HJT-logi. Tarkistakaa nopiaa plz!

tonikokko · Jan 30, 2009

Tässä o HJT logi voitteko tarkistaa nopiaa että onko logissamitään fixxattaavaa, kun kone o hijas. Tässä koneessa virustorjunta ohjelmana on vain Norman eikä mitään muuta.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:20:58, on 30.1.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\Sonera\InternetAvustaja\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\alg.exe
C:\Norman\nse\bin\NSESVC.EXE
C:\NORMAN\nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Norman\Npm\bin\ZLH.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [News Service] "C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Sonera] "C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" /P Sonera
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/games/ricochet-lost-worlds/en/ReflexiveWebGameLoader.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe (file missing)
O23 - Service: fsbwsys - Unknown owner - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe (file missing)
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - Unknown owner - C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe (file missing)
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\NORMAN\nvc\BIN\NVCSCHED.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (sonera) (sprtsvc_sonera) - SupportSoft, Inc. - C:\Program Files\Sonera\InternetAvustaja\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe

--
End of file - 12217 bytes

Hujo · Jan 30, 2009

Joo näyttää siellä F-securekin olevan

Poista lisää poista sovelutuksesta

F-Secure Internet Security

Poista kansio vikasiedossa

C:\Program Files\F-Secure Internet Security

===============

scannaa hjt:llä merkkaa paina Fix checked

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

===============

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi

==========

Lataa JavaRa ja pura se työpöydällesi.

***Sulje kaikki päällä olevat Internet Explorerin ikkunat ennen jatkamista!***

* Tuplaklikkaa JavaRa.exeä käynnistääksesi ohjelma.
* Valitse English pudotusvalikosta valitaksesi kieleksi englannin ja klikkaa Select.
* Klikkaa Remove Older Versions poistaaksesi vanhat Java-versiot koneeltasi.
* Klikkaa Yes kun pyydetään. Kun JavaRa on valmis, se ilmoittaa, että lokitiedosto on luotu. Klikkaa OK.
* Lokitiedosto avautuu. Lähetä sen sisältö seuraavassa viestissäsi.
4. Asenna uusin Java päivitys seuraavasta linkistä..

Lataa täältä uusi java

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6 Update 11
Paina Download
Laita Platform -kohtaan Windows
Ruksaa I agree to the Java SE Runtime Environment 6 License Agreement ja paina Continue
Paina Windows Offline Installationin alapuolella jre-6u4-windows-i586-p.exe

Tallenna tiedosto vaikka työpöydälle ja asenna se.

5. Käynnistä kone uudelleen asennuksen jälkeen.
6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).
7. General-välilehdellä klikkaa Settings. Vedä liukusäädintä (Disk Space) pienemmälle.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Klikkaa Delete Files -nappia. Varmista että kaikki kaksi valintaa ovat rastitettuja:
* Applications and Applets
* Trace and Log Files

Ja paina OK -nappia
Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA.

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.
10. Välilehti Update: ota ruksi pois kohdasta Check for Updates automatically
Valitse Never check
11. Klikkaa Apply ja OK jättääksesi Java asetusikkunasi.

=============

Lataa Tästä Ccleaner
CCleaner v 2.14.750.- Standard Build, ÄLÄ aseenna Yahoo toolbaria!
Asennuksessa poista merkki/rasti kohdasta "asenna Yahoo! toolbar/työkalupalkki".
Asennuksen jälkeen aukaise CCleaneri.
Valitse vasemmalta pystyrivistä Options.
Valitse viereisestä pystyrivistä Settings.
Language kohtaan valitse Suomi.

Puhdistaja
Valitse vasemmalta pystyrivistä Puhdistaja.
Paina alhaalta Tutki.
Nyt CCleaneri tutkii, mitä voidaan poistaa (tempit, cookiessit jne.).
Kun tutkiminen on valmis, paina Aja CCleaner.
Nyt CCleaneri poistaa löydetyt tempit, cookiessit jne.

