä on merkitystä?


OTL logfile created on: 27.12.2012 13:24:17 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\pasi\Työpöytä
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040B | Country: Suomi | Language: FIN | Date Format: dd.MM.yyyy

1.49 Gb Total Physical Memory | 0.73 Gb Available Physical Memory | 48.69% Memory free
2.09 Gb Paging File | 1.34 Gb Available in Paging File | 64.36% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 40.34 Gb Free Space | 54.14% Space Free | Partition Type: NTFS
Drive J: | 68.33 Gb Total Space | 23.29 Gb Free Space | 34.08% Space Free | Partition Type: NTFS
Drive O: | 22.20 Gb Total Space | 1.46 Gb Free Space | 6.59% Space Free | Partition Type: NTFS
Drive R: | 410.10 Gb Total Space | 231.42 Gb Free Space | 56.43% Space Free | Partition Type: NTFS

Computer Name: PASIHP3000 | User Name: PASI | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 360 Days

========== Processes (SafeList) ==========

PRC - [2012.12.27 13:21:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\pasi\Työpöytä\OTL.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\0mat ohjelmat\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.08.31 11:27:22 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012.07.07 06:00:56 | 000,078,336 | ---- | M] (Dassault Systèmes) -- C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
PRC - [2012.07.03 08:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2012.05.16 14:44:58 | 001,084,840 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
PRC - [2012.04.22 12:51:04 | 000,720,936 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012.04.22 12:50:44 | 000,174,120 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2012.04.22 12:50:28 | 000,142,376 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
PRC - [2008.04.14 18:12:23 | 000,421,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
PRC - [2008.04.14 18:12:11 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.09.28 12:24:36 | 000,156,976 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2006.11.30 07:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2006.11.30 07:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2006.11.17 12:40:56 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2006.11.17 12:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2006.03.30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2002.09.20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002.04.30 15:23:46 | 000,057,603 | ---- | M] (Oracle Corporation) -- C:\oracle\ora92\bin\omtsreco.exe


========== Modules (No Company Name) ==========

MOD - [2012.07.07 06:01:36 | 002,623,408 | ---- | M] () -- C:\Program Files\Dassault Systemes\DraftSight\bin\QtCore4.dll
MOD - [2012.07.07 06:01:36 | 000,948,144 | ---- | M] () -- C:\Program Files\Dassault Systemes\DraftSight\bin\QtNetwork4.dll
MOD - [2012.07.07 06:01:36 | 000,387,505 | ---- | M] () -- C:\Program Files\Dassault Systemes\DraftSight\bin\QtXml4.dll
MOD - [2012.05.16 14:45:56 | 000,276,392 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\phonon4.dll
MOD - [2012.05.16 14:45:40 | 002,652,584 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll
MOD - [2012.05.16 14:45:40 | 000,363,944 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXml4.dll
MOD - [2012.05.16 14:45:38 | 011,166,120 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll
MOD - [2012.05.16 14:45:36 | 001,346,472 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtScript4.dll
MOD - [2012.05.16 14:45:36 | 000,205,736 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtSql4.dll
MOD - [2012.05.16 14:45:34 | 001,013,672 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll
MOD - [2012.05.16 14:45:34 | 000,720,296 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll
MOD - [2012.05.16 14:45:32 | 008,506,280 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtGui4.dll
MOD - [2012.05.16 14:45:32 | 000,520,104 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll
MOD - [2012.05.16 14:45:30 | 002,480,552 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll
MOD - [2012.05.16 14:45:30 | 002,353,576 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtCore4.dll
MOD - [2012.05.16 14:45:28 | 000,445,864 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
MOD - [2012.05.16 14:45:22 | 000,206,760 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qjpeg4.dll
MOD - [2012.05.16 14:45:22 | 000,035,240 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qico4.dll
MOD - [2012.05.16 14:45:20 | 000,032,680 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qgif4.dll
MOD - [2012.05.16 14:44:54 | 000,437,672 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\NService.dll
MOD - [2012.05.16 14:44:16 | 000,604,072 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll
MOD - [2012.05.16 12:46:28 | 000,391,056 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\ssoengine.dll
MOD - [2012.05.16 12:46:28 | 000,059,280 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\securestorage.dll
MOD - [2012.05.16 12:45:30 | 000,110,080 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\mediaservice\dsengine.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2008.04.14 18:11:39 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007.07.12 21:33:58 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2006.11.30 07:50:00 | 000,149,080 | ---- | M] () -- C:\Program Files\McAfee\VirusScan Enterprise\VsEvntUI.DLL
MOD - [2006.11.17 12:41:22 | 000,120,384 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\naXML71.dll
MOD - [2006.11.17 12:39:10 | 000,071,232 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\naisign.dll
MOD - [2004.10.20 07:54:00 | 000,061,440 | ---- | M] () -- C:\WINDOWS\system32\wintab32.dll
MOD - [2002.04.29 14:04:08 | 000,246,032 | ---- | M] () -- C:\oracle\ora92\bin\oratrace9.dll
MOD - [2001.10.28 16:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012.12.11 11:39:59 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\0mat ohjelmat\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\0mat ohjelmat\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012.08.31 11:27:22 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012.07.07 06:00:56 | 000,078,336 | ---- | M] (Dassault Systèmes) [Auto | Running] -- C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe -- (DraftSight API Service)
SRV - [2012.04.22 12:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007.09.28 12:24:36 | 000,156,976 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2006.11.30 07:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2006.11.30 07:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2006.11.17 12:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2006.03.30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2002.09.20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)
SRV - [2002.04.30 15:23:46 | 000,057,603 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\oracle\ora92\bin\omtsreco.exe -- (OracleMTSRecoveryService)
SRV - [2002.04.26 19:34:38 | 000,242,328 | ---- | M] () [On_Demand | Stopped] -- C:\oracle\ora92\bin\ONRSD.EXE -- (OracleOraHome92ClientCache)
SRV - [2000.10.19 10:55:50 | 000,411,244 | ---- | M] () [On_Demand | Stopped] -- C:\oracle\ora81\bin\ONRSD.EXE -- (OracleOraHome81ClientCache)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RKHit.sys -- (RkHit)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | Auto | Stopped] -- -- (First)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.04.22 12:51:38 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012.01.09 16:28:20 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2012.01.09 16:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012.01.09 16:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012.01.09 16:28:20 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2012.01.09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012.01.09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2007.05.03 13:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2006.11.30 07:50:00 | 000,168,776 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2006.11.30 07:50:00 | 000,072,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2006.11.30 07:50:00 | 000,064,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2006.11.30 07:50:00 | 000,052,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2006.11.30 07:50:00 | 000,034,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2006.11.30 07:50:00 | 000,031,944 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2005.09.06 16:11:50 | 000,202,496 | R--- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2005.09.06 16:11:38 | 000,005,376 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2004.08.03 22:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wvchntxx.sys -- (iAimFP4)
DRV - [2004.08.03 22:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wsiintxx.sys -- (iAimFP3)
DRV - [2004.08.03 22:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wch7xxnt.sys -- (iAimTV4)
DRV - [2004.08.03 22:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv04nt.sys -- (iAimTV3)
DRV - [2004.08.03 22:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv02nt.sys -- (iAimTV1)
DRV - [2004.08.03 22:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv01nt.sys -- (iAimTV0)
DRV - [2004.08.03 22:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004.08.03 22:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv01nt.sys -- (iAimFP0)
DRV - [2004.08.03 22:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv02nt.sys -- (iAimFP1)
DRV - [2004.08.03 22:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv05nt.sys -- (iAimFP2)
DRV - [2004.04.29 20:55:42 | 000,186,112 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004.02.04 10:34:16 | 000,051,584 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp)
DRV - [2003.11.06 11:12:20 | 000,014,936 | ---- | M] (X-Rite, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\XrUsb.sys -- (X-Rite)
DRV - [2002.12.17 05:41:10 | 000,076,288 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel)
DRV - [2002.04.04 08:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (Symmpi)
DRV - [2001.08.17 20:53:32 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qv2kux.sys -- (QV2KUX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1078081533-1614895754-839522115-1195\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
IE - HKU\S-1-5-21-1078081533-1614895754-839522115-1195\..\SearchScopes,DefaultScope = {992C8ECC-A855-4932-BACA-3854A99DD1B0}
IE - HKU\S-1-5-21-1078081533-1614895754-839522115-1195\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1078081533-1614895754-839522115-1195\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1078081533-1614895754-839522115-1195\..\SearchScopes\{992C8ECC-A855-4932-BACA-3854A99DD1B0}: "URL" = http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7GGLR_fiFI391
IE - HKU\S-1-5-21-1078081533-1614895754-839522115-1195\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1078081533-1614895754-839522115-1195\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.fi"
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.76
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.11 11:40:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.11 11:39:38 | 000,000,000 | ---D | M]

