Tietokoneessani on viruksia - kuinka poistan ne?

Tooumas · 21.06.2009

Avasin jo aiemmin viestiketjun kun halusin jonkun tarkistavan HJT logini. No löysin siinä välissä itse jo koneelta viruksen tai viruksia. Minulla on 3 päällä olevaa prosessia (b.exe, csrss.exe ja atieclxx.exe) Eli kuinka poistan nämä virukset? Olkaa niin kilttejä ja neuvokaa tarkasti, koska olen aivan aloittelija näissä asioissa. kiitos jo etukäteen.

AfterDawn

juuSOS · 21.06.2009

b.exe: Virus, W32/Sdbot-XK WORM/IRC backdoor
Sijainti: C:\Windows\System32

csrss.exe on Windowsin tärkeä prosessi ja atieclxx.exe ATI-näytönohjaimen ajuriprosessi.

1. Lataa ja asenna HJT tästä.
2. Paina valikosta "Do a system scan and save a logfile".
3. Tallena HJT-logi.
4. Copy/Pastea se viestiin.
5. ODOTA, kärsivällisesti.

Jos et tajunnut niin: http://www.whatthetech.com/hijackthis/
Lue myös tämä: http://virustorjunta.net/modules.php?name=Artikkelit&op=viewarticle&artid=47

Tooumas · 16.07.2009

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:36:45, on 21.6.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\msa.exe
C:\Users\TUOMAS~1\AppData\Local\Temp\b.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\PC Protection\Common\FSM32.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\*käyttäjän nimi*\Program Files\DNA\btdna.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\PC Protection\FSGUI\fsguidll.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kainuu.com/Main.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\Windows\system32\msxml71.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PC Protection\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PC Protection\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\*käyttäjän nimi*\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Cognac] C:\Users\TUOMAS~1\AppData\Local\Temp\b.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-21-912600381-1854815515-268499315-1001\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Muu perhe')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PC Protection\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\PC Protection\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PC Protection\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\PC Protection\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\PC Protection\ORSP Client\fsorsp.exe
O23 - Service: Google Update Service (gupdate1c98d215460089e) (gupdate1c98d215460089e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 10462 bytes

Kiitos kun kerroit että nuo ovatkin tärketiä ohjemlmia. Joidenkin sivustojen mukaan viruksia. ? Nyt voin nukkua yön rauhassa. Onko tuo b.exe muuten miten vaarallinen? :/

Tooumas · 21.06.2009

Nyt kun olin käytänyt tietokonetta kiinni, niin huomasin että piippaus joka tuli luultavasti jostai viruksesta on loppunut. Mutta palaan asiaan huomenna. toivottavasti tuon login avulla joku voi auttaa poistamaan madon.

E. piippaus alkoi jälleen. :/

juuSOS · 21.06.2009

Jep, jep... Lataa koneellesi mbam.exe. Ja tee tämän ohjeen mukaan ja lähetä se logi tänne. Ja sitten tee vielä viestin perään uusi HJT-logi.

Tooumas · 16.07.2009

Tuon tehtyäni ja useita "Trojan fake alert" tiedostoja poistettuani en löydä ainakaan enää b.exeä
tässä logit:

Malwarebytes' Anti-Malware 1.38
Tietokantaversio: 2318
Windows 6.0.6001 Service Pack 1

21.6.2009 19:08:29
mbam-log-2009-06-21 (19-08-29).txt

Tarkistustyyppi: Pikatarkistus
Tarkistetut kohteet: 84817
Kulunut aika: 3 minute(s), 3 second(s)

Saastuneita muistiprosesseja: 2
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 8
Saastuneita rekisteriarvoja: 1
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 14

Saastuneita muistiprosesseja:
C:\Users\\AppData\Local\Temp\b.exe (Trojan.FakeAlert) -*käyttäjän nimi*> Unloaded process successfully.
C:\Windows\msa.exe (Trojan.Agent) -> Unloaded process successfully.

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cognac (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\Users\*käyttäjän nimi*\AppData\Local\Temp\b.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\*käyttäjän nimi*\AppData\Local\Temp\a.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\*käyttäjän nimi*\AppData\Local\Temp\Low\1F47.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\*käyttäjän nimi*\AppData\Local\Temp\Low\1F47.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\*käyttäjän nimi*\AppData\Local\Temp\Low\99E3.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\*käyttäjän nimi*\AppData\Local\Temp\Low\99E3.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\*käyttäjän nimi*\AppData\Local\Temp\Low\EEE4.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\*käyttäjän nimi*\AppData\Local\Temp\Low\EEE4.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\*käyttäjän nimi*\AppData\Local\Temp\Low\F2D9.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\*käyttäjän nimi*\AppData\Local\Temp\Low\F2D9.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:13:27, on 21.6.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\PC Protection\Common\FSM32.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\PC Protection\FSGUI\fsguidll.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\*käyttäjän nimi*\Program Files\DNA\btdna.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\TJH\scanneri.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kainuu.com/Main.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PC Protection\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PC Protection\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\*käyttäjän nimi*\Program Files\DNA\btdna.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PC Protection\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\PC Protection\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PC Protection\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\PC Protection\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\PC Protection\ORSP Client\fsorsp.exe
O23 - Service: Google Update Service (gupdate1c98d215460089e) (gupdate1c98d215460089e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 9908 bytes

Löytyykö enää mitään?

Tooumas · 21.06.2009

Liittyisiköhän tuo nimi "Trojan Fake alert" siihen, että yhtäkkiä alkoi kuulumaan ihmeellistä piipitystä jota helposti luulisi joksikin hälytys ääneksi. Itseasiassa, kun tajusin, että virus oli päässyt koneeseen ja tuo ääni alkoi kuulumaan, luulin sitä F-Securen joksikin varoitusääneksi. Eli olisikohan tuon äänen tarkoitus ärsyttää käyttäjää. Ja välillä aukesi itsekseen IE pop upeja jostain mainoksista. Ja tuli myös wintoosalta ilmoituksia siitä että jokin *****.dll tiedosto on sammunut ja wintoosa etsii ratkaisua tai jotain tämän kaltaista. Nyt kun ajoin tuon ohjelman ja se käski rebootata, niin sen jälkeen ei ole näkynyt sitä b.exe:ä eikä mitään noista oireista ole ilmennyt. Ainakaan toistaiseksi.

Tooumas · 21.06.2009

Toivoisin että joku katsoisi nopeasti nuo viimeisimmät logit, sillä huomenna 12 aikoihin päivällä olisin lähdössä mökille ja olisi kiva tietää ennen lähtöä, että onko se kone puhdistunut varmasti kun siellä mökillä kuitenkin olen varmaan perjantaihin. Ei tässä mitään, muuten odottaisin kyllä. Ja kiitos todella todella todella paljon juuSOS neuvoista ja avustasi!

juuSOS · 22.06.2009

Hätäisellä tarkastuksella en tuosta mitään löytänyt. Mielenkiintoinen tuo ääntä pitävä virus...

