Hei! tiedostojen siirtoikkunat jäävät "jumiin" eikä niitä voi ottaa muuta kuin "lopettamalla koko prosessin" valintaa tehtävänhallinnasta. Missä lienee vika? Ja olis semmone ongelma ettei Hjackthis:kää mee enää päälle
. Pääsetkö vikasietotilaan ??? Käynnistä kone vikasietotilaan => OHJE Laita piilotiedostot näkyviin => OHJE Koita saada HJT logi täällä.
Kiitoksia kalminen! sain HJT-lokin hienosti! tässä se siis on: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:10:26, on 17.2.2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19019) Boot mode: Safe mode Running processes: C:\Windows\Explorer.EXE C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe C:\Windows\system32\wbem\unsecapp.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: D - {1E89D0A4-257B-32E3-A46A-CEAD3CD4D805} - C:\Windows\system32\xwr59139.dll (file missing) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing) O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.02\RivaTuner.exe" /S O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart O4 - HKLM\..\Run: [UsbBoost] C:\Program Files\UsbBoost\TurboHddUsb.exe O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s O4 - HKCU\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\\Programs\Remote\Remoterm.exe O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe -checktasks O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Nokia Internet Modem] "C:\Program Files\Nokia\Nokia Internet Modem\WellPhone2.exe" /background O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - L:\pelit\pokerstars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - L:\pelit\Dragon.Age.Origins.SKIDROW\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\Bin\Njeeves.exe O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Program Files\Norman\Ngs\Bin\Nprosec.exe O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\nse\bin\NSESVC.EXE O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE (file missing) O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Unknown owner - C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\Win32\RpcDataSrv.exe O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\RpcSandraSrv.exe O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Program Files\Norman\Npm\Bin\scheduler.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 24919 bytes jep siinä oli vikasietotilassa ajettu HJT-loki. Löytyykö mitään? Kiitän ja kumarran etukäteen
. Pöpöjä on ainakin ollut !!! Lataa työpöydälle ja aja vikasiedossa => Lataa Malwarebytes' Anti-Malware työpöydällesi. Jos linkki ei toimi, voit ladata myös seuraavista linkeistä: Linkki1 Linkki2 * Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman. * Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta. * Jos päivitys löytyy, ohjelma lataa ja asentaa uusimman version. * Jos päivityksien lataaminen ei onnistu, voit ladata päivitykset TÄSTÄ. Tuplaklikkaa mbam-rules.exe asentaaksesi päivitykset. * Kun ohjelma on latautunut ja päivitykset tehty, valitse Suorita täysi tarkistus ja klikkaa Tarkista. * Kun tarkistus on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset. * Varmistu, että kaikki on merkitty ja klikkaa Poista valitut. * Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt * Lähetä lokin sisältö seuraavassa viestissäsi.[/list] Huom. Jos Mbam ei pystynyt poistamaan tiedostoa, se pyytää sinua käynnistämään koneesi uudelleen. Käynnistä koneesi silloin uudelleen heti. Mbam voi tehdä muutoksia rekisteriisi osana puhdistusta. Jos käytät suojausohjelmaa, joka havaitsee rekisterin muutokset, salli Mbamin tehdä muutokset. -------------------------------------------------------------------------- Normaalitilassa jos onnistuu => (jos ei, niin F 8 sitten) Mene Windowsin ControlPaneliin (Ohjauspaneli) ja sieltä Lisää / Poista sovellus Vistassa (7) Ohjelmat ja toiminnot Etsi ja poista ohjelma jonka nimessä on: kaikki => Norman ZANDA ---------------------------------------------------------------- Laita varmuudeksi Windowsin palomuuri päälle Ohjauspanelin => Windows palomuuri kuvakkeesta. *************************************************************** Poista ne rivit jotka ovat vielä jäljellä: Kun käynnistät HijackThis =(HJT) ohjelman tee se hiiren oikealla napilla ja valitset Suorita Järjestelmänvalvojana (HJT sammuttaa ohjelman ei poista) Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa) ja Scan ja ruksaa seuraavat punaisella listatut rivit sekä sammuta ne. (fix Chekked napista) O2 - BHO: D - {1E89D0A4-257B-32E3-A46A-CEAD3CD4D805} - C:\Windows\system32\xwr59139.dll (file missing) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing) O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing) O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll ---------------------------------------------------------------- Tyhjennä roskakori ja käynnistä koneesi uudelleen. Poista kansio/t, jos löytyy: C:\Program Files\Ask.com\ C:\Program Files\Norman\ Postita tänne seuraavat logit: * Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta) * Kopioi Malwarebytes' Anti-Malwaren Logitiedostot välilehdeltä uusin logi tänne. * * Mikä on tilanne ??? *
Kiitoksia avusta! Sain kaikki muut tehtyä paitsi en millään pystynyt poistamaan tuota Normannia. Sitä ei löytynyt ohjauspaneelin ohjelmista eikä sen kansiota pystynyt poistamaan edes vikasietotilassa. windows sanoo vaan että tarvitaan käyttöoikeudet sen poistamiseen. Ja sitten tuota ensimmäistä kohtaa HJT-lokissa en enää löytänyt. Pistän nyt tuoreimman HJT-jaMBAM-lokin: HJT-loki: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:42:52, on 18.2.2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19019) Boot mode: Safe mode with network support Running processes: C:\Windows\Explorer.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.02\RivaTuner.exe" /S O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [UsbBoost] C:\Program Files\UsbBoost\TurboHddUsb.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s O4 - HKCU\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\\Programs\Remote\Remoterm.exe O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe -checktasks O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Nokia Internet Modem] "C:\Program Files\Nokia\Nokia Internet Modem\WellPhone2.exe" /background O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu') O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Verkkopalvelu') O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - L:\pelit\pokerstars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - L:\pelit\Dragon.Age.Origins.SKIDROW\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Unknown owner - C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE (file missing) O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\Bin\Njeeves.exe (file missing) O23 - Service: Norman ZANDA - Unknown owner - C:\Program Files\Norman\Npm\Bin\Zanda.exe (file missing) O23 - Service: Norman Security service (NPROSECSVC) - Unknown owner - C:\Program Files\Norman\Ngs\Bin\Nprosec.exe (file missing) O23 - Service: Norman Scanner Engine Service (nsesvc) - Unknown owner - C:\Program Files\Norman\nse\bin\NSESVC.EXE (file missing) O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE (file missing) O23 - Service: Norman Resource Provider (NVOY) - Unknown owner - C:\Program Files\Norman\npm\bin\nvoy.exe (file missing) O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Unknown owner - C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\Win32\RpcDataSrv.exe O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\RpcSandraSrv.exe O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Norman Scheduler Service (Scheduler) - Unknown owner - C:\Program Files\Norman\Npm\Bin\scheduler.exe (file missing) O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 23483 bytes Ja sitten MBAM-loki: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Tietokantaversio: 5786 Windows 6.0.6002 Service Pack 2 (Safe Mode) Internet Explorer 8.0.6001.19019 18.2.2011 6:22:27 mbam-log-2011-02-18 (06-22-27).txt Tarkistustyyppi: Täysi tarkistus (C:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|) Tarkistettuja kohteita: 455899 Kulunut aika: 1 tunti(a), 16 minuutti(a), 55 sekunti(a) Saastuneita muistiprosesseja: 0 Saastuneita muistimoduuleja: 0 Saastuneita rekisteriavaimia: 7 Saastuneita rekisteriarvoja: 1 Saastuneita rekisterikohteita: 0 Saastuneita kansioita: 0 Saastuneita tiedostoja: 2 Saastuneita muistiprosesseja: (Ei haitallisia kohteita) Saastuneita muistimoduuleja: (Ei haitallisia kohteita) Saastuneita rekisteriavaimia: HKEY_CLASSES_ROOT\D (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\D.1 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E89D0A4-257B-32E3-A46A-CEAD3CD4D805} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1E89D0A4-257B-32E3-A46A-CEAD3CD4D805} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1E89D0A4-257B-32E3-A46A-CEAD3CD4D805} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1E89D0A4-257B-32E3-A46A-CEAD3CD4D805} (Trojan.BHO) -> Quarantined and deleted successfully. Saastuneita rekisteriarvoja: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\w32id (Spyware.OnlineGames) -> Value: w32id -> Quarantined and deleted successfully. Saastuneita rekisterikohteita: (Ei haitallisia kohteita) Saastuneita kansioita: (Ei haitallisia kohteita) Saastuneita tiedostoja: e:\pelit\ragdoll masters 3.0\ragdoll masters 3.0\Patch.exe (Trojan.Bancos) -> Quarantined and deleted successfully. l:\ohjelmat\convertxtodvd 3.3.4.106e and keygen [1337x]\Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully. Siinä olis sitten. Kiittäisin taas paljon avusta
. - Lataa työpöydälle => Norman Uninstall Kopioi Delnvc5.exe => C:\Delnvc5.exe juureen. Paina Windowsnappi+ R kirjain ja kopioi Avaa: laatikkoon delnvc5 C:\Program Files\Norman ja OK Koneen uudelleen käynnistys. ----------------------------------------------------------- Jokohan seuraava onnistuisi Normitilassa => Lataa työpöydälle => TÄMÄ * Sulje kaikki päälläolevat ikkunat ja sovellukset. * Tuplaklikkaa OTL.exeä käynnistääksesi OTListIt:n. * laita ruxit kuvanmukaan => * Klikkaa Run Scan nappulaa. * Kun tarkistus on valmis, OTListIt luo kaksi tekstitiedostoa työpöydälle, tai alapalkkiin OTListIt.Txt ja Extras.txt * Kopioi ja lähetä tiedostojen sisältö tänne. - Onko koneella tapahtunut minkäänlaista edistystä ???