[2008.09.08 11:38:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\pasi\Application Data\Mozilla\Extensions
[2012.12.18 11:29:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\pasi\Application Data\Mozilla\Firefox\Profiles\fyq5sv93.default\extensions
[2012.12.18 11:29:59 | 000,532,971 | ---- | M] () (No name found) -- C:\Documents and Settings\pasi\Application Data\Mozilla\Firefox\Profiles\fyq5sv93.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.12.11 11:39:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.12.11 11:40:00 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.02 10:00:36 | 000,028,472 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
[2011.11.02 10:00:36 | 000,185,224 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcext.dll
[2011.11.02 10:00:42 | 000,046,392 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\atmccli.dll
[2008.08.16 16:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2008.08.16 16:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2008.08.16 16:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2011.11.02 10:00:46 | 000,099,208 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2008.05.21 07:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcm80.dll
[2008.05.21 07:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcp80.dll
[2008.05.21 07:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr80.dll
[2012.10.09 12:00:30 | 000,215,864 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2008.08.16 16:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2008.08.16 16:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2012.09.05 09:00:47 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.12.11 11:39:57 | 000,002,275 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bookplus-fi.xml
[2011.07.05 14:09:01 | 000,001,069 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons-fi.xml
[2012.12.11 11:39:57 | 000,001,185 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-fi.xml
[2011.07.05 14:09:01 | 000,002,677 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\huuto-fi.xml
[2012.12.11 11:39:57 | 000,001,396 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fi.xml
[2012.12.11 11:39:57 | 000,001,313 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-fi.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/

O1 HOSTS File: ([2003.04.25 04:00:00 | 000,000,665 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-1078081533-1614895754-839522115-1195\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [AppleSyncNotifier] Disable_By_C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe File not found
O4 - HKLM..\Run: [BCSSync] Disable_By_"C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices File not found
O4 - HKLM..\Run: [HotKeysCmds] Disable_By_C:\WINDOWS\System32\hkcmd.exe File not found
O4 - HKLM..\Run: [iTunesHelper] Disable_By_"C:\Program Files\iTunes\iTunesHelper.exe" File not found
O4 - HKLM..\Run: [McAfeeUpdaterUI] Disable_By_"C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey File not found
O4 - HKLM..\Run: [mxomssmenu] Disable_By_"C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" File not found
O4 - HKLM..\Run: [PaperCut NG Client] Disable_By_"C:\Program Files\PaperCut NG Client\pc-client.exe" /silent File not found
O4 - HKLM..\Run: [SetRefresh] Disable_By_C:\Program Files\Compaq\SetRefresh\SetRefresh.exe File not found
O4 - HKLM..\Run: [ShStatEXE] Disable_By_"C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE File not found
O4 - HKLM..\Run: [Smapp] Disable_By_C:\Program Files\Analog Devices\SoundMAX\SMTray.exe File not found
O4 - HKU\S-1-5-21-1078081533-1614895754-839522115-1195..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKU\S-1-5-21-1078081533-1614895754-839522115-1195..\Run: [updateMgr] Disable_By_"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 File not found
O4 - Startup: C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\MonacoGamma.lnk = C:\Program Files\Monaco Systems\MonacoOPTIX 2.0\MonacoGamma.exe (Monaco Systems)
O4 - Startup: C:\Documents and Settings\pasi\Käynnistä-valikko\Ohjelmat\Käynnistys\Microsoft Outlook 2010.lnk = C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe ()
O4 - Startup: C:\Documents and Settings\pasi\Käynnistä-valikko\Ohjelmat\Käynnistys\Pikakuvake PISTE.lnk = \\Atjserver2\visio3\VISIO3\PISTE.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-1614895754-839522115-1195\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-1078081533-1614895754-839522115-1195\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Läh&etä OneNoteen - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: V&ie Microsoft Exceliin - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNoten linkitetyt &muistiinpanot - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNoten linkitetyt &muistiinpanot - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1078081533-1614895754-839522115-1195\..Trusted Domains: blc.fi ([karttatieto] http in Paikallinen intranet)
O15 - HKU\S-1-5-21-1078081533-1614895754-839522115-1195\..Trusted Domains: spy.fi ([karttatieto] http in Paikallinen intranet)
O15 - HKU\S-1-5-21-1078081533-1614895754-839522115-1195\..Trusted Ranges: Range1 ([http] in Paikallinen intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.microsoft.com/download/b/d/b/bdb4e4ee-63b2-45ff-9d84-33205bf43143/WebCleaner.cab (Malicious Software Removal Tool)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (Reg Error: Key error.)
O16 - DPF: {640373B0-6978-4FA5-A9FC-420ECBBC61C7} http://www.tekla.com/go/webviewer/steel/dll/zkitlib.dll (Web Viewer Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136640514052 (MUWebControl Class)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab (HouseCall Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} http://support.f-secure.com/ols/fscax.cab (F-Secure Online Scanner 3.0)
O16 - DPF: {B2BE75F3-9197-11CF-ABF4-08000996E931} ftp://ftp.autodesk.com/pub/whip/english/whip.cab (Autodesk WHIP! Control)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://sonera-ssl.webex.com/client/T27L10NSP11EP11/webex/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.20.14 192.168.20.12 193.210.19.19
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PAVO.FI
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FA9F63E-445C-4548-AFF2-3D154679E43A}: DhcpNameServer = 192.168.20.14 192.168.20.12 193.210.19.19
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (Nykyinen kotisivu) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\pasi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\pasi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{29e145ca-ab9e-11db-9daf-001185144c0a}\Shell\AutoRun\command - "" = E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
O33 - MountPoints2\{97afebdd-21ce-11df-a163-001185144c0a}\Shell\AutoRun\command - "" = E:\Launcher.exe
O33 - MountPoints2\{c9bfd9aa-ebe8-11df-a208-001185144c0a}\Shell - "" = AutoRun
O33 - MountPoints2\{c9bfd9aa-ebe8-11df-a208-001185144c0a}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 360 Days ==========

