AfterDawn.com Mainosta sivuillamme
User Käyttäjä Salasana  
  Puuttuuko tunnus? Liity jäseneksi nyt!.
Salasana hukassa? Klikkaa tästä. 		 
  Etusivu   Uutiset   Oppaat   Ohjelmat   Sanasto   Laitevertailu   Profiilit   Keskustelu  
 Yksityisviestit     Luo uusi yksityisviesti     Kaikki uudet viestit     Ilman vastauksia olevat viestiketjut     Hae viestejä
sunnuntai 20.7.2025 / 11:47
Hae keskustelualueilta:        In English   Suomeksi   På svenska
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > konejumittaa prosessorin käyttö 100%
Näytä aiheet
 
Keskustelualueet
Keskustelualueet
konejumittaa prosessorin käyttö 100%
  Siirry:
 
Kirjoittaja Viesti
mikrosiru
Junior Member

1 tuotearvio
_ 		22. marraskuuta 2006 @ 19:24 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
juu eli kone heittää aivan juntturaan ja valittelee aina sillon tällön jostain rekisteriin liittyvistä jutuista. mitä pitäs tehä? ja miten muuten ton sp2 päivityksen saa tai mistä?

Logfile of HijackThis v1.99.1
Scan saved at 0:19:55, on 23.11.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\hijack\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B0175ED-CDE6-4426-9CBC-5815EB465C0A} - C:\WINDOWS\System32\pmkhh.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O2 - BHO: (no name) - {9A36CEDC-2619-43F0-8108-50A321AD3057} - C:\WINDOWS\System32\opnnkjk.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZIP Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: opnnkjk - C:\WINDOWS\SYSTEM32\opnnkjk.dll
O20 - Winlogon Notify: pmkhh - C:\WINDOWS\System32\pmkhh.dll
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
[ + lainaa]
mikrosiru
Junior Member

1 tuotearvio
_ 		22. marraskuuta 2006 @ 19:29 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
ja heittää aina välistä winantivirus selaimen auki kun on netissä...
[ + lainaa]
Hujo
Suspended permanently
_ 		23. marraskuuta 2006 @ 00:44 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
1.Lataa combofix.exe http://download.bleepingcomputer.com/sUBs/combofix.exe
tiedosto työpöydällesi.
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.


Lataa SmitfraudFix (c) S!Ri http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:

Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
Postita tämän tekstitiedoston sisältö viestiketjuusi.

Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää.

lähetä:
compofix loki
smitfraudfix loki
Hjt loki

[ + lainaa]
Voiko tietsikka koskaan toimia?
-kemisti-
AfterDawn Addict
_ 		23. marraskuuta 2006 @ 06:08 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Aja combofix tarkalleen näin niin lähtee vundo samalla:

käynnistä -> suorita

kirjoita

"%userprofile%/työpöytä/combofix.exe" /v opnnkjk pmkhh (jos enkkuwinukka, korvaa työpöytä -> desktop)

Ja klikkaa ok

Kun valmis, käynnistä kone uudelleen.
[ + lainaa]
Ei HjT-lokeja tms. yksityisviestillä!

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 23. marraskuuta 2006 @ 06:08
mikrosiru
Junior Member

1 tuotearvio
_ 		23. marraskuuta 2006 @ 06:51 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
combofix logi




Mikko - 06-11-23 11:45:32,31 Service Pack 2
ComboFix 06.11.22 - Running from: "C:\Documents and Settings\Mikko\Ty?p?yt?"

((((((((((((((((((((((((((((((( Files Created from 2006-10-23 to 2006-11-23 ))))))))))))))))))))))))))))))))))