Ja jos piippailu jatkuu niin sen pitäisi hiljentyä näillä neuvoilla:
1. Näpsäytä oikealla hiiren painikkeella Oma Tietokonetta
2. Device Manager/Laitehallinta vasemmalla listassa
3. Listalta -> näytä piilotetut laitteet
4. Non-Plug and Play Drivers oikealla hiirellä ominaisuudet/properties
5. Disabled
6. Boottaa kone

Jospa vaikka kuva selventäisi...

Huono suomennos

Tooumas · 25.06.2009

Piippaus ei ole jatkunut sen jälkeen kun latasin tuon linkittämäi ohjleman joka poisti joitain Trojalaisia. Mutta jos uudestaan alkaa piipittämään niin kokeilen noita sinun ohjeitasi

Tooumas · 26.06.2009

Tuli tuossa mieleen, että mitä nämä on?

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O1 - Hosts: ::1 localhost

Jotain toolbareja?

warwas · 27.06.2009

Nuo 02-riveillä olevat File missing -ilmoitukset ovat luotettavia yhtä örkkiä lukuunottamatta, ja se örkki (gromozon) on nykyään aika harvinainen.

Nuo File missing ovat pelkkiä turhia rekisterinmerkintöjä jotka voi aina poistaa, sinun tapauksessa nyt yahoon ja mesen jämiä.
http://www.systemlookup.com/search....f&search=02478D38-C3F9-4efb-9B51-7695ECA05670

http://www.systemlookup.com/search....f&search=5C255C8A-E604-49b4-9D64-90988571CECB

Nojoo, jos tän lokin kunnolla kattois.

Avaa Windows Defender.
Klikkaa Tools ja General Settings.
Selaa alas ja ota rasti pois Turn on real-time protection (recommended)-kohdasta.
Tämän jälkeen klikkaa Save ja sulje Windows Defender.

Vistassa kaikki fixit tarvii tehdä järjestelmänvalvojana
Eli hiiren oikealla ja aja järjestelmän valvojana.

Avaa HJT
Klikkaa Do a system scan only ja merkkaa seuraavat rivit:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone

O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone

O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone

O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone

O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone

Sammuta kaikki muut ohjelmat paitsi palomuuri ja virustorjunta ja Klikkaa Fix checked

Sulje HJT

-------------------------------------------------------------------

Skannaa koneesi Kaspersky Online Skannerilla

Lue läpi vaatimukset ja yksityisyyssäännökset ja klikkaa Accept.

Skannerin ja virustietokannan lataus alkaa. Sinulta kysytään sallitko Kasperskyltä tulevan ohjelman asentamisen. Klikkaa Aja/Run.

Kun lataus on valmis, klikkaa Settings.

Varmistu, että seuraavat kohdat on valittu. Jos ne eivät ole, valitse ne ja klikkaa Save:

Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases

Klikkaa Oma Tietokone, My Computer Scan-kohdan alapuolelta.

Kun tarkistus on valmis, tulokset näytetään. Klikkaa View Scan Report.

Näet listan saastuneista kohteista. Klikkaa Save Report As....

Tallenna tiedosto työpöydällesi. Muuta Tiedostotyyppi/Files of type muotoon Tekstitiedosto/Text file(.txt) ennen kuin klikkaat Save.

Kopioi ja liitä tiedoston sisältö seuraavaan vastaukseesi uuden HijackThis-lokin kera

Sammuta ja käynnistä tietokone

Lataa tästärandom's system information tool (RSIT) by random/random[/color] ja tallenna se työpöydälle

Tuplaklikkaa RSIT.exeä ajaaksesi RSITin.

Klikkaa Continue.

Kun RSIT on valmis, kaksi lokia avautuu muistioon. Lähetä sekä log.txt:n (<<avautuu suurennettuna) että info.txt:n (<<avautuu pienennettynä) sisältö seuraavassa viestissäsi.

Lähetätkö seuraavat lokit
Kasperskyn tulokset
Rsit:n log.txt:n sekä info.txt:n

Editefenderin ohjeet lisätty.

Tooumas · 16.07.2009

Tuossa nuo Kasperskyn tulokset ja HJT logi. Laitan myöhemin sen RSIT login.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Sunday, June 28, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Sunday, June 28, 2009 06:49:46
Records in database: 2398776
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan statistics:
Files scanned: 281547
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 03:22:08

No malware has been detected. The scan area is clean.

The selected area was scanned.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:12, on 27.6.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\PC Protection\Common\FSM32.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\PC Protection\FSGUI\fsguidll.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\*käyttäjän nimi*\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kainuu.com/Main.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PC Protection\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PC Protection\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\*käyttäjän nimi*\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PC Protection\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\PC Protection\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PC Protection\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\PC Protection\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\PC Protection\ORSP Client\fsorsp.exe
O23 - Service: Google Update Service (gupdate1c98d215460089e) (gupdate1c98d215460089e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 10042 bytes

Tooumas · 28.06.2009

RSIT sanoo että:

Line -1:

Error: Subscript used with non-Array variable.

warwas · 29.06.2009

Fiksasitko HJT:lla, sitten boottia ja sitten vasta tuo uusi loki?
Jollet tehnyt sitä niin tee se nyt ja sen jälkeen sammuta ja käynnistä tietokone ja jatka alla olevilla ohjeilla.
Sekä
Vistassa kaikki fixit tarvii tehdä järjestelmänvalvojana
Eli hiiren oikealla ja aja järjestelmän valvojana.

Jollei Rshitti toimaa niin vaihdetaan softaa.

Lataa OTListIt by OldTimer ja tallenna se työpöydälle.
[*] Sulje kaikki päälläolevat ikkunat ja sovellukset.
[*] Tuplaklikkaa OTList.exeä käynnistääksesi OTListItin.
[*] Valitse sininen "Scan All Users"-valintaruutu (laita siihen rasti).
[*] Klikkaa sinistä Run Scan-nappulaa.
[*] OTListIt aloittaa tarkistuksen.
[*] Kun tarkistus on valmis, OTListIt luo kaksi tekstitiedostoa työpöydälle, OTListIt.Txt <- tämä avautuu Muistioon ja Extras.txt
[*] Kopioi (Ctrl+A , Ctrl+C) ja liitä (Ctrl+V) OTListIt.Txt ja Extras.txt-tiedostojen sisältö seuravaan viestiisi

Tooumas · 16.07.2009

Tein nyt niin että sammutin kaikki hojelmat paitsi virusten torjunnan ja palomuurin, käynnistin HJT:n järjestelmän valvojana, Valitsin nuo 5 "protocol defaults" juttua ja painoin Fix checked. Sitte boottasin koneen ja latasin tuon OT:n ja ajoin sen ohjeiden mukaan. Tässä nämä tekstit.

Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000040B | Country: Suomi | Language: FIN | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 98,84% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,63 Gb Total Space | 108,25 Gb Free Space | 46,54% Space Free | Partition Type: NTFS
Drive D: | 596,17 Gb Total Space | 545,22 Gb Free Space | 91,45% Space Free | Partition Type: NTFS
Drive E: | 348,89 Gb Total Space | 346,35 Gb Free Space | 99,27% Space Free | Partition Type: NTFS
Drive F: | 1,93 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KOTI-PC
Current User Name: *käyttäjän nimi*
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009.03.16 23:27:06 | 00,180,224 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.03.16 23:27:34 | 00,290,816 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2008.10.29 09:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2009.02.12 17:50:47 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2008.01.21 05:23:32 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008.03.26 08:21:30 | 05,369,856 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.02.14 15:20:06 | 00,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
PRC - [2008.02.14 15:19:54 | 00,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
PRC - [2008.01.27 01:27:12 | 00,523,312 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008.02.25 18:57:48 | 00,034,040 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
PRC - [2008.12.04 17:02:40 | 00,182,936 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\Common\FSM32.EXE
PRC - [2007.03.06 18:48:46 | 00,488,984 | ---- | M] (Labtec Inc,) -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2009.03.09 06:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008.10.15 01:04:34 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2008.01.21 05:25:11 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2008.01.21 05:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 05:25:11 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2009.05.15 16:28:12 | 00,321,344 | ---- | M] (BitTorrent, Inc.) -- C:\Users\*käyttäjän nimi*\Program Files\DNA\btdna.exe
PRC - [2007.03.06 18:51:26 | 00,252,704 | ---- | M] (Labtec Inc.) -- C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
PRC - [2008.12.18 14:32:52 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2008.12.18 13:19:44 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2008.01.25 18:49:04 | 00,269,448 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2008.02.25 18:57:22 | 00,021,752 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
PRC - [2008.01.27 01:27:18 | 00,509,488 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.02.14 15:19:18 | 00,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2009.03.04 14:41:10 | 00,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\Anti-Virus\fsgk32st.exe
PRC - [2008.12.04 17:02:40 | 00,117,400 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\Common\FSMA32.EXE
PRC - [2009.05.28 11:44:47 | 00,461,952 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\Anti-Virus\FSGK32.EXE
PRC - [2008.12.04 17:02:40 | 00,232,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\Common\FSMB32.EXE
PRC - [2007.01.17 11:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008.02.25 02:02:54 | 00,049,152 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
PRC - [2008.02.25 18:53:16 | 00,131,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2009.04.12 14:19:49 | 00,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
PRC - [2006.07.19 21:36:58 | 00,262,247 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2008.01.21 05:24:59 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008.12.04 17:02:38 | 00,125,592 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\Common\FCH32.EXE
PRC - [2008.01.21 05:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 05:23:32 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2008.12.04 17:02:38 | 00,404,064 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\Common\FAMEH32.EXE
PRC - [2008.12.04 16:57:06 | 00,043,680 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\Anti-Virus\fsqh.exe
PRC - [2008.12.04 17:03:02 | 00,707,168 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\FSPC\fspc.exe
PRC - [2008.12.04 17:04:02 | 00,055,904 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\ORSP Client\fsorsp.exe
PRC - [2009.05.28 11:44:47 | 00,575,616 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\Anti-Virus\fssm32.exe
PRC - [2008.12.04 16:55:26 | 00,490,080 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\FSAUA\program\fsaua.exe
PRC - [2008.12.04 16:57:54 | 00,510,560 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\FWES\Program\fsdfwd.exe
PRC - [2008.12.04 16:59:14 | 00,604,768 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\FSGUI\fsguidll.exe
PRC - [2008.12.22 18:01:30 | 00,174,688 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\FSAUA\program\fsus.exe
PRC - [2008.01.21 05:23:52 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009.03.03 05:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2009.03.04 14:41:10 | 00,347,744 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\Anti-Virus\fsav32.exe
PRC - [2009.03.24 17:13:34 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
PRC - [2009.03.03 05:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2009.06.29 13:45:17 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\*käyttäjän nimi*\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008.01.25 18:49:04 | 00,269,448 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service [Auto | Running])
SRV - [2009.03.16 23:27:06 | 00,180,224 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility [Auto | Running])
SRV - [2008.02.25 18:57:22 | 00,021,752 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc [Auto | Running])
SRV - [2008.01.21 05:24:55 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008.01.27 01:27:18 | 00,509,488 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service [Auto | Running])
SRV - [2008.01.21 05:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006.11.02 15:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006.11.02 15:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008.02.14 15:19:18 | 00,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService [Auto | Running])
SRV - [2008.01.21 05:23:49 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2009.03.04 14:41:10 | 00,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter [Auto | Running])
SRV - [2009.04.04 22:38:56 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008.01.21 05:25:20 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008.12.04 16:55:26 | 00,490,080 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\FSAUA\program\fsaua.exe -- (FSAUA [On_Demand | Running])
SRV - [2008.12.04 16:57:54 | 00,510,560 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\FWES\Program\fsdfwd.exe -- (FSDFWD [On_Demand | Running])
SRV - [2008.12.04 17:02:40 | 00,117,400 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\Common\FSMA32.EXE -- (FSMA [Auto | Running])
SRV - [2008.12.04 17:04:02 | 00,055,904 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\ORSP Client\fsorsp.exe -- (FSORSPClient [On_Demand | Running])
SRV - [2009.02.12 17:50:47 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c98d215460089e [Auto | Stopped])
SRV - [2009.03.24 17:13:34 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running])
SRV - [2008.01.21 05:25:20 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2007.01.17 11:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2007.03.06 18:55:24 | 00,105,248 | ---- | M] (Labtec Inc.) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher [Auto | Stopped])
SRV - [2008.01.21 05:25:21 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008.02.25 02:02:54 | 00,049,152 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc [Auto | Running])
SRV - [2008.02.25 18:53:16 | 00,131,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc [Auto | Running])
SRV - [2007.08.24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006.10.26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009.04.12 14:19:49 | 00,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
SRV - [2006.07.19 21:36:58 | 00,262,247 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2008.01.21 05:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008.01.21 05:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])