[2012.12.27 13:21:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\pasi\Työpöytä\OTL.exe
[2012.12.18 12:14:20 | 000,000,000 | ---D | C] -- C:\hjt
[2012.12.11 11:39:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.10.18 10:59:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\pasi\Omat tiedostot\Omat musiikkitiedostot
[2012.10.03 11:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pasi\Local Settings\Application Data\Dassault Systemes
[2012.09.03 06:53:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pasi\Local Settings\Application Data\Sun
[2012.08.31 11:27:51 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012.08.31 11:27:51 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012.08.31 11:27:43 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012.08.31 11:27:43 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012.08.31 11:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Java Web Start
[2012.08.31 11:22:10 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012.08.23 06:43:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Google Chrome
[2012.08.16 12:00:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pasi\Application Data\Malwarebytes
[2012.08.16 12:00:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012.08.16 12:00:02 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.08.03 06:35:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pasi\Omat tiedostot\Nokia Suite
[2012.08.03 06:27:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Nokia
[2012.08.03 06:23:16 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2012.08.03 06:23:08 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2012.08.03 06:22:42 | 000,008,576 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsuc.sys
[2012.08.03 06:22:40 | 000,137,600 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsu.sys
[2012.08.03 06:22:38 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys
[2012.08.03 06:22:37 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys
[2012.08.03 06:22:35 | 000,023,168 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys
[2012.08.03 06:22:34 | 000,018,176 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys
[2012.08.02 13:39:05 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012.08.02 13:37:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012.07.24 06:47:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pasi\Application Data\IMSIDesign
[2012.07.20 12:31:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pasi\Local Settings\Application Data\CrashRpt
[2012.07.20 12:29:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Dassault Systemes
[2012.07.20 12:29:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pasi\Application Data\DraftSight
[2012.07.20 12:29:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Dassault Systemes
[2012.07.20 12:29:02 | 000,000,000 | ---D | C] -- C:\Program Files\Dassault Systemes
[2012.07.17 08:49:08 | 000,696,760 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.07.17 08:49:07 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.06.25 06:07:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\pasi\Omat tiedostot\Omat videotiedostot
[2012.06.25 06:07:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\pasi\Omat tiedostot\Omat kuvatiedostot
[2012.06.07 13:33:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pasi\Omat tiedostot\Lataukset
[2012.04.25 14:04:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.04.25 14:04:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012.04.17 14:19:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\pasi\Recent
[2012.03.26 06:44:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012.03.22 15:57:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pasi\Local Settings\Application Data\PackageAware
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[22 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\pasi\*.tmp files -> C:\Documents and Settings\pasi\*.tmp -> ]