2006-11-23 07:41 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2006-11-23 07:35 <KANSIO> d-------- C:\WINDOWS\Prefetch
2006-11-23 03:29 <KANSIO> d-------- C:\WINDOWS\LastGood.Tmp
2006-11-23 03:15 <KANSIO> d-------- C:\WINDOWS\provisioning
2006-11-23 03:15 <KANSIO> d-------- C:\WINDOWS\peernet
2006-11-23 03:07 <KANSIO> d-------- C:\WINDOWS\ServicePackFiles
2006-11-23 02:53 <KANSIO> d-------- C:\WINDOWS\system32\ReinstallBackups
2006-11-23 02:44 <KANSIO> d-------- C:\WINDOWS\EHome
2006-11-23 02:06 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2006-11-23 00:16 <KANSIO> d-------- C:\hijack
2006-11-21 19:52 <KANSIO> d--h----- C:\WINDOWS\PIF
2006-11-21 14:29 <KANSIO> d-------- C:\Program Files\Ahead
2006-11-21 14:01 <KANSIO> d-------- C:\WINDOWS\RegisteredPackages
2006-11-21 13:58 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2006-11-21 08:44 624,632 ---hs---- C:\WINDOWS\system32\hhkmp.ini2
2006-11-20 16:36 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\Real
2006-11-19 23:21 1,432 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-19 23:08 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2006-11-19 23:07 <KANSIO> d-------- C:\Program Files\WinZip
2006-11-19 21:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2006-11-19 21:17 <KANSIO> d-------- C:\Program Files\Microsoft.NET
2006-11-19 21:15 <KANSIO> d-------- C:\Program Files\Microsoft Works
2006-11-19 21:15 <KANSIO> d-------- C:\Program Files\Common Files\DESIGNER
2006-11-19 21:14 <KANSIO> d-------- C:\Program Files\Microsoft Visual Studio
2006-11-19 21:13 <KANSIO> d-------- C:\WINDOWS\SHELLNEW
2006-11-19 21:12 <KANSIO> d-------- C:\Program Files\Microsoft Office
2006-11-19 20:54 <KANSIO> d-------- C:\WINDOWS\Downloaded Installations
2006-11-19 00:37 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\SearchToolbarCorp
2006-11-18 22:36 619,649 ---hs---- C:\WINDOWS\system32\hhkmp.bak2
2006-11-18 22:36 110,612 --a------ C:\WINDOWS\system32\vdlgrndp.exe
2006-11-18 22:36 <KANSIO> d-------- C:\Program Files\VSAdd-in
2006-11-18 11:41 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2006-11-18 11:41 330,752 --a------ C:\WINDOWS\system32\ipnathlp.dll
2006-11-18 11:41 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2006-11-18 11:25 947,472 --a------ C:\WINDOWS\system32\msjava.dll
2006-11-18 11:25 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2006-11-18 11:25 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2006-11-18 11:25 46,352 --a------ C:\WINDOWS\setdebug.exe
2006-11-18 11:25 404,752 --a------ C:\WINDOWS\system32\javart.dll
2006-11-18 11:25 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2006-11-18 11:25 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
2006-11-18 11:25 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2006-11-18 11:25 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
2006-11-18 11:25 172,304 --a------ C:\WINDOWS\system32\jview.exe
2006-11-18 11:25 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2006-11-18 11:25 171,280 --a------ C:\WINDOWS\system32\jit.dll
2006-11-18 11:25 154,384 --a------ C:\WINDOWS\system32\msawt.dll
2006-11-18 11:25 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2006-11-18 11:25 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2006-11-18 11:25 113 --a------ C:\WINDOWS\system32\zonedon.reg
2006-11-18 11:25 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2006-11-18 11:02 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2006-11-18 04:21 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\Macromedia
2006-11-18 01:10 <KANSIO> d-------- C:\Program Files\Adobe
2006-11-18 00:45 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\Adobe
2006-11-18 00:44 <KANSIO> d-------- C:\Program Files\Common Files\Adobe
2006-11-18 00:29 <KANSIO> d-------- C:\Documents and Settings\Mikko\Contacts
2006-11-18 00:27 <KANSIO> d-------- C:\WINDOWS\system32\DRVSTORE
2006-11-18 00:27 <KANSIO> d-------- C:\Program Files\MSN Messenger
2006-11-18 00:19 <KANSIO> d--h----- C:\Program Files\InstallShield Installation Information
2006-11-18 00:18 <KANSIO> d-------- C:\Program Files\Common Files\InstallShield
2006-11-18 00:01 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2006-11-17 22:41 <KANSIO> d---s---- C:\Documents and Settings\Mikko\UserData
2006-11-17 22:36 110,612 --a------ C:\WINDOWS\system32\fmcixqks.exe
2006-11-17 22:35 615,177 ---hs---- C:\WINDOWS\system32\hhkmp.bak1
2006-11-17 22:19 <KANSIO> d-------- C:\mikko
2006-11-17 22:13 <KANSIO> d-------- C:\WINDOWS\system32\bits
2006-11-17 22:11 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-11-17 22:11 <KANSIO> d--h----- C:\WINDOWS\$hf_mig$
2006-11-17 22:11 <KANSIO> d-------- C:\WINDOWS\system32\PreInstall
2006-11-17 21:59 40,973 ---hs---- C:\WINDOWS\system32\opnnkjk.dll
2006-11-17 21:48 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2006-11-17 21:48 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2006-11-17 21:48 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2006-11-17 21:48 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-11-17 21:45 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\Mozilla