========== Driver Services (SafeList) ==========

DRV - [2008.08.14 07:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\drivers\adfs.sys -- (adfs [Auto | Running])
DRV - [2008.01.21 05:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2008.01.21 05:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2008.01.21 05:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2008.01.21 05:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2007.12.19 09:45:00 | 00,170,000 | ---- | M] (AMD Technologies Inc.) -- C:\Windows\system32\drivers\ahcix86s.sys -- (ahcix86s [Boot | Running])
DRV - [2006.11.02 12:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2008.01.21 05:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2008.01.21 05:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2008.01.21 05:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2009.02.20 08:17:50 | 00,095,760 | ---- | M] (ATI Research Inc.) -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService [On_Demand | Running])
DRV - [2009.03.17 00:33:54 | 04,361,216 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\DRIVERS\atikmdag.sys -- (atikmdag [On_Demand | Running])
DRV - [2006.10.30 06:23:12 | 00,007,680 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie [Boot | Running])
DRV - [2006.11.10 16:08:50 | 00,024,064 | ---- | M] () -- C:\Windows\System32\DRIVERS\ATITool.sys -- (ATITool [System | Stopped])
DRV - [2006.11.02 11:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006.11.02 11:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006.11.02 11:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006.11.02 11:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006.11.02 11:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006.11.02 11:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2008.01.21 05:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2008.01.21 05:23:24 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2008.01.21 05:23:22 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2008.12.04 16:57:10 | 00,039,776 | ---- | M] () -- C:\Program Files\PC Protection\Anti-Virus\Win2K\FSfilter.sys -- (F-Secure Filter [Disabled | Stopped])
DRV - [2009.05.28 11:46:25 | 00,086,648 | ---- | M] () -- C:\Program Files\PC Protection\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper [On_Demand | Running])
DRV - [2008.12.04 17:02:20 | 00,067,808 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\HIPS\drivers\fshs.sys -- (F-Secure HIPS [System | Running])
DRV - [2008.12.04 16:57:10 | 00,025,184 | ---- | M] () -- C:\Program Files\PC Protection\Anti-Virus\Win2K\FSrec.sys -- (F-Secure Recognizer [Disabled | Stopped])
DRV - [2009.02.02 13:36:47 | 00,033,408 | ---- | M] () -- C:\Windows\system32\Drivers\fsbts.sys -- (fsbts [Boot | Running])
DRV - [2008.12.04 16:57:36 | 00,035,552 | ---- | M] (F-Secure Corporation) -- C:\Windows\System32\drivers\fses.sys -- (FSES [System | Running])
DRV - [2008.12.04 16:57:54 | 00,070,944 | ---- | M] (F-Secure Corporation) -- C:\Windows\System32\drivers\fsdfw.sys -- (FSFW [System | Running])
DRV - [2008.12.04 16:57:08 | 00,012,384 | ---- | M] () -- C:\Program Files\PC Protection\Anti-Virus\minifilter\fsvista.sys -- (fsvista [System | Running])
DRV - [2008.01.21 05:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2008.01.21 05:23:23 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2006.11.02 12:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2008.02.14 15:16:12 | 00,015,392 | ---- | M] (Acer, Inc.) -- C:\Windows\System32\drivers\int15.sys -- (int15 [Auto | Running])
DRV - [2008.03.26 13:35:54 | 02,103,512 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2006.11.02 12:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006.11.02 12:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2008.01.21 05:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2008.01.21 05:23:25 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2008.01.21 05:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2007.03.06 18:50:30 | 01,669,664 | ---- | M] () -- C:\Windows\System32\DRIVERS\LVcKap.sys -- (LVcKap [On_Demand | Stopped])
DRV - [2007.03.06 18:52:46 | 02,261,792 | ---- | M] (Labtec Inc.) -- C:\Windows\System32\DRIVERS\LVMVDrv.sys -- (LVMVDrv [On_Demand | Stopped])
DRV - [2007.03.06 18:54:40 | 00,041,376 | ---- | M] (Labtec Inc.) -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Running])
DRV - [2008.01.21 05:23:27 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2008.01.21 05:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR [Disabled | Stopped])
DRV - [2006.11.02 12:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2006.11.02 12:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2008.01.30 12:52:06 | 00,014,848 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Windows\System32\DRIVERS\NTIDrvr.sys -- (NTIDrvr [On_Demand | Running])
DRV - [2006.11.02 10:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2008.01.21 05:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2008.01.21 05:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - [2007.03.06 18:48:46 | 00,014,240 | ---- | M] (Labtec Inc.) -- C:\Windows\System32\DRIVERS\lv302af.sys -- (pepifilter [On_Demand | Running])
DRV - [2007.03.06 18:48:46 | 01,273,504 | ---- | M] (Labtec Inc.) -- C:\Windows\System32\DRIVERS\LV302V32.SYS -- (PID_PEPI [On_Demand | Running])
DRV - [2008.01.27 01:27:26 | 00,018,480 | ---- | M] (Egis Incorporated) -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter [Boot | Running])
DRV - [2008.01.27 01:27:28 | 00,016,432 | ---- | M] (Egis Incorporated) -- C:\Windows\System32\DRIVERS\PSDNServ.sys -- (PSDNServ [Auto | Running])
DRV - [2008.01.27 01:27:28 | 00,059,952 | ---- | M] (Egis Incorporated) -- C:\Windows\System32\DRIVERS\PSDVdisk.sys -- (psdvdisk [Auto | Running])
DRV - [2008.01.21 05:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006.11.02 12:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2005.11.03 21:39:02 | 00,245,504 | ---- | M] (Ralink Technology, Corp.) -- C:\Windows\System32\DRIVERS\Dr71WU.sys -- (RT73 [On_Demand | Stopped])
DRV - [2006.11.02 09:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2008.01.21 05:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2009.05.12 22:09:56 | 00,721,904 | ---- | M] () -- C:\Windows\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2006.11.02 12:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006.11.02 12:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006.11.02 12:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2007.09.28 15:29:12 | 00,014,544 | ---- | M] (EnTech Taiwan) -- C:\Windows\System32\drivers\tvicport.sys -- (tvicport [Auto | Running])
DRV - [2008.01.30 12:51:50 | 00,013,824 | ---- | M] (NewTech Infosystems Corporation) -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper [Boot | Running])
DRV - [2008.01.21 05:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006.11.02 12:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2008.01.21 05:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2008.01.21 05:23:21 | 00,073,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
DRV - [2008.01.21 05:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2008.01.21 05:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
DRV - [2007.12.28 05:51:00 | 00,298,496 | ---- | M] (Marvell) -- C:\Windows\System32\DRIVERS\yk60x86.sys -- (yukonwlh [On_Demand | Running])
DRV - [2007.09.28 15:29:12 | 00,006,080 | ---- | M] (Zeal SoftStudio) -- C:\Windows\System32\drivers\zntport.sys -- (zntport [Auto | Running])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-912600381-1854815515-268499315-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.kainuu.com/Main.aspx
IE - HKU\S-1-5-21-912600381-1854815515-268499315-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-912600381-1854815515-268499315-1000\S-1-5-21-912600381-1854815515-268499315-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.02.02 14:08:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.06.27 11:13:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.06.27 11:13:19 | 00,000,000 | ---D | M]

[2009.06.26 00:21:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009.06.27 11:13:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.02.07 22:50:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009.03.28 18:53:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009.06.27 11:13:07 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009.06.27 11:13:07 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007.04.10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009.01.16 20:17:04 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2008.09.04 03:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2009.03.09 06:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009.06.27 11:13:12 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008.10.14 21:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009.06.27 11:13:14 | 00,002,062 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bookplus-fi.xml
[2009.06.27 11:13:14 | 00,001,069 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons-fi.xml
[2009.06.27 11:13:14 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009.06.27 11:13:14 | 00,002,677 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\huuto-fi.xml
[2009.06.27 11:13:14 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fi.xml
[2009.06.27 11:13:14 | 00,000,796 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-fi.xml