========== Files - Modified Within 360 Days ==========

[2012.12.27 13:21:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\pasi\Työpöytä\OTL.exe
[2012.12.27 13:10:48 | 000,170,415 | ---- | M] () -- C:\nimetön.JPG
[2012.12.27 12:36:00 | 000,000,996 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.27 08:57:18 | 000,554,470 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.12.27 08:57:18 | 000,530,196 | ---- | M] () -- C:\WINDOWS\System32\perfh00B.dat
[2012.12.27 08:57:18 | 000,130,306 | ---- | M] () -- C:\WINDOWS\System32\perfc00B.dat
[2012.12.27 08:57:17 | 000,114,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.12.27 08:54:00 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\pasi\Käynnistä-valikko\Ohjelmat\Käynnistys\Microsoft Outlook 2010.lnk
[2012.12.27 08:53:49 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.12.27 08:53:08 | 000,000,992 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.27 08:52:50 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\KAXVQHHXKV.job
[2012.12.27 08:52:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.12.27 08:52:44 | 1601,703,936 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.27 08:47:32 | 000,550,017 | ---- | M] () -- C:\Documents and Settings\pasi\Työpöytä\adwcleaner.exe
[2012.12.27 07:31:18 | 000,316,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.12.21 13:13:52 | 000,163,840 | ---- | M] () -- C:\Documents and Settings\pasi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.21 13:02:35 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\pasi\Työpöytä\Word 2010.lnk
[2012.12.21 07:06:12 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.12.18 15:27:38 | 000,002,531 | ---- | M] () -- C:\Documents and Settings\All Users\Työpöytä\DraftSight.lnk
[2012.12.18 11:50:14 | 000,050,021 | ---- | M] () -- C:\Documents and Settings\pasi\Omat tiedostot\Toisenlainen Lahja -tilausvahvistus - Toisenlainen Lahja.pdf
[2012.12.17 08:49:28 | 000,000,884 | ---- | M] () -- C:\Documents and Settings\pasi\Työpöytä\Vikatilasto.lnk
[2012.12.17 08:46:31 | 000,002,477 | ---- | M] () -- C:\Documents and Settings\pasi\Työpöytä\Excel 2010.lnk
[2012.12.16 14:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2012.12.16 14:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
[2012.12.14 07:41:12 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Työpöytä\Google Chrome.lnk
[2012.12.14 07:17:27 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.12.13 14:45:35 | 000,008,325 | ---- | M] () -- C:\WINDOWS\PASI8.xlb
[2012.12.05 07:56:36 | 002,261,721 | ---- | M] () -- C:\Documents and Settings\pasi\Omat tiedostot\Elokuva.wmv
[2012.12.05 07:35:38 | 002,945,091 | ---- | M] () -- C:\Documents and Settings\pasi\Omat tiedostot\IMG_7906.jpg
[2012.12.04 18:13:35 | 038,204,248 | ---- | M] () -- C:\Documents and Settings\pasi\Omat tiedostot\MVI_7905.avi
[2012.11.26 12:14:28 | 000,000,026 | ---- | M] () -- C:\WINDOWS\ABBDOC.INI
[2012.11.21 15:24:43 | 000,047,063 | ---- | M] () -- C:\111423_5626.pdf
[2012.11.02 12:08:44 | 000,653,469 | ---- | M] () -- C:\Documents and Settings\pasi\Omat tiedostot\Pylväskoura.JPG
[2012.11.02 08:39:52 | 000,182,634 | ---- | M] () -- C:\Documents and Settings\pasi\Omat tiedostot\Voiman.bmp
[2012.10.19 06:29:49 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.10.19 06:29:49 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.10.15 08:40:13 | 000,000,316 | ---- | M] () -- C:\Documents and Settings\pasi\Työpöytä\Tuntisyöttö.url
[2012.10.03 09:00:19 | 000,086,792 | ---- | M] () -- C:\Documents and Settings\pasi\Omat tiedostot\1-iv2016rv-xl.jpg
[2012.10.03 08:04:20 | 000,680,873 | ---- | M] () -- C:\Documents and Settings\pasi\Omat tiedostot\iveco5.JPG
[2012.10.03 08:03:48 | 000,677,079 | ---- | M] () -- C:\Documents and Settings\pasi\Omat tiedostot\iveco4.JPG
[2012.10.03 08:02:13 | 000,673,796 | ---- | M] () -- C:\Documents and Settings\pasi\Omat tiedostot\iveco3.JPG
[2012.10.03 07:07:15 | 000,660,952 | ---- | M] () -- C:\Documents and Settings\pasi\Omat tiedostot\iveco2.JPG
[2012.10.03 06:51:12 | 000,646,608 | ---- | M] () -- C:\Documents and Settings\pasi\Omat tiedostot\iveco1.JPG
[2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.09.27 10:45:36 | 002,509,936 | ---- | M] () -- C:\Documents and Settings\pasi\Omat tiedostot\IMG_7781.jpg
[2012.09.27 08:12:08 | 003,255,430 | ---- | M] () -- C:\Documents and Settings\pasi\Omat tiedostot\IMG_7780.jpg
[2012.09.26 13:44:10 | 002,741,075 | ---- | M] () -- C:\Documents and Settings\pasi\Omat tiedostot\IMG_7777.jpg
[2012.09.26 13:43:50 | 003,101,900 | ---- | M] () -- C:\Documents and Settings\pasi\Omat tiedostot\IMG_7776.jpg
[2012.09.26 13:43:04 | 002,972,793 | ---- | M] () -- C:\Documents and Settings\pasi\Omat tiedostot\IMG_7775.jpg
[2012.09.14 08:13:37 | 002,960,102 | ---- | M] () -- C:\Documents and Settings\pasi\Omat tiedostot\IMG_7678.jpg
[2012.09.12 07:08:34 | 000,197,784 | ---- | M] () -- C:\Documents and Settings\pasi\Omat tiedostot\2012-09-08-018.jpg
[2012.09.12 07:08:32 | 000,177,458 | ---- | M] () -- C:\Documents and Settings\pasi\Omat tiedostot\IMG_7667.jpg
[2012.09.10 07:12:14 | 000,000,588 | ---- | M] () -- C:\Documents and Settings\pasi\Omat tiedostot\PiLu.lnk
[2012.09.10 06:58:01 | 000,000,478 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2012.09.05 08:25:16 | 000,026,179 | ---- | M] () -- C:\Documents and Settings\pasi\Omat tiedostot\12.09.05 Muovisinetti.pdf
[2012.08.31 11:27:26 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012.08.31 11:27:21 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012.08.31 11:27:21 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012.08.31 11:27:20 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012.08.31 11:27:20 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012.08.31 11:27:19 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012.08.31 11:27:19 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012.08.31 11:26:37 | 000,001,684 | ---- | M] () -- C:\Documents and Settings\All Users\Työpöytä\Java Web Start.lnk
[2012.08.27 11:51:13 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\pasi\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012.08.08 11:11:21 | 000,000,022 | ---- | M] () -- C:\WINDOWS\tpcsd
[2012.08.03 06:27:22 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\All Users\Työpöytä\Nokia Suite.lnk
[2012.07.20 12:29:58 | 000,001,988 | ---- | M] () -- C:\Documents and Settings\pasi\Application Data\Microsoft\Internet Explorer\Quick Launch\DraftSight.lnk
[2012.04.22 12:51:38 | 000,018,816 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2012.04.17 14:11:22 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\Työpöytä\CCleaner.lnk
[2012.04.13 12:18:27 | 000,002,397 | ---- | M] () -- C:\Documents and Settings\All Users\Työpöytä\Varmuuskopiointi.lnk
[2012.04.13 06:19:30 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\pasi\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012.03.22 13:17:23 | 000,126,976 | RHS- | M] () -- C:\WINDOWS\System32\mshtmledl.dll
[2012.01.11 21:06:50 | 000,003,072 | ---- | M] () -- C:\WINDOWS\System32\iacenc.dll
[2012.01.11 21:06:50 | 000,003,072 | ---- | M] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012.01.09 16:28:20 | 000,605,696 | ---- | M] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll
[2012.01.09 16:28:20 | 000,137,600 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsu.sys
[2012.01.09 16:28:20 | 000,123,904 | ---- | M] (Nokia) -- C:\WINDOWS\System32\ccdcmbwu.dll
[2012.01.09 16:28:20 | 000,075,264 | ---- | M] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll
[2012.01.09 16:28:20 | 000,023,168 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys
[2012.01.09 16:28:20 | 000,018,176 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys
[2012.01.09 16:28:20 | 000,008,576 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsuc.sys
[2012.01.09 16:28:20 | 000,008,192 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys
[2012.01.09 16:28:20 | 000,008,192 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[22 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\pasi\*.tmp files -> C:\Documents and Settings\pasi\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.12.27 13:10:48 | 000,170,415 | ---- | C] () -- C:\nimetön.JPG
[2012.12.27 08:47:14 | 000,550,017 | ---- | C] () -- C:\Documents and Settings\pasi\Työpöytä\adwcleaner.exe
[2012.12.18 11:50:11 | 000,050,021 | ---- | C] () -- C:\Documents and Settings\pasi\Omat tiedostot\Toisenlainen Lahja -tilausvahvistus - Toisenlainen Lahja.pdf
[2012.12.05 07:56:08 | 002,261,721 | ---- | C] () -- C:\Documents and Settings\pasi\Omat tiedostot\Elokuva.wmv
[2012.12.05 07:35:38 | 002,945,091 | ---- | C] () -- C:\Documents and Settings\pasi\Omat tiedostot\IMG_7906.jpg
[2012.12.04 18:13:35 | 038,204,248 | ---- | C] () -- C:\Documents and Settings\pasi\Omat tiedostot\MVI_7905.avi
[2012.11.26 12:14:28 | 000,000,026 | ---- | C] () -- C:\WINDOWS\ABBDOC.INI
[2012.11.21 15:24:42 | 000,047,063 | ---- | C] () -- C:\111423_5626.pdf
[2012.11.02 12:08:44 | 000,653,469 | ---- | C] () -- C:\Documents and Settings\pasi\Omat tiedostot\Pylväskoura.JPG
[2012.11.02 08:39:52 | 000,182,634 | ---- | C] () -- C:\Documents and Settings\pasi\Omat tiedostot\Voiman.bmp
[2012.10.03 09:00:18 | 000,086,792 | ---- | C] () -- C:\Documents and Settings\pasi\Omat tiedostot\1-iv2016rv-xl.jpg
[2012.10.03 07:40:20 | 000,680,873 | ---- | C] () -- C:\Documents and Settings\pasi\Omat tiedostot\iveco5.JPG
[2012.10.03 07:33:03 | 000,677,079 | ---- | C] () -- C:\Documents and Settings\pasi\Omat tiedostot\iveco4.JPG
[2012.10.03 07:13:59 | 000,673,796 | ---- | C] () -- C:\Documents and Settings\pasi\Omat tiedostot\iveco3.JPG
[2012.10.03 07:03:09 | 000,660,952 | ---- | C] () -- C:\Documents and Settings\pasi\Omat tiedostot\iveco2.JPG
[2012.10.03 06:51:11 | 000,646,608 | ---- | C] () -- C:\Documents and Settings\pasi\Omat tiedostot\iveco1.JPG
[2012.09.27 10:45:36 | 002,509,936 | ---- | C] () -- C:\Documents and Settings\pasi\Omat tiedostot\IMG_7781.jpg
[2012.09.27 08:12:08 | 003,255,430 | ---- | C] () -- C:\Documents and Settings\pasi\Omat tiedostot\IMG_7780.jpg
[2012.09.26 13:44:10 | 002,741,075 | ---- | C] () -- C:\Documents and Settings\pasi\Omat tiedostot\IMG_7777.jpg
[2012.09.26 13:43:50 | 003,101,900 | ---- | C] () -- C:\Documents and Settings\pasi\Omat tiedostot\IMG_7776.jpg
[2012.09.26 13:43:04 | 002,972,793 | ---- | C] () -- C:\Documents and Settings\pasi\Omat tiedostot\IMG_7775.jpg
[2012.09.14 08:13:37 | 002,960,102 | ---- | C] () -- C:\Documents and Settings\pasi\Omat tiedostot\IMG_7678.jpg
[2012.09.12 07:05:23 | 000,197,784 | ---- | C] () -- C:\Documents and Settings\pasi\Omat tiedostot\2012-09-08-018.jpg
[2012.09.10 18:46:56 | 000,177,458 | ---- | C] () -- C:\Documents and Settings\pasi\Omat tiedostot\IMG_7667.jpg
[2012.09.05 08:25:13 | 000,026,179 | ---- | C] () -- C:\Documents and Settings\pasi\Omat tiedostot\12.09.05 Muovisinetti.pdf
[2012.08.31 11:26:37 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\Työpöytä\Java Web Start.lnk
[2012.08.23 06:43:22 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Työpöytä\Google Chrome.lnk
[2012.08.23 06:43:22 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\pasi\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012.08.08 11:11:21 | 000,000,022 | ---- | C] () -- C:\WINDOWS\tpcsd
[2012.08.03 06:27:20 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\All Users\Työpöytä\Nokia Suite.lnk
[2012.07.20 12:29:58 | 000,002,531 | ---- | C] () -- C:\Documents and Settings\All Users\Työpöytä\DraftSight.lnk
[2012.07.20 12:29:58 | 000,001,988 | ---- | C] () -- C:\Documents and Settings\pasi\Application Data\Microsoft\Internet Explorer\Quick Launch\DraftSight.lnk
[2012.07.18 12:04:39 | 000,000,588 | ---- | C] () -- C:\Documents and Settings\pasi\Omat tiedostot\PiLu.lnk
[2012.05.15 06:06:03 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012.03.22 13:17:23 | 000,126,976 | RHS- | C] () -- C:\WINDOWS\System32\mshtmledl.dll
[2012.03.22 13:17:23 | 000,000,310 | ---- | C] () -- C:\WINDOWS\tasks\KAXVQHHXKV.job
[2012.02.15 07:07:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.15 07:07:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2011.06.09 06:59:50 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\Db_wmf32.dll
[2011.01.11 12:04:54 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\pasi\.recently-used.xbel
[2009.06.12 12:50:32 | 000,000,998 | RHS- | C] () -- C:\Documents and Settings\pasi\ntuser.pol
[2007.02.22 12:57:37 | 000,011,240 | ---- | C] () -- C:\Documents and Settings\pasi\MSACAL.EXD
[2007.01.09 16:00:48 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\pasi\PUTTY.RND
[2006.03.16 14:11:57 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\pasi\Local Settings\Application Data\fusioncache.dat
[2006.02.04 01:10:13 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006.01.12 10:20:55 | 000,015,428 | ---- | C] () -- C:\Documents and Settings\pasi\RefEdit.EXD
[2005.06.16 11:05:01 | 000,003,654 | ---- | C] () -- C:\Program Files\NaviPres.prf
[2005.06.16 11:03:46 | 000,468,034 | ---- | C] () -- C:\Program Files\DICTION.SPL
[2005.06.16 11:03:46 | 000,391,680 | ---- | C] () -- C:\Program Files\xnmba455.dll
[2005.06.16 11:03:46 | 000,089,088 | ---- | C] () -- C:\Program Files\xnmhb455.dll
[2005.06.16 11:03:46 | 000,069,120 | ---- | C] () -- C:\Program Files\xnmte455.dll
[2005.06.16 11:03:46 | 000,028,160 | ---- | C] () -- C:\Program Files\xnmhn455.dll
[2005.04.08 14:35:11 | 000,000,056 | ---- | C] () -- C:\Documents and Settings\pasi\.jalbum-recent-projects.properties
[2004.10.19 13:47:56 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\pasi\excel.box
[2004.10.13 11:53:39 | 000,163,840 | ---- | C] () -- C:\Documents and Settings\pasi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004.10.11 11:45:58 | 000,002,412 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