2006-11-17 21:44 <KANSIO> d-------- C:\Program Files\Mozilla Firefox
2006-11-17 21:41 <KANSIO> d-------- C:\WINDOWS\system32\SoftwareDistribution
2006-11-17 21:41 <KANSIO> d-------- C:\mozilla
2006-11-17 21:39 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-11-17 21:39 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-11-17 21:39 194,840 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-11-17 21:39 173,848 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-11-17 21:39 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2006-11-17 21:39 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-11-17 21:39 <KANSIO> d-------- C:\WINDOWS\SoftwareDistribution
2006-11-17 21:35 692,276 ---hs---- C:\WINDOWS\system32\pmkhh.dll
2006-11-17 21:18 68,752 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2006-11-17 21:18 26,928 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2006-11-17 21:17 118,784 -r------- C:\WINDOWS\bwUnin-6.3.2.62-7681197L.exe
2006-11-17 21:14 <KANSIO> d-------- C:\Program Files\F-Secure
2006-11-17 18:20 40,973 ---hs---- C:\WINDOWS\system32\awtqnkh.dll
2006-11-17 15:52 <KANSIO> d--hs---- C:\Recycled
2006-11-17 15:46 66,591 --a------ C:\WINDOWS\system32\drivers\el90xbc5.sys
2006-11-17 02:37 <KANSIO> d---s---- C:\WINDOWS\system32\Microsoft
2006-11-17 02:29 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2006-11-17 02:28 75,264 --a------ C:\WINDOWS\system32\MACDec.dll
2006-11-17 02:28 679,936 --a------ C:\WINDOWS\system32\xvidcore.dll
2006-11-17 02:28 45,568 --a------ C:\WINDOWS\system32\huffyuv.dll
2006-11-17 02:28 446,464 --a------ C:\WINDOWS\system32\vp31vfw.dll
2006-11-17 02:28 438,272 --a------ C:\WINDOWS\system32\vp6vfw.dll
2006-11-17 02:28 421,888 --a------ C:\WINDOWS\system32\OpenQuicktimeLib.dll
2006-11-17 02:28 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2006-11-17 02:28 413,760 --a------ C:\WINDOWS\system32\DivXc32f.dll
2006-11-17 02:28 413,760 --a------ C:\WINDOWS\system32\DivXc32.dll
2006-11-17 02:28 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-11-17 02:28 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2006-11-17 02:28 338,432 --a------ C:\WINDOWS\system32\ir41_qcx.dll
2006-11-17 02:28 286,720 --a------ C:\WINDOWS\system32\3ivxVfWCodec.dll
2006-11-17 02:28 245,408 --a------ C:\WINDOWS\system32\unicows.dll
2006-11-17 02:28 200,192 --a------ C:\WINDOWS\system32\Ir50_qc.dll
2006-11-17 02:28 19,968 --a------ C:\WINDOWS\system32\cpuinf32.dll
2006-11-17 02:28 183,808 --a------ C:\WINDOWS\system32\Ir50_qcx.dll
2006-11-17 02:28 155,648 --a------ C:\WINDOWS\system32\xvidvfw.dll
2006-11-17 02:28 120,320 --a------ C:\WINDOWS\system32\ir41_qc.dll
2006-11-17 02:28 1,824,768 --a------ C:\WINDOWS\system32\divx.dll
2006-11-17 02:28 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll
2006-11-17 02:28 1,024,000 --a------ C:\WINDOWS\system32\3ivx.dll
2006-11-17 02:28 <KANSIO> d-------- C:\WINDOWS\system32\QuickTime
2006-11-17 02:26 <KANSIO> d-------- C:\klm codec
2006-11-17 02:18 <KANSIO> d--hs---- C:\WINDOWS\Installer
2006-11-17 02:17 <KANSIO> dr-h----- C:\Documents and Settings\Mikko\SendTo
2006-11-17 02:17 <KANSIO> dr-h----- C:\Documents and Settings\Mikko\Recent
2006-11-17 02:17 <KANSIO> dr-h----- C:\Documents and Settings\Mikko\Application Data\.
2006-11-17 02:17 <KANSIO> dr-h----- C:\Documents and Settings\Mikko\Application Data
2006-11-17 02:17 <KANSIO> dr------- C:\Documents and Settings\Mikko\Suosikit
2006-11-17 02:17 <KANSIO> dr------- C:\Documents and Settings\Mikko\Omat tiedostot
2006-11-17 02:17 <KANSIO> dr------- C:\Documents and Settings\Mikko\K?ynnist?-valikko
2006-11-17 02:17 <KANSIO> d--h----- C:\Program Files\Uninstall Information
2006-11-17 02:17 <KANSIO> d--h----- C:\Documents and Settings\Mikko\Verkkoymp?rist?
2006-11-17 02:17 <KANSIO> d--h----- C:\Documents and Settings\Mikko\Tulostinymp?rist?
2006-11-17 02:17 <KANSIO> d--h----- C:\Documents and Settings\Mikko\Mallit
2006-11-17 02:17 <KANSIO> d--h----- C:\Documents and Settings\Mikko\Local Settings
2006-11-17 02:17 <KANSIO> d---s---- C:\Documents and Settings\Mikko\Cookies
2006-11-17 02:17 <KANSIO> d---s---- C:\Documents and Settings\Mikko\Application Data\Microsoft
2006-11-17 02:17 <KANSIO> d-------- C:\Documents and Settings\Mikko\Ty?p?yt?
2006-11-17 02:17 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\Identities
2006-11-17 02:17 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\..
2006-11-17 02:17 <KANSIO> d-------- C:\Documents and Settings\Mikko\..
2006-11-17 02:17 <KANSIO> d-------- C:\Documents and Settings\Mikko\.
2006-11-17 02:15 <KANSIO> d--hs---- C:\System Volume Information
2006-11-17 02:10 0 -rahs---- C:\MSDOS.SYS
2006-11-17 02:10 0 -rahs---- C:\IO.SYS
2006-11-17 02:10 0 --a------ C:\CONFIG.SYS
2006-11-17 02:10 0 --a------ C:\AUTOEXEC.BAT
2006-11-17 02:10 <KANSIO> d-------- C:\WINDOWS\system32\xircom
2006-11-17 02:10 <KANSIO> d-------- C:\Program Files\xerox
2006-11-17 02:10 <KANSIO> d-------- C:\Program Files\microsoft frontpage