O1 HOSTS File: (1243 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (Adobe PDF Reader -linkkiavustaja) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Windows Liven kirjautumisapuohjelma) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe (Egis Incorporated)
O4 - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Lau File not found
O4 - HKLM..\Run: [F-Secure Manager] File not found
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\PC Protection\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Labtec Inc,)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Labtec\WebCam10\WebCam10.exe ()
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\Skytel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-21-912600381-1854815515-268499315-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-912600381-1854815515-268499315-1000..\Run: [BitTorrent DNA] C:\Users\*käyttäjän nimi*\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-912600381-1854815515-268499315-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-912600381-1854815515-268499315-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-912600381-1854815515-268499315-1000..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-912600381-1854815515-268499315-1000..\Run: [Orb] C:\Program Files\Winamp Remote\bin\OrbTray.exe File not found
O4 - HKU\S-1-5-21-912600381-1854815515-268499315-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Users\All Users\Adobe [2009.05.17 18:12:32 | 00,000,000 | ---D | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\All Users\ATI [2009.04.29 16:06:34 | 00,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\CyberLink [2008.04.23 00:39:49 | 00,000,000 | ---D | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\All Users\Desktop [2006.11.02 16:02:03 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Documents [2006.11.02 16:02:03 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\eSobi [2008.04.23 01:08:52 | 00,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\f-secure [2009.02.02 12:26:51 | 00,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Favorites [2006.11.02 16:02:03 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\FLEXnet [2009.04.04 22:50:06 | 00,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\FloodLightGames [2008.04.23 00:42:19 | 00,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\fssg [2009.02.02 12:25:43 | 00,000,000 | ---D | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\All Users\Käynnistä-valikko [2009.02.02 11:58:14 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Mallit [2009.02.02 11:58:14 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Malwarebytes [2009.06.21 19:03:19 | 00,000,000 | ---D | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\All Users\Microsoft [2009.04.16 17:57:58 | 00,000,000 | --SD | M]
O4 - Startup: C:\Users\All Users\Microsoft [2009.04.16 17:57:58 | 00,000,000 | --SD | M]
O4 - Startup: C:\Users\All Users\OrbNetworks [2009.02.18 21:33:31 | 00,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Sony [2009.03.08 21:08:34 | 00,000,000 | ---D | M]
O4 - Startup: File not found
O4 - Startup: File not found
O4 - Startup: C:\Users\All Users\Suosikit [2009.02.02 11:58:14 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\TEMP [2009.05.09 15:14:36 | 00,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Templates [2006.11.02 16:02:04 | 00,000,000 | -HSD | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\All Users\Tiedostot [2009.02.02 11:58:14 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Työpöytä [2009.02.02 11:58:14 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Ubisoft [2009.04.08 20:37:11 | 00,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{174892B1-CBE7-44F5-86FF-AB555EFD73A3} [2008.04.23 00:59:16 | 00,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\AppData [2006.11.02 14:18:34 | 00,000,000 | -H-D | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\Default\Cookies [2006.11.02 16:02:03 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Desktop [2006.11.02 13:23:35 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Documents [2009.02.02 11:58:14 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Downloads [2006.11.02 13:23:35 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Favorites [2008.04.23 00:41:29 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Käynnistä-valikko [2009.02.02 11:58:14 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Links [2006.11.02 13:23:35 | 00,000,000 | R--D | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\Default\Mallit [2009.02.02 11:58:14 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Music [2006.11.02 13:23:35 | 00,000,000 | R--D | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\Default\NetHood [2006.11.02 16:02:03 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()
O4 - Startup: C:\Users\Default\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Default\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: File not found
O4 - Startup: C:\Users\Default\Pictures [2006.11.02 13:23:35 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\PrintHood [2006.11.02 16:02:03 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Recent [2006.11.02 16:02:03 | 00,000,000 | -HSD | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\Default\SendTo [2006.11.02 16:02:03 | 00,000,000 | -HSD | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\Default\Templates [2006.11.02 16:02:03 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Tulostinympäristö [2009.02.02 11:58:14 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Verkkoympäristö [2009.02.02 11:58:14 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Videos [2006.11.02 13:23:35 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Muu perhe\AppData [2009.02.03 14:57:48 | 00,000,000 | -H-D | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\Muu perhe\Contacts [2009.02.03 14:57:37 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Muu perhe\Cookies [2009.02.03 14:57:31 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\Muu perhe\Desktop [2009.06.21 00:33:39 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Muu perhe\Documents [2009.06.25 15:27:26 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Muu perhe\Downloads [2009.02.03 14:57:48 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Muu perhe\Favorites [2009.02.03 14:57:51 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Muu perhe\Käynnistä-valikko [2009.02.03 14:57:31 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\Muu perhe\Links [2009.02.03 14:57:49 | 00,000,000 | R--D | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\Muu perhe\Mallit [2009.02.03 14:57:31 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\Muu perhe\Music [2009.02.03 14:57:48 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Muu perhe\NTUSER.DAT ()
O4 - Startup: C:\Users\Muu perhe\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Muu perhe\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Muu perhe\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\Muu perhe\NTUSER.DAT ()
O4 - Startup: C:\Users\Muu perhe\NTUSER.DAT ()
O4 - Startup: C:\Users\Muu perhe\ntuser.ini ()
O4 - Startup: File not found
O4 - Startup: C:\Users\Muu perhe\Pictures [2009.03.10 17:59:39 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Muu perhe\Recent [2009.02.03 14:57:31 | 00,000,000 | -HSD | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\Muu perhe\Searches [2009.02.03 14:57:49 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Muu perhe\SendTo [2009.02.03 14:57:31 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\Muu perhe\Tracing [2009.06.25 15:10:25 | 00,000,000 | ---D | M]
O4 - Startup: C:\Users\Muu perhe\Tulostinympäristö [2009.02.03 14:57:31 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\Muu perhe\Verkkoympäristö [2009.02.03 14:57:31 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\Muu perhe\Videos [2009.03.10 17:59:39 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Desktop [2009.06.26 00:21:41 | 00,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Documents [2009.04.04 22:45:33 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Downloads [2006.11.02 15:50:50 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Favorites [2006.11.02 13:23:35 | 00,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Music [2006.11.02 15:50:50 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\NTUSER.DAT ()
O4 - Startup: C:\Users\Public\NTUSER.DAT.LOG1 ()
O4 - Startup: C:\Users\Public\NTUSER.DAT.LOG2 ()
O4 - Startup: C:\Users\Public\NTUSER.DAT{594efddb-f108-11dd-bbb9-001fe25a0517}.TM.blf ()
O4 - Startup: C:\Users\Public\NTUSER.DAT ()
O4 - Startup: C:\Users\Public\NTUSER.DAT ()
O4 - Startup: C:\Users\Public\NTUSER.DAT{894836eb-f78c-11dd-b6b6-0022b00c898e}.TM.blf ()
O4 - Startup: C:\Users\Public\NTUSER.DAT ()
O4 - Startup: C:\Users\Public\NTUSER.DAT ()
O4 - Startup: C:\Users\Public\Pictures [2006.11.02 15:50:50 | 00,000,000 | R--D | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\Public\Videos [2006.11.02 15:50:50 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\*käyttäjän nimi*\AppData [2009.02.02 12:03:58 | 00,000,000 | -H-D | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\*käyttäjän nimi*\Contacts [2009.02.02 12:18:22 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\*käyttäjän nimi*\Cookies [2009.02.02 12:01:46 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\*käyttäjän nimi*\Desktop [2009.06.29 13:45:16 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\*käyttäjän nimi*\Documents [2009.05.31 15:29:32 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\*käyttäjän nimi*\Downloads [2009.06.07 14:27:53 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\*käyttäjän nimi*\Favorites [2009.05.20 17:55:23 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\*käyttäjän nimi*\Games [2009.04.13 19:24:01 | 00,000,000 | ---D | M]
O4 - Startup: C:\Users\*käyttäjän nimi*\Käynnistä-valikko [2009.02.02 12:01:46 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\*käyttäjän nimi*\Links [2006.11.02 13:23:35 | 00,000,000 | R--D | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\*käyttäjän nimi*\Mallit [2009.02.02 12:01:46 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\*käyttäjän nimi*\Music [2009.05.15 23:38:19 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\*käyttäjän nimi*\NTUSER.DAT ()
O4 - Startup: C:\Users\*käyttäjän nimi*\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\*käyttäjän nimi*\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\*käyttäjän nimi*\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\*käyttäjän nimi*\NTUSER.DAT ()
O4 - Startup: C:\Users\*käyttäjän nimi*\NTUSER.DAT ()
O4 - Startup: C:\Users\*käyttäjän nimi*\ntuser.ini ()
O4 - Startup: File not found
O4 - Startup: C:\Users\*käyttäjän nimi*\Option [2009.06.09 00:10:05 | 00,000,000 | ---D | M]
O4 - Startup: C:\Users\*käyttäjän nimi*\Pictures [2009.05.15 23:38:19 | 00,000,000 | R--D | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\*käyttäjän nimi*\Recent [2009.02.02 12:01:46 | 00,000,000 | -HSD | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\*käyttäjän nimi*\Searches [2009.04.06 15:37:51 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\*käyttäjän nimi*\SendTo [2009.02.02 12:01:46 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\*käyttäjän nimi*\Tracing [2009.06.29 13:43:10 | 00,000,000 | ---D | M]
O4 - Startup: C:\Users\*käyttäjän nimi*\Tulostinympäristö [2009.02.02 12:01:46 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\*käyttäjän nimi*\Verkkoympäristö [2009.02.02 12:01:46 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\*käyttäjän nimi*\Videos [2009.05.15 23:38:19 | 00,000,000 | R--D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: V&ie Microsoft Exceliin - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll (F-Secure Corporation)
O9 - Extra 'Tools' menuitem : Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll (F-Secure Corporation)
O9 - Extra Button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\PC Protection\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\PC Protection\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\PC Protection\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\PC Protection\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\PC Protection\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\PC Protection\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\PC Protection\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab (Symantec Configuration Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab (F-Secure Health Check 1.1)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.19 00:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.11.01 13:59:48 | 01,187,840 | R--- | M] () - F:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2005.11.01 13:59:48 | 01,187,840 | R--- | M] () - F:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2005.11.01 13:59:47 | 00,000,043 | R--- | M] () - F:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009.06.28 12:16:04 | 00,000,000 | ---D | C] -- C:\rsit
[2009.06.26 00:21:41 | 00,001,728 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009.06.21 20:54:01 | 00,000,532 | ---- | C] () -- C:\Windows\tasks\Scheduled scanning task.job
[2009.06.21 20:28:45 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009.06.21 19:03:21 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009.06.21 19:03:19 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009.06.21 19:03:19 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009.06.21 17:52:57 | 32,183,09120 | -HS- | C] () -- C:\hiberfil.sys
[2009.06.21 17:16:35 | 24,450,3826 | ---- | C] () -- C:\SYM_REGISTRY_BACKUP.reg
[2009.06.13 21:30:01 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009.06.13 21:30:00 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009.06.13 21:30:00 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009.06.13 21:30:00 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009.06.13 21:29:59 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009.06.13 19:38:29 | 03,581,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009.06.13 19:38:27 | 06,069,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009.06.13 19:38:26 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009.06.13 19:38:25 | 00,827,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009.06.13 19:38:25 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009.06.13 19:38:24 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009.06.13 19:38:24 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009.06.13 19:38:23 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009.06.13 19:38:23 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009.06.13 19:38:23 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009.06.13 19:38:22 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009.06.13 19:38:22 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009.06.13 19:38:22 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009.06.13 19:38:22 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009.06.13 19:38:20 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009.06.13 19:37:26 | 02,033,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009.06.13 19:37:22 | 00,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2009.06.13 19:37:14 | 00,784,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
[2009.06.02 00:22:03 | 00,003,120 | ---- | C] () -- C:\Windows\System32\ENNEZFID.ocx
[2009.06.02 00:21:43 | 00,131,072 | ---- | C] (Concept Software, Inc.) -- C:\Windows\System32\SKCA32.dll
[2009.06.02 00:21:43 | 00,127,488 | ---- | C] (Concept Software, Inc.) -- C:\Windows\System32\KEYLIB32.dll
[2009.05.31 15:28:28 | 00,000,000 | ---D | C] -- C:\Program Files\Deluxe Ski Jump 3
[2009.05.31 11:07:01 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009.05.31 11:06:56 | 14,045,4760 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009.05.15 23:09:14 | 00,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2009.05.14 19:08:21 | 00,000,340 | ---- | C] () -- C:\Windows\wininit.ini
[2009.04.02 18:59:32 | 00,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.03.16 23:26:02 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.02.18 22:08:46 | 00,051,370 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009.02.18 21:35:52 | 00,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009.02.18 19:14:30 | 00,138,168 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.02.02 12:26:55 | 00,033,408 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys
[2008.07.22 11:01:25 | 00,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2008.04.23 01:07:38 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.04.23 01:07:38 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.04.23 00:26:27 | 00,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.04.23 00:23:17 | 00,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2007.05.15 19:06:58 | 00,071,208 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll
[2007.04.14 15:57:06 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007.04.14 15:57:06 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007.04.14 15:57:06 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007.04.14 15:57:04 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007.04.14 15:57:04 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007.04.14 15:57:04 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007.04.14 15:57:04 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007.04.14 15:57:04 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007.04.14 15:57:04 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.03.06 18:50:30 | 01,669,664 | ---- | C] () -- C:\Windows\System32\drivers\Lvckap.sys
[2006.11.10 16:08:50 | 00,024,064 | ---- | C] () -- C:\Windows\System32\drivers\ATITool.sys
[2006.11.02 15:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 13:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006.11.02 13:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006.11.02 10:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.02.25 02:59:49 | 00,318,014 | ---- | C] () -- C:\Windows\System32\flt1chk4.dll
[2004.10.28 17:38:10 | 00,315,728 | ---- | C] () -- C:\Windows\System32\flt1chk3.dll
[2002.03.14 01:46:46 | 00,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2001.12.26 16:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== Files - Modified Within 30 Days ==========