Rekisterin virheiden korjaus
Valitse vasemmalta pystyrivistä Rekisteri.
Paina alhaalta Etsi rekisterin virheitä.
Kun etsintä on valmis ja olet varma, että haluat korjata ne rivit jotka ovat merkattuja, niin paina Korjaa valitut rekisterin virheet.
Sinulta kysytään "haluatko varmuuskopioida muutokset rekisteriin", paina Kyllä. Tallenna varmuuskopio vaikka "Omat tiedostot" -kansioon.
Klikkaa uudesta aukeavasta ikkunasta Korjaa kaikki valitut virheet.
Saat vielä varmistus kysymyksen, paina Ok.
Kun virheet on korjattu, paina Sulje.
Nyt voit sulkea CCleanerin painamalla oikealta ylhäältä punaista rastia.

tonikokko · Jan 30, 2009

En pystynyt poistaan f-securen kansiosta näitä:
fpshx.dll, FSLD32.dll, FSMA32.dll, ja FSPMAPI.dll
Mbami ei löytänyt mitään, koska skannaan sillä pari kertaa viikossa.

Seuraavas viestis tulee JavaRa logi.

tonikokko · Jan 30, 2009

JavaRa logi:
JavaRa 1.13 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Fri Jan 30 21:51:00 2009

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\JavaPlugin.160_01

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160010}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_01

Found and removed: Software\JavaSoft\Java2D\1.6.0_01

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_01.b06\

------------------------------------

Finished reporting.

HiJackThis logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:52:32, on 30.1.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Sonera\InternetAvustaja\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Norman\Npm\bin\ZLH.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Norman\nse\bin\NSESVC.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\NORMAN\nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [News Service] "C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Sonera] "C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" /P Sonera
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/games/ricochet-lost-worlds/en/ReflexiveWebGameLoader.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe (file missing)
O23 - Service: fsbwsys - Unknown owner - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe (file missing)
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - Unknown owner - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe (file missing)
O23 - Service: F-Secure HTTP Server (fshttps) - Unknown owner - C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe (file missing)
O23 - Service: F-Secure Management Agent (FSMA) - Unknown owner - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\NORMAN\nvc\BIN\NVCSCHED.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (sonera) (sprtsvc_sonera) - SupportSoft, Inc. - C:\Program Files\Sonera\InternetAvustaja\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe

--
End of file - 10610 bytes

Hujo · Jan 30, 2009

scannaa hjt:llä merkkaa paina Fix checked

O4 - HKLM\..\Run: [News Service] "C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe"

=============

Kopioi / liitä seuraava teksti alapuolella tyhjään muistioFiluun
Varmista että tiedoston tyyppi on ”all Files” ja tallenna se Poisto.bat. nimisenä
työpöydällesi.

@echo off
sc stop FSMA
sc delete FSMA
sc stop fshttps
sc delete fshttps
sc stop FSDFWD
sc delete FSDFWD
sc stop fsbwsys
sc delete fsbwsys
sc stop "F-Secure Gatekeeper Handler Starter"
sc delete "F-Secure Gatekeeper Handler Starter"

Tupla-klikkaa Poisto.bat. filua työpöydälläsi , ikkuna avautuu ja Sulkeutuu tämä on normaalia.

sammutta ja käynnistä

==========

scannaa uusi hjt:n loki

tonikokko · Jan 30, 2009

HJT logi

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:15:40, on 30.1.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Norman\Nse\bin\NSE.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Norman\Npm\bin\ZLH.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Sonera\InternetAvustaja\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\NORMAN\nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nse\bin\NSE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\bin\NVCOA.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\Norman\Nse\bin\NSE.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wscntfy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Sonera] "C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" /P Sonera
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/games/ricochet-lost-worlds/en/ReflexiveWebGameLoader.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\NORMAN\nvc\BIN\NVCSCHED.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (sonera) (sprtsvc_sonera) - SupportSoft, Inc. - C:\Program Files\Sonera\InternetAvustaja\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe

--
End of file - 9897 bytes

Hujo · Jan 30, 2009

Lataa Tästä Ccleaner
CCleaner v 2.14.750.- Standard Build, ÄLÄ aseenna Yahoo toolbaria!
Asennuksessa poista merkki/rasti kohdasta "asenna Yahoo! toolbar/työkalupalkki".
Asennuksen jälkeen aukaise CCleaneri.
Valitse vasemmalta pystyrivistä Options.
Valitse viereisestä pystyrivistä Settings.
Language kohtaan valitse Suomi.