2006-11-17 02:09 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-11-17 02:08 <KANSIO> dr------- C:\WINDOWS\Offline Web Pages
2006-11-17 02:08 <KANSIO> d--hs---- C:\Documents and Settings\All Users\DRM
2006-11-17 02:08 <KANSIO> d---s---- C:\WINDOWS\Downloaded Program Files
2006-11-17 02:07 <KANSIO> d-------- C:\WINDOWS\system32\DirectX
2006-11-17 02:06 86,016 --a------ C:\WINDOWS\system32\isign32.dll
2006-11-17 02:06 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-11-17 02:06 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-11-17 02:06 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-11-17 02:06 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-11-17 02:06 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-11-17 02:06 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-11-17 02:06 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-11-17 02:06 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-11-17 02:06 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-11-17 02:06 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-11-17 02:06 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-11-17 02:06 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-11-17 02:06 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-11-17 02:06 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-11-17 02:06 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-11-17 02:06 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-11-17 02:06 278,528 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-11-17 02:06 276,480 --a------ C:\WINDOWS\system32\mstask.dll
2006-11-17 02:06 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-11-17 02:06 240,640 --a------ C:\WINDOWS\system32\srrstr.dll
2006-11-17 02:06 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-11-17 02:06 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-11-17 02:06 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-11-17 02:06 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-11-17 02:06 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-11-17 02:06 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-11-17 02:06 <KANSIO> d---s---- C:\WINDOWS\Tasks
2006-11-17 02:06 <KANSIO> d-------- C:\WINDOWS\system32\Restore
2006-11-17 02:06 <KANSIO> d-------- C:\WINDOWS\system32\Macromed
2006-11-17 02:06 <KANSIO> d-------- C:\WINDOWS\srchasst
2006-11-17 02:06 <KANSIO> d-------- C:\WINDOWS\PCHealth
2006-11-17 02:06 <KANSIO> d-------- C:\Program Files\Outlook Express
2006-11-17 02:06 <KANSIO> d-------- C:\Program Files\NetMeeting
2006-11-17 02:06 <KANSIO> d-------- C:\Program Files\Movie Maker
2006-11-17 02:06 <KANSIO> d-------- C:\Program Files\Internet Explorer
2006-11-17 02:06 <KANSIO> d-------- C:\Program Files\Common Files\System
2006-11-17 02:06 <KANSIO> d-------- C:\Program Files\Common Files\Services
2006-11-17 02:06 <KANSIO> d-------- C:\Program Files\Common Files\MSSoap
2006-11-17 02:05 <KANSIO> d-------- C:\WINDOWS\Registration
2006-11-17 02:05 <KANSIO> d-------- C:\Program Files\ComPlus Applications
2006-11-17 02:04 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-11-17 02:04 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-11-17 02:04 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-11-17 02:04 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-11-17 02:04 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-11-17 02:04 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-11-17 02:04 186,368 --a------ C:\WINDOWS\system32\accwiz.exe
2006-11-17 02:04 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-11-17 02:04 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-11-17 02:04 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-11-17 02:04 <KANSIO> d--h----- C:\Program Files\WindowsUpdate
2006-11-17 02:04 <KANSIO> d-------- C:\Program Files\Windows Media Player
2006-11-17 02:04 <KANSIO> d-------- C:\Program Files\Online Services
2006-11-17 02:04 <KANSIO> d-------- C:\Program Files\MSN Gaming Zone
2006-11-17 02:04 <KANSIO> d-------- C:\Program Files\Messenger
2006-11-17 02:03 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2006-11-17 02:03 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-11-17 02:03 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-11-17 02:03 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-11-17 02:03 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-11-17 02:03 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-11-17 02:03 80,896 --a------ C:\WINDOWS\system32\charmap.exe