========== ZeroAccess Check ==========

[2004.10.11 11:22:42 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 18:11:45 | 001,498,624 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009.02.09 12:54:17 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008.04.14 18:11:56 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >





OTL Extras logfile created on: 27.12.2012 13:24:43 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\pasi\Työpöytä
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040B | Country: Suomi | Language: FIN | Date Format: dd.MM.yyyy

1.49 Gb Total Physical Memory | 0.73 Gb Available Physical Memory | 48.69% Memory free
2.09 Gb Paging File | 1.34 Gb Available in Paging File | 64.36% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 40.34 Gb Free Space | 54.14% Space Free | Partition Type: NTFS
Drive J: | 68.33 Gb Total Space | 23.29 Gb Free Space | 34.08% Space Free | Partition Type: NTFS
Drive O: | 22.20 Gb Total Space | 1.46 Gb Free Space | 6.59% Space Free | Partition Type: NTFS
Drive R: | 410.10 Gb Total Space | 231.42 Gb Free Space | 56.43% Space Free | Partition Type: NTFS

Computer Name: PASIHP3000 | User Name: PASI | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 360 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1078081533-1614895754-839522115-1195\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900
"55945:TCP" = 55945:TCP:*:Enabled:Windows Core Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\AtomFTP\AtomFTP.exe" = C:\Program Files\AtomFTP\AtomFTP.exe:*:Enabled:AtomFTP - http://pelu.jns.fi/~akarttun/atomftp
"C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe" = C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe:*:EnabledowerCinema
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Resurssienhallinta -- (Microsoft Corporation)
"C:\Documents and Settings\pasi\Local Settings\Temp\OraInstall2008-02-19_07-20-33AM\jre\1.4.2\bin\java.exe" = C:\Documents and Settings\pasi\Local Settings\Temp\OraInstall2008-02-19_07-20-33AM\jre\1.4.2\bin\java.exe:*:Enabled:java
"C:\Documents and Settings\pasi\Local Settings\Temp\OraInstall2008-02-19_07-50-54AM\jre\1.4.2\bin\java.exe" = C:\Documents and Settings\pasi\Local Settings\Temp\OraInstall2008-02-19_07-50-54AM\jre\1.4.2\bin\java.exe:*:Enabled:java
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\system32\dllhost.exe" = C:\WINDOWS\system32\dllhost.exe:*:Enabled:COM Surrogate -- (Microsoft Corporation)
"C:\Program Files\UltraVNC\vncviewer.exe" = C:\Program Files\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Documents and Settings\administrator\Local Settings\Temp\OraInstall2011-02-10_07-39-48AM\jdk\jre\bin\java.exe" = C:\Documents and Settings\administrator\Local Settings\Temp\OraInstall2011-02-10_07-39-48AM\jdk\jre\bin\java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*isabled:Nokia Service Layer Host Process
"C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" = C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*isabled:Nokia Ovi Suite