Puhdistaja
Valitse vasemmalta pystyrivistä Puhdistaja.
Paina alhaalta Tutki.
Nyt CCleaneri tutkii, mitä voidaan poistaa (tempit, cookiessit jne.).
Kun tutkiminen on valmis, paina Aja CCleaner.
Nyt CCleaneri poistaa löydetyt tempit, cookiessit jne.

Rekisterin virheiden korjaus
Valitse vasemmalta pystyrivistä Rekisteri.
Paina alhaalta Etsi rekisterin virheitä.
Kun etsintä on valmis ja olet varma, että haluat korjata ne rivit jotka ovat merkattuja, niin paina Korjaa valitut rekisterin virheet.
Sinulta kysytään "haluatko varmuuskopioida muutokset rekisteriin", paina Kyllä. Tallenna varmuuskopio vaikka "Omat tiedostot" -kansioon.
Klikkaa uudesta aukeavasta ikkunasta Korjaa kaikki valitut virheet.
Saat vielä varmistus kysymyksen, paina Ok.
Kun virheet on korjattu, paina Sulje.
Nyt voit sulkea CCleanerin painamalla oikealta ylhäältä punaista rastia.

============

Mbami ei löytänyt mitään, koska skannaan sillä pari kertaa viikossa
Click to expand...

Päivitä ennen scannia

tonikokko · Jan 30, 2009

Päivitän aina mbamin ennen scannia.
Juu Tuolla lukee jo tuon CCleanerin asennus ja tuo sama homma ja nytki tein nii mitä teen seuraavaksi?

tonikokko · Jan 30, 2009

Nyt just pisitn mbamis täyden skannauksen käyntiin nii huomenna laitan sen raportin. Hyvät yöt.

Hujo · Jan 30, 2009

jeps eiköhän tuolla koneella jo pärjää.
toimintahan sen kertoo.

tonikokko · Jan 31, 2009

Malwarebytes' Anti-Malware 1.33
Tietokantaversio: 1709
Windows 5.1.2600 Service Pack 3

31.1.2009 8:35:02
mbam-log-2009-01-31 (08-35-02).txt

Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 202063
Kulunut aika: 2 hour(s), 0 minute(s), 16 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 3

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\WINDOWS\system32\drivers\beep.sys (Trojan.Patched) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\beep.sys (Trojan.Patched) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marjatta Kenttälä.MARJATTA-LL6CMI\Local Settings\Temp\is-3T0K5.tmp\SoneraProd_2_1_64.tmp (Rogue.Netcom3) -> Quarantined and deleted successfully.

Hujo · Jan 31, 2009

Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan:

sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä

Jossakin koneissa hakataan F8:sin sijasta F5:tä

" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.

tonikokko · Jan 31, 2009

Mitäs toi SDfix tekee tietokoneelle?

Hujo · Jan 31, 2009

hakee pöpöjä ja deletoi

tonikokko · Jan 31, 2009

Ok koht ajan vikasietotilassa tuon SDfixin. Kauaanko suunnilleen menee sen scannaukses ku se hakee pöpöi ja sit deletoi?