2006-11-17 02:03 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-11-17 02:03 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-11-17 02:03 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-11-17 02:03 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-11-17 02:03 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-11-17 02:03 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-11-17 02:03 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-11-17 02:03 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-11-17 02:03 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-11-17 02:03 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-11-17 02:03 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-11-17 02:03 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-11-17 02:03 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-11-17 02:03 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-11-17 02:03 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-11-17 02:03 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-11-17 02:03 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-11-17 02:03 404,992 --a------ C:\WINDOWS\system32\mstsc.exe
2006-11-17 02:03 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-11-17 02:03 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-11-17 02:03 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-11-17 02:03 39,424 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-11-17 02:03 344,064 --a------ C:\WINDOWS\system32\mspaint.exe
2006-11-17 02:03 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-11-17 02:03 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-11-17 02:03 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-11-17 02:03 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-11-17 02:03 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-11-17 02:03 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-11-17 02:03 21,504 --a------ C:\WINDOWS\system32\msg.exe
2006-11-17 02:03 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-11-17 02:03 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-11-17 02:03 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-11-17 02:03 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-11-17 02:03 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-11-17 02:03 17,408 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-11-17 02:03 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-11-17 02:03 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-11-17 02:03 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-11-17 02:03 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-11-17 02:03 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-11-17 02:03 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-11-17 02:03 15,360 --a------ C:\WINDOWS\system32\tscon.exe
2006-11-17 02:03 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-11-17 02:03 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-11-17 02:03 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-11-17 02:03 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-11-17 02:03 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-11-17 02:03 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-11-17 02:03 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-11-17 02:03 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-11-17 02:03 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-11-17 02:03 124,696 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-11-17 02:03 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-11-17 02:03 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-11-17 02:03 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-11-17 02:03 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-11-17 02:03 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-11-17 02:03 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-11-17 02:03 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-11-17 02:03 102,400 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-11-17 02:03 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-11-17 02:03 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-11-17 02:03 <KANSIO> d-------- C:\WINDOWS\system32\MsDtc
2006-11-17 02:03 <KANSIO> d-------- C:\WINDOWS\system32\Com
2006-11-17 02:03 <KANSIO> d-------- C:\Program Files\Windows NT
2006-11-17 02:03 <KANSIO> d-------- C:\Program Files\MSN
2006-11-17 01:58 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-11-17 01:58 7,552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2006-11-17 01:58 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-11-17 01:58 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-11-17 01:58 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-11-17 01:58 5,376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2006-11-17 01:58 4,992 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2006-11-17 01:58 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-11-17 01:58 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-11-17 01:58 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-11-17 01:57 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-11-17 01:57 57,216 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-11-17 01:57 33,599 --a------ C:\WINDOWS\system32\drivers\wATV04nt.sys
2006-11-17 01:57 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2006-11-17 01:57 29,311 --a------ C:\WINDOWS\system32\drivers\wATV01nt.sys
2006-11-17 01:57 23,615 --a------ C:\WINDOWS\system32\drivers\wCh7xxNT.sys