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{0836C2CD-3695-40CA-9491-4CB1C697FF84}" = Microsoft .NET Framework 3.0 Finnish Language Pack
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0BE48B0B-0155-47A3-BE37-AD39CF070DCA}" = Mshtml
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{2108A279-C637-494F-9FEC-48F65D366191}" = ABB ProSoft4
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (PSSOFTWARE)
"{2DE09465-158D-4C6F-BF7D-4BD832AA04C0}" = .NET Framework Machine Code Access Security Policy
"{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Management Programs
"{308017E2-D87C-4101-90C8-6DA7D2613824}" = Maxtor Manager
"{350C940b-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}" = Apple Mobile Device Support
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{37A66801-EEA6-4100-B131-C998A7C26E21}" = .NET Framework Machine Code Access Security Policy
"{3A3585B2-6038-47C0-B334-33D8065DF2F5}" = .NET Framework Machine Code Access Security Policy
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{4538A1AF-6894-4F10-ABDA-6CB9E6ACF8B6}" = Microsoft .NET Framework 1.1 Finnish Language Pack
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5081528F-5DD5-49BA-8213-9A6A13502497}" = Sentinel System Driver 5.41.1 (32-bit)
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}" = Oracle Data Provider for .NET Help
"{6B0A882B-3AB7-45FE-B1E1-9A832413D699}" = MonacoOPTIX 2.0
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (HLP)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite
"{7F34A21F-2DEB-4598-BB19-611D6BD24271}" = Managed DirectX (0900)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8EBF1B19-7756-42E5-A663-93ACB1D1FEA8}" = DraftSight
"{90140000-0010-040B-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Finnish) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-040B-0000-0000000FF1CE}" = Microsoft Office Access MUI (Finnish) 2010
"{90140000-0015-040B-0000-0000000FF1CE}_Office14.PROPLUS_{FD8C09D5-7564-402B-8A7D-5DB01A6AB911}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-040B-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Finnish) 2010
"{90140000-0016-040B-0000-0000000FF1CE}_Office14.PROPLUS_{FD8C09D5-7564-402B-8A7D-5DB01A6AB911}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-040B-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Finnish) 2010
"{90140000-0018-040B-0000-0000000FF1CE}_Office14.PROPLUS_{FD8C09D5-7564-402B-8A7D-5DB01A6AB911}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-040B-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Finnish) 2010
"{90140000-0019-040B-0000-0000000FF1CE}_Office14.PROPLUS_{FD8C09D5-7564-402B-8A7D-5DB01A6AB911}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-040B-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Finnish) 2010
"{90140000-001A-040B-0000-0000000FF1CE}_Office14.PROPLUS_{FD8C09D5-7564-402B-8A7D-5DB01A6AB911}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-040B-0000-0000000FF1CE}" = Microsoft Office Word MUI (Finnish) 2010
"{90140000-001B-040B-0000-0000000FF1CE}_Office14.PROPLUS_{FD8C09D5-7564-402B-8A7D-5DB01A6AB911}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040B-0000-0000000FF1CE}" = Microsoft Office Proof (Finnish) 2010
"{90140000-001F-040B-0000-0000000FF1CE}_Office14.PROPLUS_{0EF937D0-95B1-42E3-9643-9D49E4323DF9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2010
"{90140000-001F-0419-0000-0000000FF1CE}_Office14.PROPLUS_{DD6E7CDF-BDFF-43CF-8CCE-84FBEC5ABB77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-041D-0000-0000000FF1CE}" = Microsoft Office Proof (Swedish) 2010
"{90140000-001F-041D-0000-0000000FF1CE}_Office14.PROPLUS_{D00E944F-5ECB-42FF-B58E-8FDCF2219DE8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-040B-0000-0000000FF1CE}" = Microsoft Office Proofing (Finnish) 2010
"{90140000-002C-040B-0000-0000000FF1CE}_Office14.PROPLUS_{607F3F36-0E5F-4E06-B80A-38E7E1D8BE27}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-040B-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Finnish) 2010
"{90140000-0044-040B-0000-0000000FF1CE}_Office14.PROPLUS_{FD8C09D5-7564-402B-8A7D-5DB01A6AB911}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-040B-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Finnish) 2010
"{90140000-006E-040B-0000-0000000FF1CE}_Office14.PROPLUS_{65A88F1F-5D91-4A72-BE78-A0B0B6BD45A8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-040B-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Finnish) 2010
"{90140000-00A1-040B-0000-0000000FF1CE}_Office14.PROPLUS_{FD8C09D5-7564-402B-8A7D-5DB01A6AB911}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-040B-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Finnish) 2010
"{90140000-00BA-040B-0000-0000000FF1CE}_Office14.PROPLUS_{FD8C09D5-7564-402B-8A7D-5DB01A6AB911}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{935FADCB-C25B-4F62-B9B4-F22C40431642}" = Windows Presentation Foundation Language Pack (FIN)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A5E9A73E-8FC0-387D-9CCE-8BAA6B042872}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FIN
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AAC4426A-42CD-4B4E-8057-9738C96F2C8F}" = HP Safety and Comfort Guide
"{AC76BA86-7AD7-1035-7B44-A70900000002}" = Adobe Reader 7.0.9 - Suomi
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{E369A040-E812-37B3-A5B9-311E5579FAC3}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fin
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EF6C4600-306D-4F6A-A119-C2A877D25B4A}" = iTunes
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FC97690A-90AD-3A67-BE73-50886A93CFF5}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FIN
"ABBSoftwareDesktop2" = ABB Software Desktop 2
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AutoCAD R13 Uninstall" = AutoCAD R13
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CCleaner" = CCleaner
"CDex" = CDex - Open Source Digital Audio CD Extractor
"ConnectIT" = ConnectIT
"CSCLIB" = Canon Camera Support Core Library
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Defraggler" = Defraggler
"DOC2" = ABB DOC2
"EAGLE 4.13r1" = EAGLE 4.13r1
"FastStone Photo Resizer" = FastStone Photo Resizer 1.4
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 1.99.1
"HitmanPro36" = HitmanPro 3.6
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Management Programs
"InstallShield_{308017E2-D87C-4101-90C8-6DA7D2613824}" = Maxtor Manager
"LOGO!Soft Comfort V6.1" = LOGO!Soft Comfort V6.1
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versio 1.65.1.1000
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0 Finnish Language Pack" = Microsoft .NET Framework 3.0:n suomen kielipaketti
"Microsoft .NET Framework 3.5 Language Pack SP1 - fin" = Microsoft .NET Framework 3.5 SP1:n kielitukipaketti - FI
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 17.0.1 (x86 fi)" = Mozilla Firefox 17.0.1 (x86 fi)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Suite" = Nokia Suite
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office8.0" = Microsoft Office 97, Professional-versio
"PaperCut NG Client_is1" = PaperCut NG Client 9.1
"PhotoStitch" = Canon Utilities PhotoStitch
"progeCAD 2009 Smart! ENG" = progeCAD 2009 Smart! ENG
"progeCAD Libraries" = progeCAD Libraries
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Software Setup" = Software Setup
"Ultravnc2_is1" = UltraVNC 1.0.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.7
"WMFDist11" = Windows Media Format 11 runtime
"VobSub" = VobSub v2.23 (Remove Only)
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 18.12.2012 1:10:22 | Computer Name = PASIHP3000 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft SQL Server 2005 Express Edition -- Error 2259.
The installer has encountered an unexpected error. The error code is 2259. Database:
Table(s) Update failed

Error - 20.12.2012 0:55:40 | Computer Name = PASIHP3000 | Source = Userenv | ID = 1054
Description = Windows ei löydä tietokoneverkon toimialueen ohjauskoneen nimeä. (Määritettyä
toimialuetta ei ole tai siihen ei saatu yhteyttä. ). Ryhmäkäytännön käsittely keskeytettiin.