[2009.06.29 13:45:28 | 00,000,900 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009.06.29 13:43:08 | 00,000,992 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachine.job
[2009.06.29 13:43:02 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009.06.29 13:43:02 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009.06.29 13:43:01 | 00,000,532 | ---- | M] () -- C:\Windows\tasks\Scheduled scanning task.job
[2009.06.29 13:43:01 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009.06.29 13:42:59 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009.06.29 13:42:55 | 32,183,09120 | -HS- | M] () -- C:\hiberfil.sys
[2009.06.29 12:27:22 | 01,216,208 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009.06.29 12:27:22 | 00,592,668 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009.06.29 12:27:22 | 00,442,516 | ---- | M] () -- C:\Windows\System32\perfh00B.dat
[2009.06.29 12:27:22 | 00,102,856 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009.06.29 12:27:22 | 00,083,758 | ---- | M] () -- C:\Windows\System32\perfc00B.dat
[2009.06.27 23:31:57 | 00,138,168 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.06.27 23:30:33 | 00,189,472 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2009.06.27 23:30:33 | 00,189,472 | ---- | M] () -- C:\Windows\System32\PnkBstrB.exe
[2009.06.26 00:21:41 | 00,001,728 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009.06.21 17:16:49 | 24,450,3826 | ---- | M] () -- C:\SYM_REGISTRY_BACKUP.reg
[2009.06.17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009.06.17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009.06.13 21:24:32 | 02,224,320 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.06.05 20:38:51 | 00,131,072 | ---- | M] (Concept Software, Inc.) -- C:\Windows\System32\SKCA32.dll
[2009.06.05 20:38:51 | 00,127,488 | ---- | M] (Concept Software, Inc.) -- C:\Windows\System32\KEYLIB32.dll
[2009.06.02 00:22:03 | 00,003,120 | ---- | M] () -- C:\Windows\System32\ENNEZFID.ocx
[2009.06.01 19:51:12 | 23,635,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009.05.31 11:07:01 | 14,045,4760 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Alternate Data Streams ==========