Joo tattista vaan sain ton normannin poistettua nytte. Ja tässä tulee OTL-loki ja Extras: OTL-loki: OTL logfile created on: 20.2.2011 20:00:46 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Omistaja\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 0000040B | Country: Suomi | Language: FIN | Date Format: d.M.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 52,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 74,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 173,99 Gb Total Space | 21,52 Gb Free Space | 12,37% Space Free | Partition Type: NTFS Drive E: | 45,22 Gb Total Space | 21,54 Gb Free Space | 47,64% Space Free | Partition Type: NTFS Drive L: | 232,88 Gb Total Space | 42,89 Gb Free Space | 18,42% Space Free | Partition Type: NTFS Computer Name: OMISTAJA-PC | User Name: Omistaja | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.02.20 19:59:00 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Omistaja\Desktop\OTL.exe PRC - [2011.02.14 21:40:19 | 000,751,432 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe PRC - [2011.01.07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe PRC - [2011.01.07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe PRC - [2011.01.06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe PRC - [2011.01.06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe PRC - [2010.12.26 15:26:25 | 003,788,800 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files\UsbBoost\TurboHddUsb.exe PRC - [2010.12.05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe PRC - [2010.12.05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe PRC - [2010.10.22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe PRC - [2010.10.22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe PRC - [2010.09.22 11:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe PRC - [2009.12.17 11:23:54 | 001,962,648 | ---- | M] (SmartCom) -- C:\Program Files\Nokia\Nokia Internet Modem\Wellphone2.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.04.04 20:37:59 | 000,088,584 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe PRC - [2008.03.05 10:00:12 | 001,560,576 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\RALINK\Common\RaUI.exe PRC - [2008.02.22 17:10:38 | 000,054,272 | ---- | M] () -- C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe PRC - [2008.01.19 09:33:19 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\p2phost.exe PRC - [2007.11.03 10:05:39 | 000,069,120 | ---- | M] (Autodata Limited) -- C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe PRC - [2001.11.12 23:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe ========== Modules (SafeList) ========== MOD - [2011.02.20 19:59:00 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Omistaja\Desktop\OTL.exe MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (Scheduler) SRV - File not found [On_Demand | Stopped] -- -- (nsesvc) SRV - File not found [Auto | Stopped] -- -- (NPROSECSVC) SRV - File not found [Auto | Stopped] -- -- (Norman ZANDA) SRV - File not found [On_Demand | Stopped] -- -- (Norman NJeeves) SRV - [2011.01.20 15:44:03 | 000,797,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2011.01.06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2010.11.25 09:49:46 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service) SRV - [2010.10.22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd) SRV - [2010.09.22 23:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2010.09.22 15:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.22 11:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.07.26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- L:\pelit\Dragon.Age.Origins.SKIDROW\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2008.08.21 15:07:38 | 000,087,288 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2008.02.22 17:10:38 | 000,054,272 | ---- | M] () [Auto | Running] -- C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.11.06 09:36:34 | 000,352,768 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2007.11.03 10:05:39 | 000,069,120 | ---- | M] (Autodata Limited) [Auto | Running] -- C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe -- (Autodata Limited License Service) SRV - [2006.11.16 15:00:36 | 001,138,880 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\RpcSandraSrv.exe -- (SandraTheSrv) SRV - [2006.11.16 14:59:58 | 000,123,064 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\Win32\RpcDataSrv.exe -- (SandraDataSrv) SRV - [2005.11.14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2001.11.12 23:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - [2010.12.26 15:26:25 | 000,023,680 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FNETTBOH.SYS -- (FNETTBOH) DRV - [2010.12.26 15:26:25 | 000,007,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\FNETURPX.SYS -- (FNETURPX) DRV - [2010.12.08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2010.11.12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2010.09.22 23:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr) DRV - [2010.09.13 15:27:40 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH) DRV - [2010.09.07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2010.09.07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86) DRV - [2010.08.19 20:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver) DRV - [2010.08.19 20:42:38 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim) DRV - [2010.08.19 20:42:36 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter) DRV - [2009.10.30 22:55:12 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2009.10.30 22:55:10 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.10.30 22:25:58 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2009.08.05 17:03:02 | 000,027,648 | ---- | M] (Icera Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nokiappo.sys -- (nokiappo) DRV - [2009.08.05 17:03:02 | 000,019,968 | ---- | M] (Icera Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nokiacpo.sys -- (nokiacpo) DRV - [2009.03.15 12:25:46 | 000,056,268 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu) DRV - [2008.08.21 06:54:09 | 003,928,576 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.02.26 16:17:28 | 000,493,568 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73) DRV - [2008.01.25 00:09:34 | 000,048,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore) DRV - [2008.01.25 00:09:24 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid) DRV - [2008.01.25 00:09:04 | 000,028,168 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter) DRV - [2008.01.25 00:08:54 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum) DRV - [2008.01.19 07:49:39 | 000,521,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xnacc.sys -- (xnacc) DRV - [2007.11.14 20:53:10 | 000,014,864 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO) DRV - [2007.10.12 03:40:14 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdide.sys -- (amdide) DRV - [2007.07.01 21:20:00 | 000,008,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\RivaTuner v2.02\RivaTuner32.sys -- (RivaTuner32) DRV - [2007.07.01 21:20:00 | 000,004,224 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\NVStrap.sys -- (NVStrap) DRV - [2007.04.03 09:43:28 | 001,131,136 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32) DRV - [2007.02.22 10:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcd.sys -- (nmwcd) DRV - [2007.02.22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcm.sys -- (nmwcdcm) DRV - [2007.02.22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcj.sys -- (nmwcdcj) DRV - [2007.02.22 10:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdc.sys -- (nmwcdc) DRV - [2006.12.05 11:21:00 | 004,456,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2006.12.01 14:38:58 | 001,655,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006.12.01 01:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2006.11.24 17:40:50 | 000,050,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2006.11.22 07:53:02 | 001,121,536 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid) DRV - [2006.11.17 20:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) DRV - [2006.11.09 17:07:56 | 000,020,384 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\sandra.sys -- (SANDRA) DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006.11.02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006.11.02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006.11.02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2006.09.24 15:28:47 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan) DRV - [2006.07.14 14:55:42 | 000,089,344 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) NVIDIA nForce(tm) DRV - [2006.07.14 14:55:34 | 000,105,088 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvatabus.sys -- (nvatabus) DRV - [2006.05.11 11:30:52 | 000,247,808 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor) DRV - [2005.01.11 17:58:48 | 000,030,976 | ---- | M] (Silicon Integrated Systems Corp) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fi.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fi IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6B B4 95 2F 4E 86 CB 01 [binary data] IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll () IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.80 FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178 FF - prefs.js..extensions.enabledItems: avg@igeared:6.011.025.001 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {5b175400-2368-11de-8c30-0800200c9a66}:1.9 FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010.12.28 14:58:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011.01.12 21:43:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 07:17:32 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 07:17:32 | 000,000,000 | ---D | M] [2009.02.20 00:02:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Omistaja\AppData\Roaming\mozilla\Extensions [2011.02.20 19:38:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Omistaja\AppData\Roaming\mozilla\Firefox\Profiles\jaso77km.default\extensions [2010.08.03 19:01:41 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Users\Omistaja\AppData\Roaming\mozilla\Firefox\Profiles\jaso77km.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb} [2009.07.16 15:52:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Omistaja\AppData\Roaming\mozilla\Firefox\Profiles\jaso77km.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.03 18:59:08 | 000,000,000 | ---D | M] (Oskar) -- C:\Users\Omistaja\AppData\Roaming\mozilla\Firefox\Profiles\jaso77km.default\extensions\{5b175400-2368-11de-8c30-0800200c9a66} [2010.05.01 14:23:13 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\Omistaja\AppData\Roaming\mozilla\Firefox\Profiles\jaso77km.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2010.08.03 19:01:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Omistaja\AppData\Roaming\mozilla\Firefox\Profiles\jaso77km.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions [2009.10.30 22:35:49 | 000,002,399 | ---- | M] () -- C:\Users\Omistaja\AppData\Roaming\Mozilla\Firefox\Profiles\jaso77km.default\searchplugins\daemon-search.xml [2011.02.18 19:37:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2007.05.29 22:36:12 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.04.19 09:19:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.09.25 01:44:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011.02.07 20:40:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2010.12.28 14:58:17 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX [2011.01.12 21:43:09 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="6.011.025.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED [2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010.10.10 18:54:36 | 000,002,062 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bookplus-fi.xml [2010.10.10 18:54:36 | 000,001,069 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons-fi.xml [2010.10.10 18:54:37 | 000,002,677 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\huuto-fi.xml [2010.10.10 18:54:37 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fi.xml [2010.10.10 18:54:37 | 000,001,100 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-fi.xml O1 HOSTS File: ([2010.04.30 14:56:09 | 000,001,798 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 adobe.activate.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 www.adobeereg.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 125.252.224.90 O1 - Hosts: 127.0.0.1 125.252.224.91 O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com O2 - BHO: (Adobe PDF Reader -linkkiavustaja) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll () O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll () O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Norman ZANDA] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia) O4 - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files\RivaTuner v2.02\RivaTuner.exe () O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UsbBoost] C:\Program Files\UsbBoost\TurboHddUsb.exe (FNet Co., Ltd.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [CollaborationHost] C:\Windows\System32\p2phost.exe (Microsoft Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [Nokia Internet Modem] C:\Program Files\Nokia\Nokia Internet Modem\WellPhone2.exe (SmartCom) O4 - HKCU..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe (Pinnacle Systems GmbH) O4 - HKCU..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\\Programs\Remote\Remoterm.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - L:\pelit\pokerstars\PokerStarsUpdate.exe (PokerStars) O13 - gopher Prefix: missing O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.1 O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll () O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Omistaja\AppData\Roaming\Microsoft\Windows Photo Gallery\Windowsin valokuvavalikoiman taustakuva.jpg O24 - Desktop BackupWallPaper: C:\Users\Omistaja\AppData\Roaming\Microsoft\Windows Photo Gallery\Windowsin valokuvavalikoiman taustakuva.