Error - 20.12.2012 0:55:59 | Computer Name = PASIHP3000 | Source = AutoEnrollment | ID = 15
Description = Automaattinen sertifikaatin rekisteröinti kohteelle paikallinen järjestelmä
ei pystynyt muodostamaan yhteyttä Active Directoryyn (0x8007054b). Määritettyä
toimialuetta ei ole tai siihen ei saatu yhteyttä. Rekisteröintiä ei suoriteta.

Error - 20.12.2012 0:56:15 | Computer Name = PASIHP3000 | Source = Userenv | ID = 1054
Description = Windows ei löydä tietokoneverkon toimialueen ohjauskoneen nimeä. (Määritettyä
toimialuetta ei ole tai siihen ei saatu yhteyttä. ). Ryhmäkäytännön käsittely keskeytettiin.


Error - 20.12.2012 1:05:45 | Computer Name = PASIHP3000 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft SQL Server 2005 Express Edition -- Error 2259.
The installer has encountered an unexpected error. The error code is 2259. Database:
Table(s) Update failed

Error - 21.12.2012 1:01:42 | Computer Name = PASIHP3000 | Source = Userenv | ID = 1054
Description = Windows ei löydä tietokoneverkon toimialueen ohjauskoneen nimeä. (Määritettyä
toimialuetta ei ole tai siihen ei saatu yhteyttä. ). Ryhmäkäytännön käsittely keskeytettiin.


Error - 21.12.2012 1:01:59 | Computer Name = PASIHP3000 | Source = AutoEnrollment | ID = 15
Description = Automaattinen sertifikaatin rekisteröinti kohteelle paikallinen järjestelmä
ei pystynyt muodostamaan yhteyttä Active Directoryyn (0x8007054b). Määritettyä
toimialuetta ei ole tai siihen ei saatu yhteyttä. Rekisteröintiä ei suoriteta.

Error - 21.12.2012 1:04:04 | Computer Name = PASIHP3000 | Source = Userenv | ID = 1053
Description = Windows ei voi selvittää käyttäjän tai tietokoneen nimeä. (Määritettyä
toimialuetta ei ole tai siihen ei saatu yhteyttä. ). Ryhmäkäytännön käsittely keskeytettiin.


Error - 21.12.2012 1:11:01 | Computer Name = PASIHP3000 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft SQL Server 2005 Express Edition -- Error 2259.
The installer has encountered an unexpected error. The error code is 2259. Database:
Table(s) Update failed

Error - 24.12.2012 2:59:59 | Computer Name = PASIHP3000 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft SQL Server 2005 Express Edition -- Error 2259.
The installer has encountered an unexpected error. The error code is 2259. Database:
Table(s) Update failed

[ System Events ]
Error - 21.12.2012 1:01:34 | Computer Name = PASIHP3000 | Source = W32Time | ID = 39452701
Description = Aikatoimittajan NTP-asiakas on määritetty hakemaan aika vähintään
yhdestä aikalähteestä, mutta yksikään lähde ei ole käytettävissä. Aikalähteeseen
ei yritetä muodostaa yhteyttä 14 minuuttiin. NTP-asiakkaan käytettävissä ei ole
tarkkaa aikalähdettä.

Error - 21.12.2012 1:01:49 | Computer Name = PASIHP3000 | Source = W32Time | ID = 39452701
Description = Aikatoimittajan NTP-asiakas on määritetty hakemaan aika vähintään
yhdestä aikalähteestä, mutta yksikään lähde ei ole käytettävissä. Aikalähteeseen
ei yritetä muodostaa yhteyttä 14 minuuttiin. NTP-asiakkaan käytettävissä ei ole
tarkkaa aikalähdettä.

Error - 21.12.2012 1:02:46 | Computer Name = PASIHP3000 | Source = Service Control Manager | ID = 7000
Description = Palvelua First ei voi käynnistää. Virhekoodi on %%2

Error - 21.12.2012 1:12:44 | Computer Name = PASIHP3000 | Source = Windows Update Agent | ID = 20
Description = Asennus epäonnistui: Windows ei voinut asentaa seuraavaa päivitystä
ja palautti virheen 0x80070643: Microsoft SQL Server 2005 Express Edition Service
Pack 4 (KB2463332).

Error - 21.12.2012 4:27:47 | Computer Name = PASIHP3000 | Source = Service Control Manager | ID = 7000
Description = Palvelua First ei voi käynnistää. Virhekoodi on %%2

Error - 21.12.2012 7:38:10 | Computer Name = PASIHP3000 | Source = Service Control Manager | ID = 7000
Description = Palvelua First ei voi käynnistää. Virhekoodi on %%2

Error - 24.12.2012 2:47:24 | Computer Name = PASIHP3000 | Source = Service Control Manager | ID = 7000
Description = Palvelua First ei voi käynnistää. Virhekoodi on %%2

Error - 24.12.2012 3:01:39 | Computer Name = PASIHP3000 | Source = Windows Update Agent | ID = 20
Description = Asennus epäonnistui: Windows ei voinut asentaa seuraavaa päivitystä
ja palautti virheen 0x80070643: Microsoft SQL Server 2005 Express Edition Service
Pack 4 (KB2463332).

Error - 27.12.2012 1:33:07 | Computer Name = PASIHP3000 | Source = Service Control Manager | ID = 7000
Description = Palvelua First ei voi käynnistää. Virhekoodi on %%2

Error - 27.12.2012 2:54:29 | Computer Name = PASIHP3000 | Source = Service Control Manager | ID = 7000
Description = Palvelua First ei voi käynnistää. Virhekoodi on %%2


< End of report >

 

.
Eipä täältäkään mainitsemaasi vikaa löydy.
Vaikuttaa selaimen sisäiseltä ongelmalta.

--------------------------------------------

Kopioi alla olevasta laatikosta kaikki muistiin. (Ctrl+C)

Koodi:

:OTL
IE - HKU\S-1-5-21-1078081533-1614895754-839522115-1195\..\SearchScopes,DefaultScope = {992C8ECC-A855-4932-BACA-3854A99DD1B0}
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
O3 - HKU\S-1-5-21-1078081533-1614895754-839522115-1195\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url]http://java.sun.com/update/1.4.2/jinsta...indows-i586.cab[/url] (Reg Error: Value error.)
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} [url]http://support.f-secure.com/ols/fscax.cab[/url] (F-Secure Online Scanner 3.0)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [url]http://java.sun.com/update/1.4.2/jinsta...indows-i586.cab[/url] (Java Plug-in 1.4.2_03)

:services
HidServ
WDICA
RkHit
PDRFRAME
PDRELI
PDFRAME
PDCOMP
PCIDump
lbrtfdc
iAimTV2
i2omgmt
First
Changer

:commands
[PURITY]
[EMPTYTEMP]
[RESETHOSTS]

Käynnistä OTL.EXE ohjelma. (Vista / 7 tee hiiren kakkosnapilla ja JV:nä)
Liitä muistista texti OTL:n valkoiseen laatikkoon (Custom Scans/Fixes)
Paina sitten Run Fix nappia
Lopuksi se pyytää koneen ReStarttia => OK
Logi aukeaa muistioon josta kopioit sen viestiisi.