@Alternate Data Stream - 512 bytes -> C:\Users\All Users\TEMP:05EE1EEF
@Alternate Data Stream - 110 bytes -> C:\Users\All Users\TEMP:888AFB86
@Alternate Data Stream - 105 bytes -> C:\Users\All Users\TEMP:C95B63DA
< End of report >

OTL Extras logfile created on: 29.6.2009 13:46:14 - Run 1
OTL by OldTimer - Version 3.0.5.3 Folder = C:\Users\*käyttäjän nimi*\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000040B | Country: Suomi | Language: FIN | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 98,84% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,63 Gb Total Space | 108,25 Gb Free Space | 46,54% Space Free | Partition Type: NTFS
Drive D: | 596,17 Gb Total Space | 545,22 Gb Free Space | 91,45% Space Free | Partition Type: NTFS
Drive E: | 348,89 Gb Total Space | 346,35 Gb Free Space | 99,27% Space Free | Partition Type: NTFS
Drive F: | 1,93 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KOTI-PC
Current User Name: *käyttäjän nimi*
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
File not found -- Reg Error: Unknown registry data type

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0CCC0F9A-81E6-3529-4394-86384585325C}" = Catalyst Control Center Graphics Light
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{153A64E0-7140-A1AE-C7ED-745A3218DFBD}" = ccc-utility
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Liven lataustyökalu
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13
"{27DC856A-0916-4988-8198-8714DDD3183D}" = AGEIA PhysX v7.05.17
"{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus G
"{2C99779B-99A9-CE50-C43F-A9F765E1FE23}" = ATI Catalyst Install Manager
"{2FBE4C1F-D40A-B18C-FEC0-EE01199DECD1}" = ccc-core-static
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A51E32B-2EAD-44A0-AC41-9B27025AD892}" = Windows Liven asennustyökalu
"{4D917177-4E73-144B-EFFE-802EFF83D5B4}" = Catalyst Control Center InstallProxy
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5731C0A8-B266-451A-8D3F-8066AA21836F}" = Tom Clancy's Rainbow Six Vegas
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6495D83E-3A5B-4674-A17F-3A6DDCDC0F89}" = Microsoft Works
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
"{7157C65D-270C-F593-C873-FF9AD949E221}" = Skins
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{733C47BE-4A73-66BE-03EC-460AC98E550C}" = Catalyst Control Center Graphics Previews Vista
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{79329446-9BBD-46CE-9D73-AD907BFEFBF4}" = Windows Live Messenger
"{79C051A5-3141-1CD2-D601-7127D0CD9E22}" = Catalyst Control Center HydraVision Full
"{7C9AD221-994C-45B2-B46D-26F5735158CF}" = Sony Vegas Pro 8.0
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{899FEBB5-CDF7-FD73-01B5-1381EAA75EED}" = CCC Help English
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BECF123-B0EF-4E51-B7F3-923EFE15CC4A}" = Battlefield 2(TM) Demo
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-040B-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Finnish) 2007
"{90120000-0016-040B-0000-0000000FF1CE}_HOMESTUDENTR_{E2697EE8-D953-4482-8A30-D6A4D07DE5FB}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-040B-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Finnish) 2007
"{90120000-0018-040B-0000-0000000FF1CE}_HOMESTUDENTR_{E2697EE8-D953-4482-8A30-D6A4D07DE5FB}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-040B-0000-0000000FF1CE}" = Microsoft Office Word MUI (Finnish) 2007
"{90120000-001B-040B-0000-0000000FF1CE}_HOMESTUDENTR_{E2697EE8-D953-4482-8A30-D6A4D07DE5FB}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040B-0000-0000000FF1CE}" = Microsoft Office Proof (Finnish) 2007
"{90120000-001F-040B-0000-0000000FF1CE}_HOMESTUDENTR_{F14C929B-E0E6-4EB5-8BFD-FC71AAC7D39C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-041D-0000-0000000FF1CE}" = Microsoft Office Proof (Swedish) 2007
"{90120000-001F-041D-0000-0000000FF1CE}_HOMESTUDENTR_{A8626CEF-CB0A-4BC2-8F51-210A43B6158D}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-040B-0000-0000000FF1CE}" = Microsoft Office Proofing (Finnish) 2007
"{90120000-006E-040B-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Finnish) 2007
"{90120000-006E-040B-0000-0000000FF1CE}_HOMESTUDENTR_{E8865B68-C2A1-4B9D-BBA7-782E8FC2E52F}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-040B-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Finnish) 2007
"{90120000-00A1-040B-0000-0000000FF1CE}_HOMESTUDENTR_{E2697EE8-D953-4482-8A30-D6A4D07DE5FB}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon® 3
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995BF1A7-30E5-49E5-A0E4-AD3213D9E330}" = Labtec WebCam
"{998152E5-B605-4BBB-9853-E749AEE02B21}" = Windows Liven kirjautumisavustaja
"{9B091E1C-781A-4769-9A8D-9AFB6A39EBCC}" = Active Sky Advanced
"{9C87F6BB-75E4-4F35-8353-F5E295264E98}" = Windows Live Call
"{A3BC9DDC-4B4C-F307-FEDC-7B77992FBC9F}" = Catalyst Control Center Graphics Full New
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AC76BA86-7AD7-1035-7B44-A81300000003}" = Adobe Reader 8.1.4 - Suomi
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD960D1B-2D16-5A6A-FAD7-E5C32BB78CE7}" = Catalyst Control Center Graphics Full Existing
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D191837E-0AE9-F062-9EE3-A97DD6D9A11D}" = Catalyst Control Center Core Implementation
"{D36165EF-5846-45A6-BD11-F581D183F312}" = LAGO FS Falcon FS2004 version 2.00
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{E369A040-E812-37B3-A5B9-311E5579FAC3}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fin
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E94F42C9-75F5-FFA4-0112-37D2F040017F}" = Catalyst Control Center Graphics Previews Common
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"763v2" = Level-D Simulations 767-300
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Airports of MeXico Center Edition for FS2004 by FlyMex" = Airports of MeXico Center Edition for FS2004 by FlyMex
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Deluxe Ski Jump 3_is1" = Deluxe Ski Jump 3 v1.7.0
"eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook!
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.00
"FinnTerrain 1.8" = FinnTerrain 1.8
"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 A Century of Flight
"Fraps" = Fraps (remove only)
"FSD Cheyenne LS 400 for FS 2004" = FSD gmax® Cheyenne 400 LSs\CurrentVersion\Uninstal
"F-Secure Product 444" = F-Secure PC Protection Plus
"GameSpy Arcade" = GameSpy Arcade
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - fin" = Microsoft .NET Framework 3.5 SP1:n kielitukipaketti - FI
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"PIPER PA-28RT 201 ARROW IV FS2004" = PIPER PA-28RT 201 ARROW IV FS2004
"ProPilkki2" = Pro Pilkki 2
"PSS - Boeing 757 Pro. v1.3" = PSS - Boeing 757 Pro. v1.3
"PunkBusterSvc" = PunkBuster Services
"QcDrv" = Labtec® Camera -ohjain
"REAL SKY PRO EDITION_is1" = FS9 Version
"Rovaniemi 4.1" = Rovaniemi 4.1
"SopCast" = SopCast 3.0.3
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Ultimate Terrain - Europe" = Ultimate Terrain - Europe
"WinLiveSuite_Wave3" = Windows Liven asennustyökalu
"WinRAR archiver" = WinRAR-pakkausohjelma
"VLC media player" = VLC media player 0.9.8a