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{4b745145-2647-11e0-9501-002127f4b7e2}\Shell - "" = AutoRun O33 - MountPoints2\{4b745145-2647-11e0-9501-002127f4b7e2}\Shell\AutoRun\command - "" = N:\application\Setup.exe O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.02.20 19:58:58 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Omistaja\Desktop\OTL.exe [2011.02.20 19:38:34 | 000,229,441 | ---- | C] (Norman ASA) -- C:\Program Files\Delnvc5.exe [2011.02.20 19:32:46 | 000,229,441 | ---- | C] (Norman ASA) -- C:\Delnvc5.exe [2011.02.20 19:30:36 | 000,229,441 | ---- | C] (Norman ASA) -- C:\Users\Omistaja\Desktop\Delnvc5.exe [2011.02.17 22:25:53 | 000,000,000 | ---D | C] -- C:\Users\Omistaja\AppData\Roaming\Malwarebytes [2011.02.17 22:25:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.02.17 22:25:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.02.17 22:25:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.02.17 22:25:41 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.02.17 22:25:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.02.17 18:00:08 | 000,000,000 | ---D | C] -- C:\Users\Omistaja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2011.02.10 18:13:00 | 000,000,000 | ---D | C] -- C:\Users\Omistaja\Desktop\modpiiri [2011.02.09 19:19:42 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.02.09 19:19:39 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.02.09 19:19:38 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.02.09 19:19:19 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2011.02.09 19:19:19 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.02.09 19:19:19 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll [2011.02.09 19:19:18 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2011.02.09 19:19:18 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011.02.09 19:19:18 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2011.02.09 19:19:17 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2011.02.09 19:19:17 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.02.09 19:19:17 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2011.02.09 19:19:17 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011.02.09 19:19:17 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2011.02.09 19:19:16 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2011.02.09 19:19:15 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2011.02.09 19:19:15 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2011.02.09 19:19:15 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2011.02.09 19:19:14 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011.02.09 19:19:14 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2011.02.09 19:19:14 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2011.02.09 19:19:13 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2011.02.09 19:19:13 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2011.02.09 19:19:13 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2011.02.09 19:19:13 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2011.02.09 19:19:10 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2011.02.09 19:19:10 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011.02.09 19:19:09 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2011.02.09 19:18:12 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.02.09 19:18:12 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.02.09 19:18:12 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.02.09 19:18:12 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.02.09 19:18:11 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.02.09 19:18:11 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.02.09 19:18:11 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.02.09 19:18:11 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.02.09 19:18:11 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.02.09 19:18:11 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.02.09 19:18:11 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.02.09 19:18:10 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.02.09 19:18:10 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.02.09 19:18:10 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.02.09 19:18:10 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.02.09 19:18:10 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.02.09 19:18:10 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.02.09 19:18:02 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.02.09 19:18:02 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.02.07 20:40:22 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.02.07 20:40:22 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.02.07 20:40:22 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.01.29 14:02:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft [2011.01.22 18:55:07 | 000,000,000 | ---D | C] -- C:\Users\Omistaja\AppData\Local\SmartCom [2011.01.22 18:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\f-secure [2011.01.22 18:54:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SmartCom [2011.01.22 18:53:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia Internet Modem [2010.07.12 09:12:26 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Omistaja\AppData\Roaming\pcouffin.sys [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.02.20 20:03:58 | 005,242,880 | -HS- | M] () -- C:\Users\Omistaja\ntuser.dat [2011.02.20 20:03:35 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2C66A7F2-7C25-427A-88FE-4941E80DA044}.job [2011.02.20 19:59:00 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Omistaja\Desktop\OTL.exe [2011.02.20 19:48:42 | 001,233,094 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2011.02.20 19:48:42 | 000,599,450 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.02.20 19:48:42 | 000,447,480 | ---- | M] () -- C:\Windows\System32\perfh00B.dat [2011.02.20 19:48:42 | 000,106,686 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.02.20 19:48:42 | 000,087,588 | ---- | M] () -- C:\Windows\System32\perfc00B.dat [2011.02.20 19:44:25 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI [2011.02.20 19:42:04 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.02.20 19:42:04 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2011.02.20 19:42:03 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.02.20 19:41:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.02.20 19:41:54 | 2145,968,128 | -HS- | M] () -- C:\hiberfil.sys [2011.02.20 19:40:56 | 000,524,288 | -HS- | M] () -- C:\Users\Omistaja\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2011.02.20 19:40:56 | 000,065,536 | -HS- | M] () -- C:\Users\Omistaja\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2011.02.20 19:40:55 | 003,626,300 | -H-- | M] () -- C:\Users\Omistaja\AppData\Local\IconCache.db [2011.02.20 19:31:14 | 000,229,441 | ---- | M] (Norman ASA) -- C:\Users\Omistaja\Desktop\Delnvc5.exe [2011.02.20 19:31:14 | 000,229,441 | ---- | M] (Norman ASA) -- C:\Program Files\Delnvc5.exe [2011.02.20 19:31:14 | 000,229,441 | ---- | M] (Norman ASA) -- C:\Delnvc5.exe [2011.02.20 19:30:40 | 106,615,315 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2011.02.20 19:26:55 | 003,744,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.02.17 22:25:44 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.17 21:30:40 | 000,178,688 | ---- | M] () -- C:\Users\Omistaja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.17 21:17:14 | 000,000,000 | ---- | M] () -- C:\Users\Omistaja\AppData\Local\prvlcl.dat [2011.02.17 18:01:18 | 000,002,529 | ---- | M] () -- C:\Users\Omistaja\Desktop\HiJackThis.lnk [2011.02.14 18:27:45 | 000,392,326 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm [2011.02.09 23:50:58 | 000,012,695 | ---- | M] () -- C:\Users\Omistaja\Documents\tuomas ritoniemityöhakemus.docx [2011.02.09 23:01:37 | 000,029,696 | ---- | M] () -- C:\Users\Omistaja\Documents\Tuomas RitoniemiTyöhakemus.doc [2011.02.03 17:55:08 | 000,009,921 | ---- | M] () -- C:\Users\Omistaja\Documents\tuomas ritoniemityöhakemus.pdf [2011.01.29 15:30:31 | 000,000,878 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk [2011.01.27 12:58:23 | 000,000,836 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk [2011.01.22 18:55:19 | 000,000,564 | ---- | M] () -- C:\Users\Omistaja\AppData\Local\FSCache.dat [2011.01.22 18:53:09 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\Asenna Sonera Tietoturva.lnk [2011.01.22 18:53:04 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Internet Modem.lnk [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.02.20 19:40:54 | 003,626,300 | -H-- | C] () -- C:\Users\Omistaja\AppData\Local\IconCache.db [2011.02.20 19:25:29 | 2145,968,128 | -HS- | C] () -- C:\hiberfil.sys [2011.02.17 22:25:44 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.03 17:55:07 | 000,009,921 | ---- | C] () -- C:\Users\Omistaja\Documents\tuomas ritoniemityöhakemus.pdf [2011.01.22 18:55:19 | 000,000,564 | ---- | C] () -- C:\Users\Omistaja\AppData\Local\FSCache.dat [2011.01.22 18:53:09 | 000,002,187 | ---- | C] () -- C:\Users\Public\Desktop\Asenna Sonera Tietoturva.lnk [2011.01.22 18:53:04 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Internet Modem.lnk [2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.10.11 19:12:45 | 000,000,000 | ---- | C] () -- C:\Users\Omistaja\AppData\Local\prvlcl.dat [2010.07.12 09:19:04 | 000,001,057 | ---- | C] () -- C:\Users\Omistaja\AppData\Roaming\vso_ts_preview.xml [2010.07.12 09:15:28 | 000,000,033 | ---- | C] () -- C:\Users\Omistaja\AppData\Roaming\pcouffin.log [2010.07.12 09:12:26 | 000,087,608 | ---- | C] () -- C:\Users\Omistaja\AppData\Roaming\inst.exe [2010.07.12 09:12:26 | 000,007,887 | ---- | C] () -- C:\Users\Omistaja\AppData\Roaming\pcouffin.cat [2010.07.12 09:12:26 | 000,001,144 | ---- | C] () -- C:\Users\Omistaja\AppData\Roaming\pcouffin.inf [2010.02.21 03:48:22 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.10.30 22:55:12 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.10.30 22:55:10 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.10.20 16:42:12 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.10.20 16:41:53 | 000,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll [2009.08.16 09:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.05.29 14:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.05.29 14:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.05.10 20:51:05 | 049,064,803 | ---- | C] () -- C:\Program Files\PLvsZOD_KTB.7z [2009.05.10 16:37:53 | 000,070,160 | ---- | C] () -- C:\Users\Omistaja\AppData\Roaming\GDIPFONTCACHEV1.DAT [2009.05.09 17:50:57 | 000,000,839 | ---- | C] () -- C:\Users\Omistaja\AppData\Local\RT73_{86252DF3-6785-4509-9A5E-FFC2E8E9A81A}_sta [2009.05.09 17:50:27 | 000,000,835 | ---- | C] () -- C:\Users\Omistaja\AppData\Local\RT73_{86252DF3-6785-4509-9A5E-FFC2E8E9A81A}_prof [2009.04.19 17:35:04 | 000,126,976 | ---- | C] () -- C:\Windows\gdf.dll [2009.04.15 18:16:08 | 000,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll [2009.04.15 18:14:09 | 000,196,096 | ---- | C] () -- C:\Windows\System32\MACD32.DLL [2009.04.15 18:14:09 | 000,138,752 | ---- | C] () -- C:\Windows\System32\MASE32.DLL [2009.04.15 18:14:09 | 000,136,192 | ---- | C] () -- C:\Windows\System32\MAMC32.DLL [2009.04.15 18:14:09 | 000,057,856 | ---- | C] () -- C:\Windows\System32\MASD32.DLL [2009.04.15 18:14:09 | 000,027,648 | ---- | C] () -- C:\Windows\System32\MA32.DLL [2009.01.15 17:29:49 | 000,000,398 | ---- | C] () -- C:\Windows\ODBC.INI [2008.10.30 17:07:52 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2008.10.30 17:07:51 | 000,022,328 | ---- | C] () -- C:\Users\Omistaja\AppData\Roaming\PnkBstrK.sys [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.09.12 14:21:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2008.06.10 20:25:06 | 000,002,032 | ---- | C] () -- C:\Users\Omistaja\AppData\Local\d3d9caps.dat [2008.06.05 20:28:32 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini [2008.05.23 16:07:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.01.18 17:22:39 | 000,053,066 | ---- | C] () -- C:\Users\Omistaja\AppData\Roaming\NMM-MetaData.db [2008.01.14 16:51:07 | 000,000,280 | ---- | C] () -- C:\Windows\_delis32.ini [2008.01.04 11:24:30 | 000,000,096 | ---- | C] () -- C:\Users\Omistaja\AppData\Local\fusioncache.dat [2007.10.15 09:32:04 | 000,000,286 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2007.08.11 21:33:26 | 000,004,224 | ---- | C] () -- C:\Windows\System32\drivers\NVStrap.sys [2007.07.29 22:31:43 | 000,020,204 | ---- | C] () -- C:\Users\Omistaja\AppData\Roaming\UserTile.png [2007.06.09 21:58:28 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2007.05.29 21:17:28 | 000,178,688 | ---- | C] () -- C:\Users\Omistaja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.05.22 15:28:18 | 000,105,536 | ---- | C] () -- C:\Users\Omistaja\AppData\Local\GDIPFONTCACHEV1.DAT [2007.05.18 03:52:26 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007.03.29 23:00:40 | 000,203,264 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll [2007.02.05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2007.01.30 21:12:16 | 000,135,168 | ---- | C] () -- C:\Windows\System32\property.dll [2006.11.02 14:50:50 | 000,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 001,233,094 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI [2006.11.02 12:24:31 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini [2006.11.02 12:23:31 | 000,000,414 | ---- | C] () -- C:\Windows\win.ini [2006.11.02 12:23:31 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:09:45 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys [2006.11.02 09:09:44 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS [2006.11.02 09:09:44 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS [2006.11.02 09:09:42 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS [2006.11.02 09:09:41 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS [2006.11.02 09:09:40 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS [2006.11.02 09:09:38 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS [2006.11.02 09:09:35 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS [2006.11.02 09:09:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS [2006.11.02 09:09:29 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS [2006.11.02 09:09:26 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS [2006.11.02 09:09:24 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS [2006.11.02 09:09:23 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS [2006.11.02 09:09:22 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS [2006.11.02 09:09:20 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS [2006.11.02 08:25:08 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll [2006.08.11 19:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll [2003.09.09 06:30:32 | 000,011,376 | R--- | C] () -- C:\Windows\System32\drivers\SECDRV.SYS [1999.01.27 13:39:06 | 000,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll [1997.06.13 07:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll [1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys ========== LOP Check ========== [2011.02.14 22:34:46 | 000,000,000 | ---D | M] -- C:\Users\Omistaja\AppData\Roaming\AVG [2010.12.07 20:24:21 | 000,000,000 | ---D | M] -- C:\Users\Omistaja\AppData\Roaming\AVG10 [2008.10.09 16:25:00 | 000,000,000 | ---D | M] -- C:\Users\Omistaja\AppData\Roaming\Bioshock [2008.09.16 17:03:14 | 000,000,000 | ---D | M] -- C:\Users\Omistaja\AppData\Roaming\BSplayer [2010.05.08 14:06:12 | 000,000,000 | ---D | M] -- C:\Users\Omistaja\AppData\Roaming\BSplayer Pro [2009.10.30 22:39:45 | 000,000,000 | ---D | M] -- C:\Users\Omistaja\AppData\Roaming\DAEMON Tools Lite [2009.05.22 07:19:17 | 000,000,000 | ---D | M] -- C:\Users\Omistaja\AppData\Roaming\FOG Downloader [2011.01.04 16:34:42 | 000,000,000 | ---D | M] -- C:\Users\Omistaja\AppData\Roaming\foobar2000 [2008.11.23 18:30:39 | 000,000,000 | ---D | M] -- C:\Users\Omistaja\AppData\Roaming\Leadertech [2008.04.22 20:59:13 | 000,000,000 | ---D | M] -- C:\Users\Omistaja\AppData\Roaming\LimeWire [2008.01.18 17:22:39 | 000,000,000 | ---D | M] -- C:\Users\Omistaja\AppData\Roaming\Nokia [2007.05.30 07:29:45 | 000,000,000 | ---D | M] -- C:\Users\Omistaja\AppData\Roaming\Opera [2008.07.20 19:35:55 | 000,000,000 | ---D | M] -- C:\Users\Omistaja\AppData\Roaming\PC Suite [2009.03.28 11:10:31 | 000,000,000 | ---D | M] -- C:\Users\Omistaja\AppData\Roaming\PeerNetworking [2008.09.09 09:45:45 | 000,000,000 | ---D | M] -- C:\Users\Omistaja\AppData\Roaming\SPORE [2008.10.28 20:32:11 | 000,000,000 | ---D | M] -- C:\Users\Omistaja\AppData\Roaming\SystemRequirementsLab [2011.02.18 19:03:26 | 000,000,000 | ---D | M] -- C:\Users\Omistaja\AppData\Roaming\uTorrent [2010.05.02 15:39:31 | 000,000,000 | ---D | M] -- C:\Users\Omistaja\AppData\Roaming\VistaCodecs [2010.07.12 09:33:34 | 000,000,000 | ---D | M] -- C:\Users\Omistaja\AppData\Roaming\Vso [2011.02.20 19:41:07 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.02.20 20:03:35 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2C66A7F2-7C25-427A-88FE-4941E80DA044}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4 < End of report > Extras: OTL Extras logfile created on: 20.2.2011 20:00:46 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Omistaja\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 0000040B | Country: Suomi | Language: FIN | Date Format: d.M.