 

Huomenta,

ohjeen mukaan tehty ja alla loki:

All processes killed
========== OTL ==========
HKEY_USERS\S-1-5-21-1078081533-1614895754-839522115-1195\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1078081533-1614895754-839522115-1195\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {9D190AE6-C81E-4039-8061-978EBAD10073}
C:\WINDOWS\Downloaded Program Files\fscax.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9D190AE6-C81E-4039-8061-978EBAD10073}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D190AE6-C81E-4039-8061-978EBAD10073}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9D190AE6-C81E-4039-8061-978EBAD10073}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D190AE6-C81E-4039-8061-978EBAD10073}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
========== SERVICES/DRIVERS ==========
Service HidServ stopped successfully!
Service HidServ deleted successfully!
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service RkHit stopped successfully!
Service RkHit deleted successfully!
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service iAimTV2 stopped successfully!
Service iAimTV2 deleted successfully!
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service First stopped successfully!
Service First deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: administrator
->Temp folder emptied: 57527931 bytes
->Temporary Internet Files folder emptied: 35653 bytes
->Java cache emptied: 0 bytes

User: All Users

User: antti
->Temp folder emptied: 33681 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 86386445 bytes
->Flash cache emptied: 475 bytes

User: auli
->Temp folder emptied: 11541 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Järjestelmänvalvoja
->Temp folder emptied: 53850 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3028556 bytes
->Flash cache emptied: 348 bytes

User: NetworkService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: olli
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: pasi
->Temp folder emptied: 704432381 bytes
->Temporary Internet Files folder emptied: 421815576 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 70285311 bytes
->Google Chrome cache emptied: 6403951 bytes
->Flash cache emptied: 523 bytes

User: valvomo
->Temp folder emptied: 104423 bytes
->Temporary Internet Files folder emptied: 6005090 bytes
->Java cache emptied: 204149 bytes
->FireFox cache emptied: 56688724 bytes
->Flash cache emptied: 12156 bytes

User: verkosto
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 32835 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 39097 bytes
%systemroot%\System32 .tmp files removed: 2518 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 77739115 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 344475895 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 110120 bytes
RecycleBin emptied: 1066024 bytes

Total Files Cleaned = 1 752.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 12282012_081051

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_388.dat not found!
File\Folder C:\Documents and Settings\pasi\Local Settings\Temp\fla73.tmp not found!
C:\Documents and Settings\pasi\Local Settings\Temporary Internet Files\Content.IE5\ZH8V2DE3\edukas_nosto[1].htm moved successfully.
C:\Documents and Settings\pasi\Local Settings\Temporary Internet Files\Content.IE5\ZH8V2DE3\googlen_linkit_uudelleenohjautuvat_googleen-951926[1].htm moved successfully.
File\Folder C:\Documents and Settings\pasi\Local Settings\Temporary Internet Files\Content.IE5\ZH8V2DE3\like[1].htm not found!
C:\Documents and Settings\pasi\Local Settings\Temporary Internet Files\Content.IE5\VATZ62S9\xd_arbiter[1].htm moved successfully.
File\Folder C:\Documents and Settings\pasi\Local Settings\Temporary Internet Files\Content.IE5\067U3VZE\xd_arbiter[3].htm not found!
C:\Documents and Settings\pasi\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

.
* Käynnistä OTL.EXE.
* Klikkaa CleanUp!.
* Valitse Yes kun kysytään "Begin cleanup Process?".
* Jos pyydetään, että saako koneen käynnistää uudelleen, valitse Yes.
* OTL poistaa itsensä kun se on valmis.

------------------------------------------------------------

Suosittelen selaimen uudelleen asennusta. Oletan sinun käyttävän
Mozilla Firefox selainta ???
Ennen uuden asentamista kaikki selaimen kansiot (3 kpl)poistettava ja
kone uudelleen käynnistettävä.

 

Kiitos, täytyypä kokeilla. Käytän pääasiassa Firefoxia, mutta myös IE on käytössä kun jotkin verkon yli käytettävät ohjelmat vaativat sen. Sama uudelleenohjautuvuus on kummassakin, sekä IE:ssä että Firefoxissa. Ilmoittelen mitä käy tuon CleanUpin jälkeen

Mukavaa loppuvuotta!

 

.
Kiitos samoin !!!

 

No niin, nyt jotain tapahtui kun poistin Firefoxin. Samalla poistui scriptinesto-ohjelma joka tähän koneelle oli asennettu, ja nyt googlen linkkiä klikkaamalla avautuu mitä tahansa sivuja. Ensin avautuu joku directagain.net ja sen jälkeen kaikenlaisia pelisivuja jne. Sen sijaan äkkiseltään katsottuna IE:ssä Googlenkin linkit näyttäisivät toimivan oikein.

 

Korjaus edelliseen, IE meni aivan hurjaksi ja ponnahdusikkunoita avautuu toisensa perään niin että oli pakko sammuttaa kone pakotetusti. Firefoxiin asensin NoScriptin ja se rauhoittui käyttäytymään kuten ennenkin, eli Googlen linkkiä klikkaamalla avautuu vain Googlen etusivu. Käytännössä ilmeisesti siis yrittää uudelleenohjautua jonnekin mutta NoScript estää uudelleenohjautumisen ja "jää" vain Googlen etusivulle.

 

.
Aja tämä uudelleen =>

AdwCleaner:

Aja ohjema Hiiren oikealla näppäimellä painat ja valitset =>
Suorita Järjestelmänvalvojana

Paina => Search nappia.
Muistioon aukeaa sivu josta näet mitä poistetaan. (AdwCleaner[R1].txt)
Sammuta kaikki muut ohjelmat paitsi virustorjunta.

Paina Delete nappia ja => OK:ta niin kauankuin kone
käynnistää itsensä uudelleen.

Muistioon aukeaa nyt AdwCleaner[S1].txt tiedosto, jonka sisällön
kopioit vastaus viestiisi tänne.

Ja jos selain ei rauhoitu aja uusi OTL logi.

 

"Suorita järjestelmänvalvojana" ei löydy, mutta johtunee käyttöjärjestelmästä? Tässä koneessa XP.
AdwCleaner ajettu ja kohta kokeilen selainta ja ajan OTL:n uusiksi:

# AdwCleaner v2.103 - Logfile created 01/02/2013 at 13:29:57
# Updated 25/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : PASI - PASIHP3000
# Boot Mode : Normal
# Running from : C:\Documents and Settings\pasi\Työpöytä\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\valvomo\Application Data\BabylonToolbar

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (fi)

File : C:\Documents and Settings\valvomo\Application Data\Mozilla\Firefox\Profiles\j4tvsd4h.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\pasi\Application Data\Mozilla\Firefox\Profiles\5f0uyt8e.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\antti\Application Data\Mozilla\Firefox\Profiles\eobf95iz.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1178 octets] - [02/01/2013 13:27:31]
AdwCleaner[S1].txt - [1111 octets] - [02/01/2013 13:29:57]

########## EOF - C:\AdwCleaner[S1].txt - [1171 octets] ##########

 

.
Tämän AdwCleanerin mukaan siellä ei olisi
ollut kuin Babylonin kansio.

--------------

Totta XP:ssä ei olekaan JV optiota.