2006-11-17 01:57 19,551 --a------ C:\WINDOWS\system32\drivers\wATV02NT.sys
2006-11-17 01:57 19,455 --a------ C:\WINDOWS\system32\drivers\wVchNTxx.sys
2006-11-17 01:57 12,415 --a------ C:\WINDOWS\system32\drivers\wADV01nt.sys
2006-11-17 01:57 12,127 --a------ C:\WINDOWS\system32\drivers\wADV02NT.sys
2006-11-17 01:57 12,063 --a------ C:\WINDOWS\system32\drivers\wSiINTxx.sys
2006-11-17 01:57 11,775 --a------ C:\WINDOWS\system32\drivers\wADV05NT.sys
2006-11-17 01:56 96,256 --a------ C:\WINDOWS\system32\drivers\ac97intc.sys
2006-11-17 01:56 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2006-11-17 01:56 702,845 --a------ C:\WINDOWS\system32\i81xdnt5.dll
2006-11-17 01:56 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-11-17 01:56 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-11-17 01:56 2,944 --a------ C:\WINDOWS\system32\drivers\msmpu401.sys
2006-11-17 01:56 161,020 --a------ C:\WINDOWS\system32\drivers\i81xnt5.sys
2006-11-17 01:56 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2006-11-17 01:56 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2006-11-17 01:54 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2006-11-17 01:54 9,008 --a------ C:\WINDOWS\system\VER.DLL
2006-11-17 01:54 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-11-17 01:54 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2006-11-17 01:54 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-11-17 01:54 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-11-17 01:54 74,240 --a------ C:\WINDOWS\system32\storprop.dll
2006-11-17 01:54 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-11-17 01:54 69,856 --a------ C:\WINDOWS\system\AVICAP.DLL
2006-11-17 01:54 69,632 --a------ C:\WINDOWS\notepad.exe
2006-11-17 01:54 68,768 --a------ C:\WINDOWS\system\mmsystem.dll
2006-11-17 01:54 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-11-17 01:54 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-11-17 01:54 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-11-17 01:54 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-11-17 01:54 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-11-17 01:54 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-11-17 01:54 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-11-17 01:54 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-11-17 01:54 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-11-17 01:54 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-11-17 01:54 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-11-17 01:54 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-11-17 01:54 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-11-17 01:54 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-11-17 01:54 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-11-17 01:54 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-11-17 01:54 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-11-17 01:54 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2006-11-17 01:54 33,120 --a------ C:\WINDOWS\system\COMMDLG.DLL
2006-11-17 01:54 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-11-17 01:54 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2006-11-17 01:54 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2006-11-17 01:54 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-11-17 01:54 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-11-17 01:54 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-11-17 01:54 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2006-11-17 01:54 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-11-17 01:54 109,504 --a------ C:\WINDOWS\system\AVIFILE.DLL
2006-11-17 01:54 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2006-11-17 01:54 <KANSIO> dr------- C:\Program Files\Common Files\..
2006-11-17 01:54 <KANSIO> dr------- C:\Program Files\.
2006-11-17 01:54 <KANSIO> dr------- C:\Program Files
2006-11-17 01:54 <KANSIO> d-------- C:\Program Files\Common Files\SpeechEngines
2006-11-17 01:54 <KANSIO> d-------- C:\Program Files\Common Files\ODBC
2006-11-17 01:54 <KANSIO> d-------- C:\Program Files\Common Files\Microsoft Shared
2006-11-17 01:54 <KANSIO> d-------- C:\Program Files\Common Files\.
2006-11-17 01:54 <KANSIO> d-------- C:\Program Files\Common Files
2006-11-17 01:54 <KANSIO> d-------- C:\Program Files\..
2006-11-17 01:53 <KANSIO> dr-h----- C:\Documents and Settings\All Users\Application Data\.
2006-11-17 01:53 <KANSIO> dr-h----- C:\Documents and Settings\All Users\Application Data
2006-11-17 01:53 <KANSIO> dr------- C:\Documents and Settings\All Users\Tiedostot
2006-11-17 01:53 <KANSIO> dr------- C:\Documents and Settings\All Users\K?ynnist?-valikko
2006-11-17 01:53 <KANSIO> d--h----- C:\Documents and Settings\All Users\Mallit
2006-11-17 01:53 <KANSIO> d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2006-11-17 01:53 <KANSIO> d-------- C:\WINDOWS\system32\CatRoot2
2006-11-17 01:53 <KANSIO> d-------- C:\WINDOWS\system32\CatRoot
2006-11-17 01:53 <KANSIO> d-------- C:\Documents and Settings\All Users\Ty?p?yt?