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 52,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 74,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 173,99 Gb Total Space | 21,52 Gb Free Space | 12,37% Space Free | Partition Type: NTFS Drive E: | 45,22 Gb Total Space | 21,54 Gb Free Space | 47,64% Space Free | Partition Type: NTFS Drive L: | 232,88 Gb Total Space | 42,89 Gb Free Space | 18,42% Space Free | Partition Type: NTFS Computer Name: OMISTAJA-PC | User Name: Omistaja | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{065A85D7-2450-4825-AC1E-561CF5FA3A14}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{1346C13A-3E12-4D1E-A486-81466B1328BA}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{146BDB74-0D00-4713-BDEF-4CF62568DF1E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{1986C60D-9F8A-46E4-B41B-15897EE27BCC}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{1F94B5EE-85D5-4EC0-87D0-C21753708300}" = rport=445 | protocol=6 | dir=out | app=system | "{1FBCC041-0363-4EDE-BE6E-9558E77A5AF8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2121DCC7-D701-471D-94D9-97C319A2BB20}" = lport=18665 | protocol=6 | dir=in | name=bitcomet 18665 tcp | "{21FF7086-720D-41DC-B01F-1CEDC3924723}" = lport=139 | protocol=6 | dir=in | app=system | "{297E0D40-3B79-455D-9A59-9983B73A09FE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{29A147CA-50E6-49CE-B738-092C73BDDBE3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2AA9F464-9553-4878-B50A-6B09588CA9A0}" = lport=18665 | protocol=17 | dir=in | name=bitcomet 18665 udp | "{2CFEBABD-7883-4219-937D-DFB1E1BEE70D}" = lport=10243 | protocol=6 | dir=in | app=system | "{36FB76B3-1A64-480C-B021-1947F9DB7205}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{37C00FDE-0B77-4E42-8BA0-9A9B860DBA6D}" = lport=138 | protocol=17 | dir=in | app=system | "{3AE70D46-9EC0-40ED-AB42-41162C3E8DB7}" = rport=138 | protocol=17 | dir=out | app=system | "{4475E20C-66DE-4723-B7C5-8CC4D4E8CD04}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4ED14122-808A-4DE5-B1F8-9D632AB95F81}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | "{55FBE067-C234-4545-A51E-44B91D433429}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{666E956E-F7F3-48F6-B104-8602001356A9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{6A7C9F48-FFDE-44ED-9AEF-F9C86D24C51C}" = rport=137 | protocol=17 | dir=out | app=system | "{74D48586-7CC7-44EF-ADFC-45F093413CB4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{75D7DFEE-A190-415E-943F-22FE0F1B646E}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{7FD6060D-3083-4AE1-8CD7-3B310325FB87}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{81744921-DB04-4F11-81E7-F0729C7EEED1}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{85AAA289-EA86-4820-AEC0-7E283EF1984E}" = lport=137 | protocol=17 | dir=in | app=system | "{886E2678-7B3B-4E0B-914E-275A57D6D723}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{887B6F80-23F4-4A42-BFA8-1F7FC02AECB8}" = lport=2869 | protocol=6 | dir=in | app=system | "{8AD1051B-BA2A-4272-9B38-6A2956D9195F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8FC086AC-A0C8-47DB-9571-4E0F5F80D586}" = lport=2869 | protocol=6 | dir=in | app=system | "{95BA5E33-D13A-4FB1-804A-016B479E133D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{9A0DEAC9-F948-4001-A400-851D5EFD4124}" = lport=445 | protocol=6 | dir=in | app=system | "{9DCAABF4-3FA0-4F0F-AFAD-DE6FBEB37501}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | "{A60D5E17-4086-4A60-BDBF-2F1548C48759}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | "{A8914A94-71D2-485A-A01C-CC7EEF23BB96}" = rport=10243 | protocol=6 | dir=out | app=system | "{B24F4814-FC35-467E-BD48-331CC398E8D2}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{B6DA5452-F28F-4470-9D57-8C1C90F631A9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{BA75F9CA-5267-44CF-B335-BA865F3A0D55}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BC089F0C-E0B9-47BA-B714-CA8300B5333B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C3EA828F-086B-4BB9-9555-D9A100C4FF6D}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{D3B2B6C6-918F-4378-BF10-582FBBDA7AE3}" = rport=2869 | protocol=6 | dir=out | app=system | "{DC6E53BF-8F7B-4796-9F49-96615BFF891C}" = rport=139 | protocol=6 | dir=out | app=system | "{EE5DE952-B372-481F-B638-CD647EC5DABC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F5F994B6-7128-4370-8C2B-682D7502D907}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | "{F9E9D563-88FF-4CDB-BD09-D4746475D93B}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{FBC9776A-7AD6-44B8-A7ED-D5D8174C7F06}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{FBF500AA-8028-4CED-9FB8-58B5A4AFB3E7}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00CE2F88-95ED-44D6-9D59-8EA899A83084}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | "{017B1362-0917-45D4-B084-27BAABE4BBED}" = protocol=58 | dir=in | app=system | "{01A07846-297C-44D3-8F55-3F4201BBEEBF}" = protocol=58 | dir=out | app=system | "{05500CBF-B904-42B8-85AF-0A552524F3C7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{0744C541-FFBC-4418-801E-F97FBAC44F53}" = protocol=58 | dir=out | app=system | "{0DF1A7B6-7909-4470-AA0E-3755C81EF9B4}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe | "{0DFA09F0-85C8-4EF1-B147-0304B43CE619}" = protocol=58 | dir=out | app=system | "{0E8962BF-E14F-4043-A2DF-F8B77740ABD5}" = protocol=58 | dir=out | app=system | "{0EAA04F4-E6F3-49DA-A23E-1897E34AADA1}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | "{123C8A83-FD8D-4B0E-A2C9-81DAD90DF927}" = protocol=58 | dir=out | app=system | "{1448E542-2598-42D9-857E-169B16D2AF3B}" = protocol=58 | dir=out | app=system | "{1655D42A-96E9-4B6E-B20F-C48DCBD082E8}" = protocol=58 | dir=out | app=system | "{18D72615-2468-407C-A239-20E5504DBB5B}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | "{1B85584C-D825-44E0-A333-D990342E2BB5}" = protocol=6 | dir=in | app=l:\pelit\dragon.age.origins.skidrow\dragon age\bin_ship\daorigins.exe | "{1DABE361-1FDD-43E5-A07C-19327AF41E72}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-engb-downloader.exe | "{1E088FBA-2B6B-4BBD-8016-18F8C6486919}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{21C4CCE7-E46F-400F-84E2-757A4E70E730}" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo 2\halo2.exe | "{24F2280A-E659-4DA0-8BD9-64ABB544C2D8}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe | "{2623E9DD-8C3B-4BBD-A2A2-DB8FDEA94BB4}" = protocol=58 | dir=out | app=system | "{2673125C-18A8-4C67-BA85-32D19C441802}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{27880924-F1BE-4CA5-87EC-FBD03E3688B9}" = protocol=58 | dir=out | app=system | "{29F20CC6-6A23-4F89-8F0A-EFF14400E02C}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{2ADD149C-4621-4709-A248-045DF6CE1654}" = protocol=58 | dir=out | app=system | "{2B4401CA-9C85-4DAC-907B-0EC501AF7257}" = protocol=58 | dir=out | app=system | "{2BEC0E5D-6768-462F-824D-43255ADD7830}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{2C223C7E-EDD0-47DC-8FF4-69828DB86B9A}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | "{2CF7136E-4978-4066-996E-543B737FE9AC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{30E8D8EA-795C-4D02-9F73-0C9B042C7C5A}" = protocol=58 | dir=out | app=system | "{33047975-EF56-457F-9CBA-C92EDE725E54}" = protocol=17 | dir=in | app=l:\pelit\dragon.age.origins.skidrow\dragon age\bin_ship\daupdatersvc.service.exe | "{338D0A33-0CAD-4346-B3D6-47522D42ABE3}" = protocol=17 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xi\rpcsandrasrv.exe | "{3589D238-362D-4925-8D0F-E7BE41E77F10}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{35AFFC7B-5AB1-42F3-A036-DE186E7CF6DB}" = protocol=58 | dir=out | app=system | "{37478F59-B4F3-48C6-B139-106C06DAB9C8}" = protocol=58 | dir=out | app=system | "{37F4CD45-845B-4A3C-B0B3-8EB9BC67E060}" = protocol=58 | dir=out | app=system | "{38F4DBCC-2D78-494C-B20C-3E799AF9982B}" = protocol=58 | dir=out | app=system | "{38FDEACD-DA2C-4FF2-B8BD-DC23B2A885ED}" = protocol=58 | dir=out | app=system | "{3F38E9AB-B870-4F58-A441-6E7037682898}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{3F4DE8F8-42C9-407D-B38D-10BFD1DD9742}" = protocol=58 | dir=out | app=system | "{3F5F66E6-5BF4-499E-9A3C-19F21E366CBD}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | "{3FF2B222-3A08-40BA-914B-F4014918948B}" = protocol=58 | dir=out | app=system | "{3FFAF0B3-29D4-429B-B560-37FBBD859D25}" = protocol=58 | dir=out | app=system | "{42557416-80BD-4983-A6F1-2C0830C5E48F}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{43B17375-BE83-488F-8043-1C1FF671CE9D}" = protocol=17 | dir=in | app=l:\pelit\mass.effect.proper-reloaded\mass effect\binaries\masseffect.exe | "{4446BE39-CC37-4320-B3AF-BA0BBB993D3F}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe | "{44EF429A-3B07-49D6-827E-6A35B33DDE75}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{45D9240B-19EF-4B67-9EE1-3A76D710F153}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | "{4831BDF9-6C2D-497A-BF94-BC24B9542018}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe | "{48408F1F-4AFF-4B6E-B974-8EBAEABAC872}" = protocol=58 | dir=out | app=system | "{4A9CB34A-D2AC-4A24-AF6F-ADCE7DC5059E}" = protocol=58 | dir=out | app=system | "{4D4C94B7-F35A-44E9-BEBF-E7AE988C467E}" = protocol=58 | dir=out | app=system | "{4E1993D8-029F-47E3-8095-6968FFA412A5}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | "{5B44C2F7-45CA-4DCF-885E-6DD95F4B987B}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe | "{5BD1D6FF-7D5B-466F-843A-DBE21FC88513}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{5BEF7054-2F14-45BF-9B5A-6F0E736903BD}" = protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xi\rpcsandrasrv.exe | "{5D3763A0-E0CE-408B-9A2A-B0CA38C7AA72}" = protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xi\rpcsandrasrv.exe | "{5E535FAB-BDD8-43E1-BE96-36CA7BCECDF5}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | "{6109B143-51F7-4D1B-B34C-075F72F80775}" = protocol=6 | dir=in | app=l:\pelit\dragon.age.origins.skidrow\dragon age\bin_ship\daupdatersvc.service.exe | "{630D129E-C715-41B7-B835-8AA56602873B}" = protocol=58 | dir=out | app=system | "{634BAC4D-8B00-49D3-810D-394E6F56A437}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe | "{64FF6645-510D-4216-81AF-793012A59FDC}" = protocol=58 | dir=out | app=system | "{691851D9-58D8-486D-9389-247575E6A4DD}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | "{6A8A9736-2132-43C9-9A23-4ECB3C79527D}" = protocol=17 | dir=in | app=c:\program files\winrar\winrar.exe | "{6B9E6E1D-D287-4AC9-8030-0F4952B18AE9}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | "{6C69C606-2248-46D6-803B-C4F488648247}" = protocol=6 | dir=in | app=l:\pelit\sf4\streetfighteriv.exe | "{6E09671A-0895-418F-9895-499777C0BCB4}" = protocol=6 | dir=in | app=l:\pelit\mass.effect.proper-reloaded\mass effect\binaries\masseffect.exe | "{6E8669DC-7F3A-4597-B602-7B2C2EF31CD0}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{709D77AC-B30C-4789-A73C-EE1303461315}" = protocol=6 | dir=in | app=c:\program files\winrar\winrar.exe | "{7146FE57-5437-4FA5-AD91-3A6BA2F3CF65}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe | "{73A70C82-0B52-4BC3-99E2-D3964941CA13}" = protocol=6 | dir=in | app=l:\pelit\mass.effect.proper-reloaded\mass effect\masseffectlauncher.exe | "{74F0D062-B4EB-4B99-B4DC-5F0E72710034}" = protocol=58 | dir=out | app=system | "{78F6CB9A-B6B8-4920-BBDD-F5E2824EE868}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{79541E9A-FE84-4BEF-84F2-219F4B7ED8D5}" = protocol=17 | dir=in | app=l:\pelit\dragon.age.origins.skidrow\dragon age\bin_ship\daorigins.exe | "{7981D937-0ECA-4DBE-9152-3876688EE052}" = protocol=58 | dir=out | app=system | "{7C65C834-AD2B-43CD-96DF-C19199BBB0BE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{7C85657D-A9C6-4E29-85F8-4674CE88A34F}" = protocol=58 | dir=out | app=system | "{7E27ABEB-B022-4DAC-8F7A-45DC79B8FA3A}" = protocol=6 | dir=in | app=c:\pacsteamt\steamapps\common\the maw\themaw.exe | "{850AC5C0-0FA4-43A8-AD39-325770394829}" = protocol=58 | dir=out | app=system | "{8510EABA-1CAE-4467-AF90-2CEDD1794402}" = protocol=58 | dir=out | app=system | "{85A6BEB0-D147-45D7-870A-FE4D61266D0E}" = protocol=58 | dir=out | app=system | "{868F27DD-2718-40A9-83C0-214011B75CEC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{86A76036-972E-45A4-BEE1-8A63DB09B0F0}" = protocol=58 | dir=out | app=system | "{876DC686-5426-4D24-BF37-34455E6A41A8}" = protocol=58 | dir=out | app=system | "{8B378CE3-A66E-4EBE-8F9F-31C44CB4E3DD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{902CD131-355D-4729-8CB7-06C8603713D9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{9210570F-9BB3-4659-9E9F-1E4CF6A832D2}" = protocol=58 | dir=out | app=system | "{9248E0BE-24B7-48E5-B9A3-4F7EE61D942D}" = protocol=6 | dir=in | app=l:\pelit\dragon.age.origins.skidrow\dragon