Hujo · Jan 31, 2009

hyvä jos 20 min vikasieto ja normaalitila

tonikokko · Jan 31, 2009

HJT-LOGI

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:14:38, on 31.1.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Sonera\InternetAvustaja\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Norman\Npm\bin\NJEEVES.EXE
C:\WINDOWS\System32\alg.exe
C:\Norman\nse\bin\NSESVC.EXE
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\NORMAN\nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Sonera] "C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" /P Sonera
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/games/ricochet-lost-worlds/en/ReflexiveWebGameLoader.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\NORMAN\nvc\BIN\NVCSCHED.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (sonera) (sprtsvc_sonera) - SupportSoft, Inc. - C:\Program Files\Sonera\InternetAvustaja\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe

--
End of file - 10095 bytes

SDfix logi

SDFix: Version 1.240
Run by Marjatta Kentt„l„ on la 31.01.2009 at 17:34

Microsoft Windows XP [versio 5.1.2600]
Running From: C:\Documents and Settings\Marjatta Kentt„l„.MARJATTA-LL6CMI\Ty”p”yt„\SDFix

Checking Services :

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-31 17:57:33
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\eDonkey2000\\edonkey2000.exe"="C:\\Program Files\\eDonkey2000\\edonkey2000.exe:*:Enabled:edonkey2000"
"C:\\Program Files\\WinMX\\WinMX.exe"="C:\\Program Files\\WinMX\\WinMX.exe:*:Enabled:WinMX Application"
"C:\\nESTICLE\\nestc042\\NESTCL95.EXE"="C:\\nESTICLE\\nestc042\\NESTCL95.EXE:*:Enabled:NESTCL95"
"C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:EnabledC++"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\KEEN\\YnHub1031120\\YnHub.exe"="C:\\KEEN\\YnHub1031120\\YnHub.exe:*:Enabled:YnHub 1.031"
"C:\\p2kdrivers\\YnHub1031120\\YnHub.exe"="C:\\p2kdrivers\\YnHub1031120\\YnHub.exe:*:Enabled:YnHub 1.031"
"C:\\YnHub1033135\\YnHub.exe"="C:\\YnHub1033135\\YnHub.exe:*:Enabled:YnHub 1.033"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows© NetMeeting©"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*isabled:mIRC"
"C:\\Documents and Settings\\Marjatta Kentt„l„\\Omat tiedostot\\utorrent-1.6.1-beta-build-483.exe"="C:\\Documents and Settings\\Marjatta Kentt„l„\\Omat tiedostot\\utorrent-1.6.1-beta-build-483.exe:*:Enabled:æTorrent"
"C:\\Program Files\\DC++\\Downloads\\warcraft 3\\Warcraft III.exe"="C:\\Program Files\\DC++\\Downloads\\warcraft 3\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\Metsa-Softa\\Data\\bin\\mysqld-nt.exe"="C:\\Program Files\\Metsa-Softa\\Data\\bin\\mysqld-nt.exe:*:Enabled:mysqld-nt"
"E:\\Pelit\\Age of Empires 2\\Age of empires 2\\empires2.exe"="E:\\Pelit\\Age of Empires 2\\Age of empires 2\\empires2.exe:*:Enabled:Age of Empires II"
"C:\\Documents and Settings\\Marjatta Kentt„l„\\Ty”p”yt„\\winmx354beta4\\WinMX.exe"="C:\\Documents and Settings\\Marjatta Kentt„l„\\Ty”p”yt„\\winmx354beta4\\WinMX.exe:*:Enabled:WinMX Application"
"E:\\Pelit\\Warcraft 3\\Warcraft III\\Warcraft III.exe"="E:\\Pelit\\Warcraft 3\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"E:\\Pelit\\Age of Empires 2\\Age of empires 2\\age2_x1.exe"="E:\\Pelit\\Age of Empires 2\\Age of empires 2\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"E:\\Pelit\\Heroes of Might and Magic III Complete\\Heroes3.exe"="E:\\Pelit\\Heroes of Might and Magic III Complete\\Heroes3.exe:*:Enabled:Heroes of Might and Magic© III"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"E:\\Pelit\\Worms Armageddon\\wormsarm\\WA.exe"="E:\\Pelit\\Worms Armageddon\\wormsarm\\WA.exe:*:Enabled:Worms Armageddon"
"C:\\Program Files\\Messenger\\MSMSGS.EXE"="C:\\Program Files\\Messenger\\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\\Program Files\\3do\\eMule\\emule.exe"="C:\\Program Files\\3do\\eMule\\emule.exe:*isabled:eMule"
"C:\\Program Files\\Windows Live\\Messenger\\MSNMSGR.EXE"="C:\\Program Files\\Windows Live\\Messenger\\MSNMSGR.EXE:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\MSNMSGR.EXE"="C:\\Program Files\\Windows Live\\Messenger\\MSNMSGR.EXE:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :

Files with Hidden Attributes :

Tue 3 Jun 2008 1,485,978 ..SH. --- "C:\WINDOWS\system32\ihitpxap.tmp"
Fri 2 Sep 2005 48 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.sec.bak"
Fri 2 Sep 2005 400 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.bla.bak"
Sat 20 Aug 2005 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv15.bak"
Fri 2 Sep 2005 400 A.SH. --- "C:\Documents and Settings\All Users\DRM\v3ks.bla.bak"
Sat 20 Aug 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 21 Nov 2007 29,184 ...H. --- "C:\Documents and Settings\Marjatta Kentt„l„\Omat tiedostot\~WRL3595.tmp"
Tue 17 Jul 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Mon 27 Jun 2005 7,470 A..H. --- "C:\Documents and Settings\Marjatta Kentt„l„\Local Settings\Temp\Mar1B.tmp"
Mon 27 Jun 2005 7,470 A..H. --- "C:\Documents and Settings\Marjatta Kentt„l„\Local Settings\Temp\Mar1C.tmp"
Mon 27 Jun 2005 7,470 A..H. --- "C:\Documents and Settings\Marjatta Kentt„l„\Local Settings\Temp\Mar57.tmp"
Mon 27 Jun 2005 7,470 A..H. --- "C:\Documents and Settings\Marjatta Kentt„l„\Local Settings\Temp\Mar15F.tmp"
Thu 7 Jul 2005 45,735 ...H. --- "C:\Documents and Settings\Marjatta Kentt„l„\Local Settings\Temp\msn17A9.tmp"
Mon 27 Jun 2005 7,470 ...H. --- "C:\Documents and Settings\Marjatta Kentt„l„\Local Settings\Temp\Mar1766.tmp"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP889\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP891\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP892\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP894\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP895\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP896\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP897\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP898\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP899\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP900\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP901\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP902\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP904\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP906\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP907\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP908\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP911\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP912\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP913\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP914\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP916\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP919\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP920\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP921\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP922\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP923\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP924\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP926\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP927\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP928\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP929\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP930\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP931\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP932\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP933\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP868\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP869\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP870\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP871\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP872\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP873\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP874\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP875\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP876\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP877\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP878\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP879\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP880\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP881\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP882\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP883\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP884\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP885\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP886\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP887\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP888\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP890\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP893\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP903\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP905\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP909\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP910\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP915\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP917\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP918\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP925\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Thu 5 Jun 2008 524,288 A..H. --- "C:\System Volume Information\_restore{32BD1D03-F487-4844-BE83-F1A47B0A9F2A}\RP934\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-117609710-1214440339-839522115-1004.bak"
Fri 2 Feb 2007 630,689 ..SH. --- "C:\Documents and Settings\Marjatta Kentt„l„\Ty”p”yt„\k”kk”\jop”\SIV4C2.tmp"
Sat 13 Jan 2007 658,392 ..SH. --- "C:\Documents and Settings\Marjatta Kentt„l„\Ty”p”yt„\k”kk”\p””\SIV499.tmp"
Sat 13 Jan 2007 621,043 ..SH. --- "C:\Documents and Settings\Marjatta Kentt„l„\Ty”p”yt„\k”kk”\p””\SIV4C4.tmp"
Tue 8 May 2007 260,601 ..SH. --- "C:\Documents and Settings\Marjatta Kentt„l„\Ty”p”yt„\k”kk”\m””\SIV143.tmp"
Fri 7 Sep 2007 0 ..SH. --- "C:\Documents and Settings\Marjatta Kentt„l„\Ty”p”yt„\k”kk”\m”uuu\SIV23.tmp"
Sat 13 Jan 2007 658,392 A..H. --- "C:\Documents and Settings\Marjatta Kentt„l„.MARJATTA-LL6CMI\Ty”p”yt„\Mirja\k”kk”\p””\SIV499.tmp"
Sat 13 Jan 2007 621,043 A..H. --- "C:\Documents and Settings\Marjatta Kentt„l„.MARJATTA-LL6CMI\Ty”p”yt„\Mirja\k”kk”\p””\SIV4C4.tmp"
Tue 8 May 2007 260,601 A..H. --- "C:\Documents and Settings\Marjatta Kentt„l„.MARJATTA-LL6CMI\Ty”p”yt„\Mirja\k”kk”\m””\SIV143.tmp"
Fri 7 Sep 2007 0 A..H. --- "C:\Documents and Settings\Marjatta Kentt„l„.MARJATTA-LL6CMI\Ty”p”yt„\Mirja\k”kk”\m”uuu\SIV23.tmp"
Fri 2 Feb 2007 630,689 A..H. --- "C:\Documents and Settings\Marjatta Kentt„l„.MARJATTA-LL6CMI\Ty”p”yt„\Mirja\k”kk”\jop”\SIV4C2.tmp"
Fri 28 Nov 2008 0 A..H. --- "C:\Documents and Settings\All Users\Application Data\SupportSoft\Sonera\SYSTEM\data\BIT13.tmp"
Fri 28 Nov 2008 0 A..H. --- "C:\Documents and Settings\Marjatta Kentt„l„.MARJATTA-LL6CMI\Local Settings\Application Data\SupportSoft\sonera\Marjatta Kentt„l„\data\BIT13.tmp"