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Carenado's C172N Skyhawk II FS2004" = Carenado's C172N Skyhawk II FS2004
"RNZAF NH-90 tth Helicopter for FS2004" = RNZAF NH-90 tth Helicopter for FS2004
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25.6.2009 13:27:38 | Computer Name = Koti-PC | Source = WinMgmt | ID = 10
Description =

Error - 25.6.2009 13:29:53 | Computer Name = Koti-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 25.6.2009 18:25:23 | Computer Name = Koti-PC | Source = WinMgmt | ID = 10
Description =

Error - 25.6.2009 18:25:23 | Computer Name = Koti-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 26.6.2009 5:07:57 | Computer Name = Koti-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 26.6.2009 5:07:59 | Computer Name = Koti-PC | Source = WinMgmt | ID = 10
Description =

Error - 26.6.2009 11:37:46 | Computer Name = Koti-PC | Source = WinMgmt | ID = 10
Description =

Error - 26.6.2009 11:37:52 | Computer Name = Koti-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 26.6.2009 13:29:40 | Computer Name = Koti-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 26.6.2009 13:29:49 | Computer Name = Koti-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 9.2.2009 1:58:49 | Computer Name = Koti-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 9.2.2009 8:54:42 | Computer Name = Koti-PC | Source = HTTP | ID = 15016
Description =

Error - 9.2.2009 8:56:25 | Computer Name = Koti-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 9.2.2009 11:32:45 | Computer Name = Koti-PC | Source = HTTP | ID = 15016
Description =

Error - 9.2.2009 11:34:26 | Computer Name = Koti-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 9.2.2009 13:48:33 | Computer Name = Koti-PC | Source = HTTP | ID = 15016
Description =

Error - 9.2.2009 13:50:14 | Computer Name = Koti-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 10.2.2009 12:05:04 | Computer Name = Koti-PC | Source = HTTP | ID = 15016
Description =

Error - 10.2.2009 12:06:46 | Computer Name = Koti-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11.2.2009 9:00:37 | Computer Name = Koti-PC | Source = HTTP | ID = 15016
Description =

< End of report >

Tooumas · 29.06.2009

Tuli jostain syystä kahdesti.

Tooumas · 03.07.2009

Löytyykö tuolta enää mitään haitallista?

Tooumas · 16.07.2009

No onko siellä mitään? Tässä vielä HJT logi.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:41:32, on 29.6.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\PC Protection\Common\FSM32.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\*käyttäjän nimi*\Program Files\DNA\btdna.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\PC Protection\FSGUI\fsguidll.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kainuu.com/Main.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PC Protection\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PC Protection\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\*käyttäjän nimi*\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PC Protection\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\PC Protection\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PC Protection\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\PC Protection\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\PC Protection\ORSP Client\fsorsp.exe
O23 - Service: Google Update Service (gupdate1c98d215460089e) (gupdate1c98d215460089e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 9996 bytes

warwas · 17.07.2009

Sori ku kestänyt.
Ei tuolla enään mitään näy, toimiiko kunnolla? Jos toimii niin tee vielä seuraavat.

Javan päivitys ja välimuistin tyhjennys:

1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
(Windows Vista: Käynnistä -> [kirjoita hakukenttään] Ohjelmat ja toiminnot ja Enter)

2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä:
3. Valitse kaikki entiset Java versiosi ja valitse Poista.

4. Asenna uusin Java päivitys seuraavasta linkistä..

http://java.sun.com/javase/downloads/index.jsp

Rullaa alas kohteeseen JRE 6 Update 14

Paina Download

Valitse Platform -kohtaan käyttöjärjestelmäsi Windows.

Ruksaa I agree to theJava SE Runtime Environment 6 with JavaFX License Agreement.

Paina Continue.

Paina Windows Offline Installation:in alapuolelta jre-6u14-windows-i586-p.exe.

Tallenna tiedosto vaikka työpöydälle ja asenna se.

5. Käynnistä kone uudelleen asennuksen jälkeen.

6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).

7. General-välilehdellä klikkaa Settings. Vedä liukusäädintä (Disk Space) pienemmälle.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Klikkaa Delete Files -nappia. Varmista että kaikki kaksi valintaa ovat rastitettuja:

[*]Applications and Applets

[*]Trace and Log Files

Ja paina OK -nappia
Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA.

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.

10. Välilehti Update: ota ruksi pois kohdasta Check for Updates automatically

Valitse Never check

11. Klikkaa Apply ja OK jättääksesi Java asetusikkunasi.

-------------------------------------------------------------------

Poistetaas sitten käytetyt työkalut

Tuplaklikkaa OTL.exeä käynnistääksesi OTListIt:n.
Klikkaa Oikeassa yläkulmassa olevaa CleanUp namiskaa.
Klikkaa YES/KYLLÄ kun pyytää uudelleenkäynnistystä.

Kirjaudu tai liity jäseneksi

Tietokoneessani on viruksia - kuinka poistan ne?

Tooumas Member

juuSOS Regular member

Tooumas Member

Tooumas Member

juuSOS Regular member

Tooumas Member

Tooumas Member

Tooumas Member

juuSOS Regular member

Tooumas Member

Tooumas Member

warwas Guest

Tooumas Member

Tooumas Member

warwas Guest

Tooumas Member

Tooumas Member

Tooumas Member

Tooumas Member

warwas Guest

Jaa tämä sivu

Kirjaudu tai liity jäseneksi

Tietokoneessani on viruksia - kuinka poistan ne?

Tooumas Member

juuSOS Regular member

Tooumas Member

Tooumas Member

juuSOS Regular member

Tooumas Member

Tooumas Member

Tooumas Member

juuSOS Regular member

Tooumas Member

Tooumas Member

warwas Guest

Tooumas Member

Tooumas Member

warwas Guest

Tooumas Member

Tooumas Member

Tooumas Member

Tooumas Member

warwas Guest

Jaa tämä sivu

Hyödyllisiä hakuja