age\daoriginslauncher.exe | "{92E3A29A-DD1A-4856-AC6B-4B03F808094F}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | "{92F9DC0F-E859-4F0E-ACBD-10C1AF86E456}" = protocol=58 | dir=out | app=system | "{93A00167-E804-4BAC-95CD-1A978881396F}" = protocol=58 | dir=out | app=system | "{95B8176C-B94A-4A91-BADE-4DAF4406F482}" = protocol=58 | dir=out | app=system | "{96A5A501-4100-4B03-8F72-7FF90C407326}" = protocol=58 | dir=out | app=system | "{98B361FF-00CB-4BE2-9C8D-C05C3AB0A6CF}" = protocol=58 | dir=out | app=system | "{98FA4001-8400-4AC7-B283-D59F4C7CF3FC}" = protocol=58 | dir=out | app=system | "{9C21DD3B-C7E3-4BE4-9993-E542D3D92C0D}" = protocol=58 | dir=out | app=system | "{9D4CB69A-E93A-4EEA-BE82-D3F418DB5692}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe | "{9DF59569-AA4B-4AA8-948B-4C0D28C608F3}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe | "{A2602734-8DA3-4D66-9AC1-0A7C3FB1C514}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{A38A6F50-BCA9-4D57-8850-E8388ED4BFF7}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{A4BE27C0-3937-472B-ACA5-4A732C55FCAC}" = protocol=17 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xi\rpcsandrasrv.exe | "{A5EC6395-07A5-4AF0-A376-1E31A867D8CC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{A675DF1B-30BF-4AFA-B8E8-00FD966FB079}" = protocol=58 | dir=out | app=system | "{A8CBC86E-655A-41DD-87B2-4CB1F26BED55}" = protocol=58 | dir=out | app=system | "{A8FF79A7-E6C0-49D7-BCD5-C0830F2DB02C}" = protocol=58 | dir=out | app=system | "{A9C653F7-E034-4D92-BCFC-5641F5D8183F}" = protocol=17 | dir=in | app=l:\pelit\mass.effect.proper-reloaded\mass effect\masseffectlauncher.exe | "{AA11D827-5F86-43FB-B990-DD67EB507BD8}" = protocol=58 | dir=out | app=system | "{AD97E4AD-F44C-4DBA-A198-923EEA9CF53A}" = protocol=58 | dir=out | app=system | "{AF3C73B9-31A0-4E3F-8903-7812339CA26B}" = protocol=58 | dir=out | app=system | "{B0A57AFD-BAAA-4C62-B761-CC0BC6C5C518}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | "{B0B11071-5083-4304-A60D-D841E14E228A}" = protocol=58 | dir=out | app=system | "{B2B94B30-0E8C-4872-AE4B-7D62BCAA4837}" = protocol=17 | dir=in | app=l:\pelit\sf4\streetfighteriv.exe | "{B3463B2F-4B6B-43B6-A909-324485B81F59}" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo 2\halo2.exe | "{B3BCE403-748B-4EA8-AA88-DC5BC74FA465}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{B3C01C70-8A58-4C30-804F-8E2F62AC407C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B414AA76-4A08-44F5-8178-B4655A824250}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B60447F3-E7AF-415E-BCA6-02C2732CB3BA}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-engb-downloader.exe | "{B6956DB4-5714-4D07-91E8-D1893C20FA5E}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | "{B6BB78AC-11F9-40E3-8321-62C5EE6EF285}" = protocol=58 | dir=out | app=system | "{BA2257E0-FB75-46C3-9D13-D6E67337DBA9}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | "{BAA69210-E71F-4641-82DD-066487B439DE}" = protocol=58 | dir=out | app=system | "{BCAF79F2-7906-4D24-8D22-4DF7724CA583}" = protocol=58 | dir=out | app=system | "{C0850EAA-875C-4F90-A430-D26DE1706545}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{C3C7511C-FA79-4283-AED1-5103DBB731D0}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | "{C4D901B9-8B0E-4212-894E-72705A2CB402}" = protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xi\win32\rpcdatasrv.exe | "{C579EA86-9720-4966-9780-21C4C98BD21D}" = protocol=58 | dir=out | app=system | "{C73E1F06-1E2B-4471-82EB-DE4A76E61210}" = protocol=6 | dir=in | app=l:\pelit\runes of magic\runes of magic\runes of magic.exe | "{C76E6E14-F9C6-4D79-B0E2-AE0A46B9026C}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | "{C82F165E-61B2-43EE-8E08-3D2493305F9A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{CA672152-1304-4C2F-B303-DDE0EF8DE791}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{CC156226-DB85-406D-A323-5DC684F3C6F0}" = protocol=58 | dir=out | app=system | "{CDA2ABC3-7FC1-466C-A702-8D9EC7876B04}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | "{D4ED7DFF-0E0D-43DE-87CB-E924B61D1EFC}" = protocol=58 | dir=out | app=system | "{D5F2A47F-C450-4ABA-B169-2BD18059596A}" = protocol=58 | dir=out | app=system | "{D804775E-3698-418D-AB8B-C93845C49AEA}" = protocol=6 | dir=out | app=system | "{D815B66C-D9AF-4B41-ADCA-99690F9FED1D}" = protocol=58 | dir=out | app=system | "{DAB747E5-6226-4253-98CD-B3A397B9F804}" = protocol=58 | dir=out | app=system | "{DD7E9DAA-44BE-4706-89FE-F0C6357D9DCC}" = protocol=58 | dir=out | app=system | "{DDE60BDE-CA21-4CAD-B0F2-63ADBE3EF954}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{DECFCB7F-BE9D-48F3-A878-005AB9AE0DF6}" = protocol=58 | dir=out | app=system | "{DF2F0679-4822-4A8A-A7C4-31F1B274E6DA}" = protocol=58 | dir=out | app=system | "{E1303A7D-744D-42ED-8271-52F0706145DF}" = protocol=58 | dir=in | app=system | "{E1F90884-92F1-49E9-B75D-441C130F3848}" = protocol=58 | dir=out | app=system | "{E3E754EE-0312-4243-8710-A475335DCBC1}" = protocol=17 | dir=in | app=l:\pelit\runes of magic\runes of magic\runes of magic.exe | "{E601484A-E9AE-4034-9203-E760901F2CFE}" = protocol=58 | dir=out | app=system | "{E640992F-CF97-4DC8-B803-21D52E3B5471}" = protocol=17 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xi\win32\rpcdatasrv.exe | "{E64F06BC-DD4F-4242-BF4B-E0BBA07A4F39}" = protocol=58 | dir=out | app=system | "{EB9E44BF-0E64-47A3-88DC-ABD3B0EFB73B}" = protocol=58 | dir=out | app=system | "{EC60D96A-5AB1-4555-A21A-826014D0460C}" = protocol=58 | dir=out | app=system | "{EE68EFD5-2B67-4692-A87A-F4CA034207A8}" = protocol=58 | dir=out | app=system | "{F418AFB5-E159-4064-B43C-43BFC57AEA67}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F5DE4666-D14F-433E-BEFD-BE3837E33768}" = protocol=58 | dir=out | app=system | "{F7D4D6B3-E866-4FEE-8A16-AFFFD94AD296}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | "{F9BE7730-B895-4E6F-B62E-E07984183920}" = protocol=17 | dir=in | app=c:\pacsteamt\steamapps\common\the maw\themaw.exe | "{FA387241-EEAB-4011-A5A2-F0735E1F1073}" = protocol=58 | dir=out | app=system | "{FA492D3F-5447-47FB-99BE-5442A7881656}" = protocol=58 | dir=out | app=system | "{FB45F532-485B-493D-8EF4-8E3E15BACB9A}" = protocol=58 | dir=out | app=system | "{FC085355-379D-4CD7-B638-E49880DD6784}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe | "{FE17A99C-C2A9-4BA3-B2D5-A53FF592A263}" = protocol=17 | dir=in | app=l:\pelit\dragon.age.origins.skidrow\dragon age\daoriginslauncher.exe | "{FF9256B1-615B-468D-925D-3C9689F7E32F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "TCP Query User{05C928C5-B0BF-4D93-B365-FAD2ED9760D2}C:\ac web ultimate repack\ascent\ascent-logonserver.exe" = protocol=6 | dir=in | app=c:\ac web ultimate repack\ascent\ascent-logonserver.exe | "TCP Query User{0B991896-8F01-46D7-A935-58F9C3169CDC}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{14141918-4C90-4ED8-B36A-BC7A217239F9}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | "TCP Query User{158AE979-D6FF-44D3-96D0-F01F9B2038DE}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-engb-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-engb-downloader.exe | "TCP Query User{20CE8F0B-3314-4B0B-A27E-3E93B8B859F6}C:\program files\steam\steamapps\ko5\dedicated server\hlds.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\ko5\dedicated server\hlds.exe | "TCP Query User{280FC0BB-A317-4C82-B021-8C0AA116D4D8}L:\pelit\warhammer_40000_dawn_of_war_ii_chaos_rising-razor1911\warhammer 40000 dawn of war ii - chaos rising\dow2.exe" = protocol=6 | dir=in | app=l:\pelit\warhammer_40000_dawn_of_war_ii_chaos_rising-razor1911\warhammer 40000 dawn of war ii - chaos rising\dow2.exe | "TCP Query User{2D5C4C8A-660D-43B2-AC53-ACBB4BF88A4F}C:\program files\half-life 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\half-life 2\hl2.exe | "TCP Query User{437EAAF4-1BB7-4944-B63B-735E6CBE3E12}L:\pelit\borderlands_proper-razor1911\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=l:\pelit\borderlands_proper-razor1911\gearbox software\borderlands\binaries\borderlands.exe | "TCP Query User{45F072CE-4F5A-40D9-8673-628A42D7A474}L:\pelit\borderlands_proper-razor1911\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=l:\pelit\borderlands_proper-razor1911\gearbox software\borderlands\binaries\borderlands.exe | "TCP Query User{4F85439A-2848-4E74-A1C5-166D23F04C91}C:\ac web ultimate repack\ascent\ascent-world.exe" = protocol=6 | dir=in | app=c:\ac web ultimate repack\ascent\ascent-world.exe | "TCP Query User{501ACEDD-8086-4E2A-A888-1A42416DC015}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe | "TCP Query User{51F90535-8CAC-450F-A05C-AB6600263EDD}E:\pelit\pokémon blue, red, yellow, silver, gold, crystal, sapphire, ruby, leaf green, fire red + gba-emulator\visualboyadvance.exe" = protocol=6 | dir=in | app=e:\pelit\pokémon blue, red, yellow, silver, gold, crystal, sapphire, ruby, leaf green, fire red + gba-emulator\visualboyadvance.exe | "TCP Query User{61D815D6-6C7E-4B4F-BDD3-4E362CFCD946}C:\program files\g-steam\steamapps\ko5\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\g-steam\steamapps\ko5\day of defeat source\hl2.exe | "TCP Query User{82EE99A4-7F21-472B-8797-97556626B85D}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "TCP Query User{881656B0-5E8B-4D15-A318-18CF0A31942B}C:\program files\steam\steamapps\ko5\condition zero\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\ko5\condition zero\hl.exe | "TCP Query User{8A5B6222-3502-4D20-8B9A-B60FFADB3536}C:\program files\microsoft games\halo\halo.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo\halo.exe | "TCP Query User{91CF8B00-C8B5-4D77-926A-CCA436F593AC}L:\pelit\left for dead\left4dead.exe" = protocol=6 | dir=in | app=l:\pelit\left for dead\left4dead.exe | "TCP Query User{9659D985-ED6C-4854-9904-94E768187580}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-engb-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-engb-downloader.exe | "TCP Query User{98F3C2C9-4D8E-4A33-8440-C12C4886D75B}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-engb-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-engb-downloader.exe | "TCP Query User{9DA6BB5E-352D-4E1B-85A1-123263C5631C}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | "TCP Query User{A8A6DBA8-7018-4B4D-9658-58CE0E4A239A}C:\program files\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | "TCP Query User{B228E0AA-BB8A-4E6D-84C5-4F72DBDDCCFA}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-engb-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-engb-downloader.exe | "TCP Query User{B8DFE24F-049B-4EFE-A6A2-A5F890F5924E}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-engb-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-engb-downloader.exe | "TCP Query User{BD50B5FB-AC70-4164-87F9-1E2D778D934D}C:\users\omistaja\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\omistaja\program files\utorrent\utorrent.exe | "TCP Query User{BD890C11-1656-4779-A1B9-AD2B891B55DB}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-engb-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-engb-downloader.exe | "TCP Query User{BEAF68F5-4493-4966-A931-12E3FF359AC4}L:\pelit\pc_gears.of.war -eng+full -.direct.play.-toed\g.o.w (toed) ...use 7zip only (extract to...)\gears of war\binaries\wargame-g4wlive.exe" = protocol=6 | dir=in | app=l:\pelit\pc_gears.of.war -eng+full -.direct.play.-toed\g.o.w (toed) ...use 7zip only (extract to...)\gears of war\binaries\wargame-g4wlive.exe | "TCP Query User{C6DF8CA5-4BD6-413D-BA2C-8DAAF3E40B4D}C:\program files\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe | "TCP Query User{CEDDE022-9472-4D52-B226-774AA5BA4D7F}C:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-engb-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-engb-downloader.exe | "TCP Query User{D277EFE3-B7E8-438E-901D-F2ACBA6AD9DF}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "TCP Query User{D7BFDC81-2EBF-466C-870C-77EBCCFD4961}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{DD9697CF-7E94-4227-856E-A74B172E4A3C}C:\program files\steam\steamapps\ko5\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\ko5\counter-strike\hl.exe | "TCP Query User{E0F375C0-8BD4-4069-B367-E7F387A1B489}C:\ac web ultimate repack\server\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\ac web ultimate repack\server\apache\bin\apache.exe | "TCP Query User{EC3CDA31-6B52-471E-A299-F2C042987659}C:\program files\steam\steamapps\ko5\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\ko5\counter-strike\hl.exe | "TCP Query User{F23A4167-4769-4945-AB7B-1357ABAC8CFE}C:\ac web ultimate repack\server\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\ac web ultimate repack\server\mysql\bin\mysqld.exe | "UDP Query User{084891A9-4DC9-4D4B-A306-E26CBB5AF99C}C:\program files\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | "UDP Query User{0B878626-0609-40AA-BD6B-C7AB4E2776CB}C:\ac web ultimate repack\ascent\ascent-world.exe" = protocol=17 | dir=in | app=c:\ac web ultimate repack\ascent\ascent-world.exe | "UDP Query User{0E571C5F-F13C-455D-A2C4-FF0BB4407581}L:\pelit\borderlands_proper-razor1911\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=l:\pelit\borderlands_proper-razor1911\gearbox software\borderlands\binaries\borderlands.exe | "UDP Query User{12CC3AD0-5BBC-414E-80EE-8AA21A5DFCCB}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-engb-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-engb-downloader.exe | "UDP Query User{1570DFB5-B973-4897-A4A3-BCA34A370245}C:\users\omistaja\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\omistaja\program files\utorrent\utorrent.exe | "UDP Query User{17D97240-CC98-4431-8811-0A1386C60E1B}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe | "UDP Query User{197DF5AB-0546-44B2-A714-849A1FE43277}C:\program files\steam\steamapps\ko5\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\ko5\counter-strike\hl.exe | "UDP Query User{1B73349B-CB44-4601-9E84-A36975FFA173}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-engb-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-engb-downloader.exe | "UDP Query User{1C3B4B8C-D57A-48F8-B321-E04E457B0E8A}C:\program files\g-steam\steamapps\ko5\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\g-steam\steamapps\ko5\day of defeat source\hl2.exe | "UDP Query User{27E4B6AF-CE67-4C48-B2B2-FC8464475A53}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | "UDP Query User{29E64F82-EF6E-477F-A90E-5D678D556CCC}L:\pelit\pc_gears.of.war -eng+full -.direct.play.-toed\g.o.w (toed) ...use 7zip only (extract to...)\gears of war\binaries\wargame-g4wlive.exe" = protocol=17 | dir=in | app=l:\pelit\pc_gears.of.war -eng+full -.direct.play.-toed\g.o.w (toed) ...use 7zip only (extract to...)