Finished!

Hujo · Jan 31, 2009

Lataa OTMoveIt
OTMoveIt ja tallenna se työpöydällesi.

Tuplaklikkaa OTMoveIt.exe.
Klikkaa CleanUp!.
Valitse Yes kun kysytään "Begin cleanup Process?".
Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.

HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.

tonikokko · Jan 31, 2009

hmmm. Tiedätkö hujo mikä minun Mozilla Firefoxis on ku se ei anna ladata aina nuita tiedostoi esim. tuota OTmoveitttii. Lataa nyt sen IE:llä. Mitäs toi OTmoveit tekee?

Hujo · Jan 31, 2009

poistelee noita työkaluja

tyhjätääs toi restoore myös

1. Klikkaa käynnistä > Oma tietokone oikean puoleisella hiiren napilla
2. Valitse ominaisuudet
3. Valitse järjestelmän palauttaminen välilehti
4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa
5. Paina Käytä
6. Paina ok
7. Sammuta ja käynnistä
8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa
9. Käytä ja OK

Log in or Sign up

HJT-logi. Tarkistakaa nopiaa plz!

tonikokko Regular member

Hujo Guest

tonikokko Regular member

tonikokko Regular member

Hujo Guest

tonikokko Regular member

Hujo Guest

tonikokko Regular member

tonikokko Regular member

Hujo Guest

tonikokko Regular member

Hujo Guest

tonikokko Regular member

Hujo Guest

tonikokko Regular member

Hujo Guest

tonikokko Regular member

Hujo Guest

tonikokko Regular member

Hujo Guest

Share This Page

Log in or Sign up

HJT-logi. Tarkistakaa nopiaa plz!

tonikokko Regular member

Hujo Guest

tonikokko Regular member

tonikokko Regular member

Hujo Guest

tonikokko Regular member

Hujo Guest

tonikokko Regular member

tonikokko Regular member

Hujo Guest

tonikokko Regular member

Hujo Guest

tonikokko Regular member

Hujo Guest

tonikokko Regular member

Hujo Guest

tonikokko Regular member

Hujo Guest

tonikokko Regular member

Hujo Guest

Share This Page

Useful Searches