\gears of war\binaries\wargame-g4wlive.exe | "UDP Query User{2BB2B9EC-BEBC-4FF8-AB64-5C4FBC8CE989}L:\pelit\borderlands_proper-razor1911\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=l:\pelit\borderlands_proper-razor1911\gearbox software\borderlands\binaries\borderlands.exe | "UDP Query User{32957933-7FC3-49F7-94D2-80EE0838D1CB}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{36E7030B-DB71-4FD4-A196-1DEF85272FF0}C:\program files\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe | "UDP Query User{41FBF351-0352-4EA1-A417-8F690DD97F71}E:\pelit\pokémon blue, red, yellow, silver, gold, crystal, sapphire, ruby, leaf green, fire red + gba-emulator\visualboyadvance.exe" = protocol=17 | dir=in | app=e:\pelit\pokémon blue, red, yellow, silver, gold, crystal, sapphire, ruby, leaf green, fire red + gba-emulator\visualboyadvance.exe | "UDP Query User{4B27D7C6-4760-4F47-84F5-D011A74DBE88}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "UDP Query User{4EE589CA-A314-43D9-BD04-D1F4216C4C1F}C:\program files\steam\steamapps\ko5\dedicated server\hlds.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\ko5\dedicated server\hlds.exe | "UDP Query User{5BE83827-3824-4B9C-BFFA-EA5128F06285}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{6AAADAC6-B4D6-418F-8420-E39B69ACCC05}C:\program files\microsoft games\halo\halo.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo\halo.exe | "UDP Query User{784AF673-2425-41AD-A2BB-BE78699254D7}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-engb-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-engb-downloader.exe | "UDP Query User{7CE9EC29-6CCD-418A-94ED-398E92F6E892}C:\ac web ultimate repack\server\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\ac web ultimate repack\server\mysql\bin\mysqld.exe | "UDP Query User{7DDF2E26-69F0-4C4F-8D3D-ADDEB96A7A49}C:\program files\steam\steamapps\ko5\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\ko5\counter-strike\hl.exe | "UDP Query User{842D4A56-9E8C-4D76-80C3-13B634300938}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-engb-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-engb-downloader.exe | "UDP Query User{856A8116-896C-44C2-BE63-CF083362DAD9}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-engb-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-engb-downloader.exe | "UDP Query User{86354F00-61E8-4460-A7B2-2B7372D38029}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-engb-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-engb-downloader.exe | "UDP Query User{92B436CF-E418-40A1-936B-D6CDBC26E6BF}L:\pelit\left for dead\left4dead.exe" = protocol=17 | dir=in | app=l:\pelit\left for dead\left4dead.exe | "UDP Query User{AA0116F8-F854-4DF0-9A3E-B2E78C1E2E7A}C:\program files\steam\steamapps\ko5\condition zero\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\ko5\condition zero\hl.exe | "UDP Query User{B995F575-11FD-4D3F-8B57-785ECBE4BC60}C:\program files\half-life 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\half-life 2\hl2.exe | "UDP Query User{C1C9CF64-3C55-4E48-B8E6-35BDA8D9D337}C:\ac web ultimate repack\server\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\ac web ultimate repack\server\apache\bin\apache.exe | "UDP Query User{C6946310-7364-4B03-A6A2-C6FDB456AB13}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "UDP Query User{E70421D9-5742-4B39-A4A7-BD5711E78317}L:\pelit\warhammer_40000_dawn_of_war_ii_chaos_rising-razor1911\warhammer 40000 dawn of war ii - chaos rising\dow2.exe" = protocol=17 | dir=in | app=l:\pelit\warhammer_40000_dawn_of_war_ii_chaos_rising-razor1911\warhammer 40000 dawn of war ii - chaos rising\dow2.exe | "UDP Query User{ED66047E-44B9-4B53-BCE1-DA39F7DA3BE5}C:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-engb-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-engb-downloader.exe | "UDP Query User{F8E9C23D-2DF2-47B1-BB58-9FC4371F5C4E}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | "UDP Query User{FEEFB076-882F-408B-B6E8-D171702875F3}C:\ac web ultimate repack\ascent\ascent-logonserver.exe" = protocol=17 | dir=in | app=c:\ac web ultimate repack\ascent\ascent-logonserver.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{07172FAA-0AE6-4B24-9416-48EC08DB1846}" = OppilasSähkö-JCAD "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar "{0876216B-8135-D74E-4B4F-8F4BCD4E7DE7}" = Catalyst Control Center HydraVision Full "{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club "{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM) "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti "{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}" = Halo 2 for Windows Vista "{0CFD3460-3E43-4A7B-BCE2-D955F73CFE24}" = Windows Live Family Safety "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6 "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5 "{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM) "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima "{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect "{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10 "{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10 "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{259A8A5E-2886-4BED-9EF1-D5485282CCC3}" = Overlord "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 23 "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 "{2B3EA5DA-D040-48FB-813F-1CF8C0123698}" = Windows Live Remote Client Resources "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM) "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{3341697B-3E28-4C96-4F98-F269E21EB7E5}" = Skins "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM) "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10 "{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion "{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger "{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh "{3E88B541-9079-2F30-AB1A-D89705305760}" = ccc-core-static "{3FAB3594-0C12-2DB3-57E4-4AD2A13215CF}" = Catalyst Control Center Graphics Full Existing "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}" = Windows Live Meshin etäyhteyksien ActiveX-komponentti "{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011 "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM) "{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM) "{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8 "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM) "{60980D5C-0C56-7E59-746C-AA6CC50997E7}" = Catalyst Control Center Graphics Previews Common "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic "{6495D83E-3A5B-4674-A17F-3A6DDCDC0F89}" = Microsoft Works "{64B20B36-AEE7-4DD4-897C-C5DA5C218F60}" = Logitech Gaming Software 5.02 "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform "{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM) "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6C59EAF3-B76B-52B8-B517-E0E645B08DE5}" = Catalyst Control Center Graphics Light "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10 "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{73284F36-E17E-44B0-85E2-F0336A6E749F}" = PC Connectivity Solution "{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources "{73AADE19-6EA9-341D-A68A-16BF182D678A}" = ATI AVIVO Codecs "{74C5EA04-AF1E-45B2-949B-4841EE949C40}" = Nokia Connectivity Cable Driver "{7603E267-9523-C5E5-8C14-B657B98EDF03}" = Catalyst Control Center Graphics Previews Vista "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM) "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10 "{7EF15AAF-42AC-4CF6-B4B4-C4F0D1D92122}" = Far Cry (Patch 1.4) "{81E04A8B-C804-4886-FA79-0AD2BE946A06}" = Catalyst Control Center InstallProxy "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE "{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8C94D6F5-6F75-7921-E9EF-93D7486DBB0E}" = CCC Help English "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10 "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-007A-040B-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6 "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10 "{9B5C9072-939F-4249-A7E4-A197BA3A5746}" = Windows Live Sync "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM) "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™ "{A1740D36-64B5-E7FF-D8F9-C0B827E42B67}" = Catalyst Control Center Graphics Full New "{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic "{A609DCAD-A00D-1820-E0BD-2A05D843B8A7}" = Catalyst Control Center Core Implementation "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}" = Nokia PC Suite "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AB36AB42-2EC3-B02B-E9EC-294408E75819}" = ATI Catalyst Install Manager "{AC76BA86-7AD7-1035-7B44-A81300000003}" = Adobe Reader 8.1.5 - Suomi "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{AF91A56A-A775-4183-99C5-E9320263B612}" = Nokia Internet Modem "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{BFC2D769-8412-02A4-5B37-87880157C48B}" = ccc-utility "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3 "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM) "{C3113E55-7BCB-4de3-8EBF-60E6CE6B2096}_is1" = SiSoftware Sandra Lite XI (Win64/32/CE) "{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM) "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10 "{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters "{C411942C-C26B-4450-8B9A-173DCC22AEC6}" = Windows Live Remote Service Resources "{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}" = NCsoft Launcher "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005 "{D34D82E0-4600-407B-9478-8506C1DD1035}" = Nero 7 Essentials "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D657CCB5-9F2F-4D3C-B93D-F77EBEF79B66}" = Messenger-kumppani "{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer "{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM) "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10 "{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10 "{E369A040-E812-37B3-A5B9-311E5579FAC3}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fin "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink Wireless LAN "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10 "{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM) "{F4C68898-EBA5-46A9-82B3-2D30426086BF}" = AVG 2011 "{F4EE283A-4851-43D4-887C-1932D55DE740}" = Windows Live UX Platform Language Pack "{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM) "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10 "{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package "{FA3A247D-437A-455E-A88F-7EB6E5F9E799}" = Catalyst Control Center - Branding "{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10 "{FD54066C-59C6-475B-B8A0-A0D26969D8E2}" = Pinnacle PCTV MCE "0C5EDC3653FED5B121F464339EAC12534D253B25" = Windowsin ohjainpaketti - Nokia Modem (02/15/2007 3.1) "7-Zip" = 7-Zip 4.65 "9925DD2E3ADF2DA7C8A0212FB775F1D2FB6C56E8" = Windowsin ohjainpaketti - Nokia (WUDFRd) WPD (11/05/2007 6.85.35.3) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "Ajokorttikoulu" = Ajokorttikoulu "AVG" = AVG 2011 "B726756F5B5A5AA9D798B399386FC6205A45F19E" = Windowsin ohjainpaketti - Nokia Modem (02/15/2007 3.1) "BSPlayerp" = BS.Player PRO "CCleaner" = CCleaner (remove only) "CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Windowsin ohjainpaketti - Nokia Modem (05/24/2007 6.84.0.1) "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "ENTERPRISE" = Microsoft Office Enterprise 2007 "F1CB0AC2D40DDCFCA6933082B115073476C155DE" = Windowsin ohjainpaketti - Nokia Modem (08/03/2007 3.2) "Fallout 3 - The Pitt" = Fallout 3 - The Pitt "Fallout 3: Operation Anchorage™" = Fallout 3: Operation Anchorage™ "Fallout New Vegas_is1" = Fallout New Vegas "foobar2000" = foobar2000 v0.9.6.9 "GameSpy Arcade" = GameSpy Arcade "Gears of War_is1" = Gears of War "G-steam" = G-steam "Halo" = Microsoft Halo "Halo 2" = Halo 2 for Windows Vista "Heroes of Might and Magic V - Collectors Edition3.1" = Heroes of Might and Magic V - Collectors Edition "HijackThis" = HijackThis 2.0.2 "ImgBurn" = ImgBurn "InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters "LimeWire" = LimeWire 4.12.11 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.0.0.4b "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - fin" = Microsoft .NET Framework 3.5 SP1:n kielitukipaketti - FI "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "Nokia PC Suite" = Nokia PC Suite "OpenAL" = OpenAL "PacSteam" = PacSteam "PacSteamT" = PacSteamT "PC Wizard 2007_is1" = PC Wizard 2007.1.73 "PokerStars" = PokerStars "Postal 2" = Postal 2 "PowerISO" = PowerISO "PunkBusterSvc" = PunkBuster Services "RivaTuner" = RivaTuner v2.02 "SpeedFan" = SpeedFan (remove only) "SpywareBlaster_is1" = SpywareBlaster v3.5.1 "StarCraft II" = StarCraft II "SystemRequirementsLab" = System Requirements Lab "UltraStar Deluxe" = UltraStar Deluxe "UsbBoost" = UsbBoost "VentriloMIX" = VentriloMIX "WinLiveSuite" = Windows Liven asennustyökalu "WinRAR archiver" = WinRAR archiver "VLC media player" = VLC media player 1.0.5 "World of Warcraft" = World of Warcraft "Worms Reloaded_is1" = Worms Reloaded "X10Hardware" = X10 Hardware(TM) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Steam App 10" = Counter-Strike "Steam App 80" = Condition Zero "uTorrent" = µTorrent ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 14.2.2011 17:14:02 | Computer Name = Omistaja-PC | Source = Application Hang | ID = 1002 Description = Ohjelma explorer.exe, versio 6.0.6002.18005, lakkasi olemasta yhteydessä Windowsiin, joten se suljettiin. Voit katsoa mahdollisia lisätietoja ongelman historiatiedoista Ongelmien raportit ja ratkaisut -ohjauspaneelissa Prosessitunnus: 1484 Käynnistysaika: 01cbcc7e22603a9f Lopetusaika: 24 Error - 16.2.2011 0:26:59 | Computer Name = Omistaja-PC | Source = EventSystem | ID = 4621 Description = Error - 17.2.2011 12:08:09 | Computer Name = Omistaja-PC | Source = EventSystem | ID = 4609 Description = Error - 17.2.2011 16:34:47 | Computer Name = Omistaja-PC | Source = EventSystem | ID = 4609 Description = Error - 18.2.2011 13:02:03 | Computer Name = Omistaja-PC | Source = MsiInstaller | ID = 11905 Description = Error - 18.2.2011 13:09:50 | Computer Name = Omistaja-PC | Source = EventSystem | ID = 4609 Description = Error - 18.2.2011 13:36:05 | Computer Name = Omistaja-PC | Source = EventSystem | ID = 4609 Description = Error - 18.2.2011 13:48:28 | Computer Name = Omistaja-PC | Source = Microsoft-Windows-CAPI2 | ID = 131584 Description = [ Media Center Events ] Error - 24.12.2007 0:59:58 | Computer Name = Omistaja-PC | Source = ehSched | ID = 5 Description = CResourceMgr::GetEhepgdat Error GetEhepgdatDispatcher 0x80070005 Error - 17.4.2008 0:28:02 | Computer Name = Omistaja-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: paketin MCESpotlight lataaminen epäonnistui. [ System Events ] Error - 20.2.2011 13:27:04 | Computer Name = Omistaja-PC | Source = Service Control Manager | ID = 7000 Description = Error - 20.2.2011 13:28:12 | Computer Name = Omistaja-PC | Source = Service Control Manager | ID = 7026 Description = Error - 20.2.2011 13:28:58 | Computer Name = Omistaja-PC | Source = DCOM | ID = 10005 Description = Error - 20.2.2011 13:28:59 | Computer Name = Omistaja-PC | Source = Service Control Manager | ID = 7009 Description = Error - 20.2.2011 13:42:31 | Computer Name = Omistaja-PC | Source = Service Control Manager | ID = 7000 Description = Error - 20.2.2011 13:42:31 | Computer Name = Omistaja-PC | Source = Service Control Manager | ID = 7000 Description = Error - 20.2.2011 13:42:31 | Computer Name = Omistaja-PC | Source = Service Control Manager | ID = 7000 Description = Error - 20.2.2011 13:42:31 | Computer Name = Omistaja-PC | Source = Service Control Manager | ID = 7000 Description = Error - 20.2.2011 13:42:31 | Computer Name = Omistaja-PC | Source = Service Control Manager | ID = 7000 Description = Error - 20.2.2011 13:43:43 | Computer Name = Omistaja-PC | Source = Service Control Manager | ID = 7026 Description = < End of report >
. Hyvä sait jo normaalitilaan !!! Windows Defenderin realiaika sammutus. Alapalkista Start/Käynnistä => Kaikki ohjelmat => Windows Defender auki. Defender ikkunasta työkalut => Asetukset => ruxi pois kohdasta Käytä realiaikaista suojausta. Jätä ajastettu etsintä käyttöön. Muuta kellonaika siten, että kone on sulla normaalisti auki. ------------------------------------------------------ Käynnistä Malwarebytes Sieltä Karanteeni välileti ja tyhjennä roskat. ********************************************************** Mene Windowsin ControlPaneliin (Ohjauspaneli) ja sieltä Lisää / Poista sovellus Vistassa (7) Ohjelmat ja toiminnot Etsi ja poista ohjelma jonka nimessä on: LimeWire 4.12.11 HijackThis 2.0.2 ccleaneri ja utorrentti Java(TM) 6 Update 2 Java(TM) 6 Update 3 Java(TM) 6 Update 5 ---------------------------------------------------------------------- Kopioi alla olevasta laatikosta kaikki muistiin. Code: :OTL O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Norman ZANDA] File not found O4 - HKCU..\Run: [CollaborationHost] C:\Windows\System32\p2phost.exe (Microsoft Corporation) @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4 :Files C:\Delnvc5.exe C:\Program Files\Delnvc5.exe C:\Users\Omistaja\Desktop\Delnvc5.exe :Commands [purity] [EMPTYTEMP] [EMPTYFLASH] [Reboot] Käynnistä OTL.EXE ohjelma. Vista - 7:ssa tee se hiiren oikealla napilla ja Suorita Järjestelmän valvojana Liitä muistista texti OTL:n valkoiseen laatikkoon (Custom Scans/Fixes) Paina sitten Run Fix nappia Lopuksi se pyytää koneen ReStarttia => OK Logi aukeaa muistioon josta kopioit sen viestiisi. *************************************************************************** Ole hyvä ja lataa Combofix yhdestä alla olevista linkeistä: Linkki 3 * TÄRKEÄÄ !!! Tallenna ComboFix.exe työpöydällesi * Sulje/ota pois päältä kaikki virustorjunta- ja haittaohjelmien poisto-ohjelmat, jotta ne eivät häiritse ComboFixin ajoa. (ei palomuuria) Kun käynnistät Ehdotetun ohjelman = tee se hiiren oikealla napilla ja valitset Suorita Järjestelmänvalvojana - * Tuplaklikkaa Combofix.exe ja noudata ohjeita. * Osana skannausta Combofix tarkistaa onko palautuskonsoli asennettuna. Nykypäivän haittaohjelmien takia on erittäin suositeltua olla asennettuna palautuskonsoli ennen haittaohjelmien poistoa. Windowsin palautuskonsoli mahdollistaa käynnistyksen erityiseen palautustilaan. Palautuskonsolin kautta voimme auttaa sinua helpommin mikäli haittaohjelmien poiston yhteydessä ilmenee ongelmia. * Seuraa ohjeita ja salli Combofixin ladata ja asentaa Microsoftin palautuskonsoli, ja kun pyydetään, hyväksy ohjelman takuuehdot asentaaksesi palautuskonsolin. **Huomaa: Jos palautuskonsoli on jo asennettuna, Combofix jatkaa eteenpäin. Kun Microsoftin palautuskonsoli on asennettu, sinun pitäisi nähdä seuraava viesti: Klikkaa Kyllä jatkaaksesi skannausta. Varoitus: ÄLÄ aja ComboFixia ilman valvontaa. Se ei ole lelu ja sitä ei tule käyttää rutiininomaisesti päivittäin. Jos tarvitset apua, katso yksityiskohtaisempi ohje: http://www.bleepingcomputer.com/combofix/fi/combofixin-kayttoohje Kun ComboFix on valmis, se luo raportin. Ole hyvä ja kopioi/liitä seuraavat raportit vastaukseesi: C:\ComboFix.txt Uusi HijackThis-loki OTL logi Kerro tarkemmin siitä ikkunan jumittelusta ???
Kiitoksia taas Niin ja niistä siirto-ikkunoista niin mä voin ottaa vaikka kuvan siitä että mihin kohtaan ne jää jumiin. poistin ton u-torrentin ja latasin uudelleen niin sekin jumittaa samanlailla kuin viimeksi, vain silloin kun haluaa poistaa torrentin ja tiedoston sieltä valikosta niin se vaan jää jumiin eikä anna poistaa mitään. ccleanerissakin sama homma se jää aina 4% tarkastuksessa. ja HJT:tä en voi vieläkään ajaa normi-tilassa. Pistän tästä nyt näitä lokeja: Combofix-loki: ComboFix 11-02-20.03 - Omistaja 23.02.2011 10:17:19.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.358.1035.18.2046.1031 [GMT 2:00] Sijainti: c:\users\Omistaja\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((((( Muut poistot )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Omistaja\AppData\Roaming\inst.exe c:\windows\system32\C . ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2011-01-23 to 2011-02-23 ))))))))))))))))) . 2011-02-23 08:27 . 2011-02-23 08:27 -------- d-----w- c:\users\Sandra\AppData\Local\temp 2011-02-23 08:27 . 2011-02-23 08:27 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-02-21 21:59 . 2011-02-23 08:12 -------- d-----w- c:\users\Omistaja\AppData\Roaming\uTorrent 2011-02-21 18:00 . 2011-02-21 18:00 -------- d-----w- C:\_OTL 2011-02-17 20:25 . 2011-02-17 20:25 -------- d-----w- c:\users\Omistaja\AppData\Roaming\Malwarebytes 2011-02-17 20:25 . 2011-02-17 20:25 -------- d-----w- c:\programdata\Malwarebytes 2011-02-17 20:25 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-02-17 20:25 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-02-17 20:25 . 2011-02-21 18:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-02-17 16:00 . 2011-02-17 16:00 388096 ----a-r- c:\users\Omistaja\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-28 15:55 . 2011-01-12 15:16 413696 ----a-w- c:\windows\system32\odbc32.dll 2010-12-26 13:26 . 2010-12-26 13:26 7936 ----a-w- c:\windows\system32\drivers\FNETURPX.SYS 2010-12-26 13:26 . 2010-12-26 13:26 23680 ----a-w- c:\windows\system32\drivers\FNETTBOH.SYS 2010-12-14 14:49 . 2011-01-12 15:16 1169408 ----a-w- c:\windows\system32\sdclt.exe . (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "PMCRemote"="c:\program files\Pinnacle\Shared Files\\Programs\Remote\Remoterm.exe" [2007-09-18 257096] "PMCLoader"="c:\program files\Pinnacle\TVCenter Pro\PMCLoader.exe" [2007-09-27 109640] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "Nokia Internet Modem"="c:\program files\Nokia\Nokia Internet Modem\WellPhone2.exe" [2009-12-17 1962648] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-02-21 396152] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360] "NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-05 90191] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-05 7766016] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-05 81920] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440] "RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.02\RivaTuner.exe" [2007-07-01 2596864] "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584] "UsbBoost"="c:\program files\UsbBoost\TurboHddUsb.exe" [2010-12-26 3788800] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2009-5-9 1560576] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer1"=wdmaud.drv [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] 2008-09-26 09:02 2356088 ----a-r- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe R0 NVStrap;NVStrap; [x] R1 NGS;Norman General Security Driver;c:\program files\norman\ngs\bin\ngs.sys [x] R1 NPROSEC;Norman Security driver;c:\program files\Norman\Ngs\Bin\nprosec.sys [x] R2 Ndiskio;Ndiskio;c:\program files\Norman\Nse\bin\NDISKIO.SYS [x] R2 NPROSECSVC;Norman Security service;c:\program files\Norman\Ngs\Bin\Nprosec.exe [x] R3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\system32\DRIVERS\3xHybrid.sys [2006-11-22 1121536] R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;l:\pelit\Dragon.Age.Origins.SKIDROW\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832] R3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [2010-12-26 23680] R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2008-02-26 493568] R3 nokiacpo;Nokia Internet Stick Wireless Modem Service Install;c:\windows\system32\DRIVERS\nokiacpo.sys [2009-08-05 19968] R3 nokiappo;Nokia Internet Stick Wireless Modem Power Policy Service;c:\windows\system32\DRIVERS\nokiappo.sys [2009-08-05 27648] R3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\nse\bin\NSESVC.EXE [x] R3 nvcfsr;nvcfsr;c:\program files\Norman\Nvc\bin\nvcfsr.sys [x] R3 nvcoafl4;nvcoafl4;c:\program files\Norman\Nvc\bin\nvcoafl4.sys [x] R3 nvcoaft4;nvcoaft4;c:\program files\Norman\Nvc\bin\nvcoaft4.sys [x] R3 nvcoarc4;nvcoarc4;c:\program files\Norman\Nvc\bin\nvcoarc4.sys [x] R3 Scheduler;Norman Scheduler Service;c:\program files\Norman\Npm\Bin\scheduler.exe [x] R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R3 XDva031;XDva031;c:\windows\system32\XDva031.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-10-30 691696] S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2010-12-26 7936] S2 NAUpdate;Nero-päivitys;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280] S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136] S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . 'Ajoitetut tehtävät'-kansion sisältö 2011-02-23 c:\windows\Tasks\User_Feed_Synchronization-{2C66A7F2-7C25-427A-88FE-4941E80DA044}.job - c:\windows\system32\msfeedssync.exe [2011-02-09 04:47] . . ------- Täydentävä tarkistus ------- . uStart Page = hxxp://www.google.fi/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Omistaja\AppData\Roaming\Mozilla\Firefox\Profiles\jaso77km.default\ FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Skype extension for Firefox: {B13721C7-F507-4982-B2E5-502A71474FED} - c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} FF - Ext: Oskar: {5b175400-2368-11de-8c30-0800200c9a66} - %profile%\extensions\{5b175400-2368-11de-8c30-0800200c9a66} FF - Ext: Vista-aero: {07b2a769-ed19-4483-87ce-c643914c81bb} - %profile%\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb} . - - - - POISTETUT JÄMÄRIVIT - - - - URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe AddRemove-Gears of War_is1 - .:\gears of war\unins000.exe AddRemove-{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA} - c:\program files\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\Setup.exeUNINSTALL ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-23 10:27 Windows 6.0.6002 Service Pack 2 NTFS tarkistaa piilotettuja prosesseja ... tarkistaa piilotettuja käynnistysarvoja ... tarkistaa piilotettuja tiedostoja ... tarkistus on valmis piilotetut tiedostot: 0 ************************************************************************** . --------------------- LUKITUT REKISTERIAVAIMET --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Valmistumisajankohta: 2011-02-23 10:32:37 ComboFix-quarantined-files.txt 2011-02-23 08:32 Ennen ajoa: 21 311 311 872 tavua vapaana Ajon jälkeen: 21 140 062 208 tavua vapaana - - End Of File - - FD7D51DA00ED7CB3FAA4BEAA8DFF558C HJT-loki: (ajettu vikasietotilassa) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:42:11, on 23.2.2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19019) Boot mode: Safe mode with network support Running processes: C:\Windows\Explorer.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.02\RivaTuner.exe" /S O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui O4 - HKLM\..\Run: [UsbBoost] C:\Program Files\UsbBoost\TurboHddUsb.exe O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\\Programs\Remote\Remoterm.exe O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe -checktasks O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Nokia Internet Modem] "C:\Program Files\Nokia\Nokia Internet Modem\WellPhone2.exe" /background O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - L:\pelit\pokerstars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - L:\pelit\Dragon.Age.Origins.SKIDROW\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\Bin\Njeeves.exe (file missing) O23 - Service: Norman ZANDA - Unknown owner - C:\Program Files\Norman\Npm\Bin\Zanda.exe (file missing) O23 - Service: Norman Security service (NPROSECSVC) - Unknown owner - C:\Program Files\Norman\Ngs\Bin\Nprosec.exe (file missing) O23 - Service: Norman Scanner Engine Service (nsesvc) - Unknown owner - C:\Program Files\Norman\nse\bin\NSESVC.EXE (file missing) O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Unknown owner - C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\Win32\RpcDataSrv.exe O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\RpcSandraSrv.exe O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Norman Scheduler Service (Scheduler) - Unknown owner - C:\Program Files\Norman\Npm\Bin\scheduler.exe (file missing) O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 21950 bytes Ja sitten vielä OTL: All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes' Anti-Malware (reboot) not found. File C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Norman ZANDA not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\CollaborationHost not found. File move failed. C:\Windows\System32\p2phost.exe scheduled to be moved on reboot. Unable to delete ADS C:\ProgramData\TEMP:0B4227B4 . ========== FILES ========== File\Folder C:\Delnvc5.exe not found. C:\Program Files\Delnvc5.exe moved successfully. C:\Users\Omistaja\Desktop\Delnvc5.exe moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41620 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Omistaja ->Temp folder emptied: 7644353 bytes ->Temporary Internet Files folder emptied: 111702 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 58923474 bytes ->Opera cache emptied: 17281570 bytes ->Flash cache emptied: 9562 bytes User: Public User: Sandra ->Temp folder emptied: 34215 bytes ->Temporary Internet Files folder emptied: 256268 bytes ->Flash cache emptied: 41620 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 155648 bytes %systemroot%\System32 .tmp files removed: 183808 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 49632 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 81,00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Omistaja ->Flash cache emptied: 0 bytes User: Public User: Sandra ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.20.6 log created on 02212011_202859 Files\Folders moved on Reboot... File move failed. C:\Windows\System32\p2phost.exe scheduled to be moved on reboot. Registry entries deleted on Reboot...
. ****************************************** Kirjoita windowsin Aloita haku kenttään Combofix /uninstall paina OK ************************************************************************ Tämmöisen kuvan => www.luukku.com/jumittaa.gif olet tarkittanut varmaan näkymään, mutta se ei näy kaatuu Luukun sisäänkirjautumiseen. Lähetä kuva: http://www.uploadimage.co.uk/ Ylimmältä riviltä Linkki sivusta vastaan ottajalle.
en saanu tota combofixiä ihan tollein poistettua, poistin sen vaan ihan normisti työpöydältä, mutta tässä kuvat näkyyks nytte ? ja välillä kun lopettaa ton prosessin tehtävähallinnasta nii taustalla vilkahtaa windowsin sammutus valikko
. Käy tämä käsinkin. Tuolla Combon roskat poista kansio vain. C:\QooBox\ --------------------------------------------- Kuvat tuli (texti vain penellä) Tällä saat kuvat helposti => http://www.download.fi/tyopoyta/ruudunkaappaus/winsnap.cfm#ohjelman_kuvaus Käytä kuvaa otettaessa valinnainen alue. Saat suoraan rajattuna. ----------------------------------------------------- Kuva oli roskakorista, josta voi poistaa tai palauttaa alkuperäiseen paikkaan takaisin. Jos sellaista levykirjainta ei ole enään olemassa Tulos voisi olla tuollainen. Olisko tuossa kyseessä "I" kirjain jota ei ole olemassa. Sulla on tällaiset levyt/osiot koneella => Drive C: | Partition Type: NTFS Drive E: | Partition Type: NTFS Drive L: | Partition Type: NTFS (minkälaisia levyjä nuo on) ??? Ne pitäisi nimetä C;D;E (onnistuu vieläkin) Tässä tilanteessa kun työnnät vaikka muisti tikun koneeseen se ottaa automaattisesti D: asemakirjaimen, koska se on tuolla välissä vapaana. (kuuluu winukan logiikkaan) Tyhjäät tikun roskiin poistat tikun ja kun yrität palauttaa, niin käy juuri noin. Mistä kansiosta ja mihin kansioihin olet niitä CCleaneria ja uTorrenttia olit siirtämässä ???
Toi C ja E on osioitu yhdestä kovosta 2 osioksi ja toi L on sitten mun jälkeenpäin laittama kovo siis kiinteä tietenkin. U-torrentti ja ccleaner on C asemalla. Siis toi ccleaner jumittaa sillon ku ajaa sen nii se jää siihen 2-4 % pyörimään poistaessaan selaushistoriaa ja sit u-torrent jää jumiin siinä kun yrittää jotain torrenttia sieltä itse ohjelman sisältä poistamaan eli kun klikkaan hiiren kakkospainikkeella torrentin kohdalla poista torrent ja tiedostot, niin se ei poista mitään. Sain vaihdettua asemien kirjaimet oikein, tiedostot siirtyy asemalta toiselle hyvin, mutta poistaessa mitä tahansa tiedostoa miltä tahansa asemalta se jää jumiin tollei miten siinä mun esimerkki kuvassa oli. ja se esimerkki taisi ollakkin juuri minun ulkoiselta kovolta, mutta kaikissa on sama vika, kiinteissä ja ulkoisissa kovoissa. PS. niin ja kansioiden nimien muuttamisen jälkeen asema jää jökkiin. asemalla kun asemalla ja huomasin juuri kun vaihdoin työpöydällä olevan kansion nimeä niin työpöytä jäi jökkiin sillai että en voi painaa enään mitään kuvakkeita mutta windows painike toimii normaalisti? mystinen juttu js tässä on kuva kun ccleaner jumissa:
. Oletko poistanut => CCleaner ja uTorrent asennuksen ja asentanut uudet ohjelmat, koska virukset ovat vahingoittaneet koneesi ohjelmia ??? ------------------------------------------------------- Sinun tapauksessa nuo asemat pitäisi olla C: D: ja E: (Romppu F Ei varmasti korjaa tätä ongelmaa. Mene WinLogo + R napeilla suorita ikkunaan kopioi siihen diskmgmt.msc siellä voit muuttaa asmien kirjaimet. Ikkunassa pitäisi näkyä 3 levyosiota. Lisäksi Romppuasema F: Toivottavasti siellä ei ole mitään muuta. ------------------------------------------------------- Lataa SystemLook by. jpshortstuff TÄÄLTÄ. ja tallenna se työpöydälle. Maalaa Kopioi(CTRL+C) alla olevasta laatikosta kaikki teksti. Code: :filefind CCleaner.exe uTorrent.exe :dir C:\WINDOWS\system32\drivers\etc /s Tupla-klikkaa SystemLook.exe käynnistääksesi sen. Liitä kopioitu texti Ctrl + V ohjelman tekstialueeseen. Klikkaa nappulaa Look aloittaaksesi skannauksen. Kun skannaus on valmis avautuu muistio joka sisältää lokitiedot Klikkaa lokia hiiren oikealla painikkeella ja valitse "Valitse kaikki" Kopio ja liitä se seuraavaan viestiisi. (Loki löytyy myös työpöydältäsi nimellä SystemLook.txt) ------------------------------------------------------------------ Tämä on mulle edelleen epäselvä ??? Code: Mistä kansiosta ja mihin kansioihin CCleaneria ja uTorrenttia olet siirtämässä ???
joo poistin ja asensin jo u-torrentin ja ccleanerin pariinkiin otteeseen, mutta ei auttanut. tuolla levyjen hallinnassa mulla on levyt 0-6 joista 0 ja 1 ovat kiintolevyjäni ja lopuissa lukee "siirrettävä" G, H, I, I ja K asemat siis ? sitten toi romppu asema on F kuten pitääkin ja sitten on M joka on vissiin daemontoolsin virtuaali asema. Niin muuten juuri tuolta nimesinkin nuo Osion kirjaimet uusiks eli C D ja E. Niin siis en ole mihinkään tuota CCleaneria ja U-torrenttia siirtämässä, vaan niissä itse ohjelmissa on jotain mätää ku jää jumiin siis ccleanerin puhdistus vaiheessa ja u-torrentilla kun sieltä u-torrentin päävalikosta haluaa jonkun valmiiksi tulleen tiedoston poistaa niin se jää totaaliseen jumiin. Tässä olis tän systemlookin-loki: mäSystemLook 04.09.10 by jpshortstuff Log created at 23:48 on 23/02/2011 by Omistaja Administrator - Elevation successful ========== filefind ========== Searching for "CCleaner.exe" C:\Program Files\CCleaner\CCleaner.exe --a---- 2200376 bytes [15:25 24/01/2011] [15:25 24/01/2011] 315FB0B032D22D9E27BD111A30039D2E C:\Program Files\G-steam\CCleaner.exe --a---- 1234160 bytes [13:59 17/07/2008] [17:26 22/08/2008] 492C724DBDA1F77BB8817996DA8EDEC1 Searching for "uTorrent.exe" C:\Program Files\uTorrent\uTorrent.exe --a---- 396152 bytes [22:00 21/02/2011] [22:00 21/02/2011] 761926D007A7E79ADEFB6752B119FDE8 C:\Users\Omistaja\Program Files\uTorrent\uTorrent.exe --a---- 210432 bytes [08:20 16/06/2007] [08:20 16/06/2007] 93F16205DF54B82E7E66ED1326E5E19D ========== dir ========== C:\WINDOWS\system32\drivers\etc - Parameters: "/s" ---Files--- hosts --a---- 27 bytes [10:23 02/11/2006] [08:27 23/02/2011] hosts.ics --a---- 374 bytes [15:38 10/05/2009] [19:55 23/02/2011] lmhosts.sam --a---- 3683 bytes [06:38 02/11/2006] [21:41 18/09/2006] networks --a---- 407 bytes [10:23 02/11/2006] [21:41 18/09/2006] protocol --a---- 1358 bytes [10:23 02/11/2006] [21:41 18/09/2006] services --a---- 17244 bytes [10:23 02/11/2006] [21:41 18/09/2006] No folders found. -= EOF =- PS. niin kyllä se ccleanerissa näkyy ettö se lataus ympyrä siinä pyörii ku yritän tehdä puhdistusta mutta se ei siitä 2-4% etene enempää, ja kyllä vaikka jos poistan jonkun tiedoston koneeltani niin siinä "ikkunassa" palkki menee ihan loppuun asti ja pyörii se lataus siinä mutta se ikkuna ei lähe siitä enää millään pois vaan periaatteessa kun tiedonsiirto on loppunu nii siinä se "hyrrää" edelleen vaikka tiedosto onkin jo roskakorissa toivottavasti ymmärsit jotain mun selityksistä Uusia ongelmia, ccleaneria en saa enää poistettua uninstallerilla
. Pikkuhiljaa jovain !!! Olet => Logged in as Administrator koneella, mutta aivankuin "privilegiot" ei silti riittäisi. --------------------------------------------------------------- Kopioi alla olevasta laatikosta kaikki muistiin. Code: :Files C:\WINDOWS\system32\drivers\etc\hosts C:\Program Files\G-steam\CCleaner.exe C:\Users\Omistaja\Program Files\uTorrent\uTorrent.exe :Commands [purity] [EMPTYTEMP] [EMPTYFLASH] [Reboot] Käynnistä OTL.EXE ohjelma. Vista - 7:ssa tee se hiiren oikealla napilla ja Suorita Järjestelmän valvojana Liitä muistista texti OTL:n valkoiseen laatikkoon (Custom Scans/Fixes) Paina sitten Run Fix nappia Lopuksi se pyytää koneen ReStarttia => OK Logi aukeaa muistioon josta kopioit sen viestiisi. *************************************************************************** Mene noihin kansioihin ja tee molemmille tiedostoille => Hiiren kakkosnapilla ja ominaisuudet kohdasta. C:\Program Files\CCleaner\CCleaner.exe C:\Program Files\uTorrent\uTorrent.exe Laita "Käyttöoikeustaso" Suorita JV:nä ja klikkaa Käytä. ------------------------------------------------------------------------ * Lataa HOSTS: TÄÄLTÄ Työpöydällesi. * Pura: hosts.zip C:\WINDOWS\system32\drivers\etc kansioon. Lopuksi Voit varmistaa, että siellä on HOSTS niminen tiedosto ilman tiedostopäätettä. Koko n.700 kt. Suoja activoituu seuraavan käynnistyksen yhteydessä.(ei kuormita muistia) Houstiin päivitykset: Täältä Mitä HOSTS tekee: Opas Täällä ----------------------------------------------------- Viimeinen vaihtoehto: Luo uusi käyttäjätili Omistaja1 ja laita sille JV ominaisuus. Käynnistä kone uudelleen ja testaa uudella tilillä. Jos ei auttanut kokeile vielä Vikasietotilassakin. ???
Tattista taas tässä olis OTL-loki: All processes killed ========== FILES ========== File\Folder C:\WINDOWS\system32\drivers\etc\hosts not found. File\Folder C:\Program Files\G-steam\CCleaner.exe not found. C:\Users\Omistaja\Program Files\uTorrent\uTorrent.exe moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Omistaja ->Temp folder emptied: 15880554 bytes ->Temporary Internet Files folder emptied: 200463 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 47177223 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 5080 bytes User: Public ->Temp folder emptied: 0 bytes User: Sandra ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 60,00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Omistaja ->Flash cache emptied: 0 bytes User: Public User: Sandra ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.20.6 log created on 02242011_181803 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Mä poistin ton u-torrentin ja asensin bitcometin joka toimii moitteettomasti. Ccleaner jumittaa vieläkin samassa kohdassa, mutta vikasietotilassa se toimii hyvin. noi ikkunat nyt vielä jää jumittaan myöskin normitilassa mutta vikasietotilassa pelaa hyvin. Tein noi jutut noille ccleaner ja utorrent exe. tiedostoille ja tein ton HOST tiedoston ja tein uuden käyttäjätilin mutta se jää semmoseen kohtaan jumiin ku kirjautuu ulos tosta Omistajasta Omistaja1 nii se pääsee siihen kohtaan ku näkyy pelkkä työpöytä ja yksi ikkuna jossa lukee että valmistellaan työpöytää. Kiitoksia paljon kun olet jaksanut auttaa tämän ongelman kanssa