2006-11-17 01:53 <KANSIO> d-------- C:\Documents and Settings\All Users\Suosikit
2006-11-17 01:53 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\..
2006-11-17 01:52 <KANSIO> d-------- C:\Documents and Settings\All Users\..
2006-11-17 01:52 <KANSIO> d-------- C:\Documents and Settings\All Users\.
2006-11-17 01:52 <KANSIO> d-------- C:\Documents and Settings
2006-11-17 01:46 <KANSIO> dr-hs---- C:\WINDOWS\system32\dllcache
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\WinSxS
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\twain_32
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\Temp
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\usmt
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\oobe
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\npp
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\mui
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\inetsrv
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\IME
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\icsxml
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\ias
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\export
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\3com_dmi
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\3076
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\2052
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\1054
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\1042
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\1041
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\1037
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\1035
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\1033
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\1031
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\1028
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\1025
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\security
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\Resources
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\mui
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\msapps
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\ime
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\Driver Cache
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\Debug
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\Connection Wizard
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\AppPatch
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\addins
2006-11-17 01:45 <KANSIO> dr--s---- C:\WINDOWS\Fonts
2006-11-17 01:45 <KANSIO> dr------- C:\WINDOWS\Web
2006-11-17 01:45 <KANSIO> d--h----- C:\WINDOWS\inf
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\wins
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\wbem
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\spool
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\ShellExt
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\Setup
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\ras
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\drivers\etc
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\drivers\disdn
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\drivers\..
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\drivers\.
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\drivers
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\dhcp
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\config
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\..
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\.
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system\..
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system\.
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\repair
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\msagent
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\Media
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\java
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\Help
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\Cursors
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\Config
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\..
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\.
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))




(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\MSMSGS.EXE\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"F-Secure Manager"="\"C:\\Program Files\\F-Secure\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\\Program Files\\F-Secure\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{9A36CEDC-2619-43F0-8108-50A321AD3057}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnkjk
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkhh

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-11-23 11:49:31.68
C:\ComboFix.txt ... 06-11-23 11:49
[ + lainaa]
mikrosiru
Junior Member

1 tuotearvio
_ 		23. marraskuuta 2006 @ 06:55 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
smitfraudfix logi


SmitFraudFix v2.122

Scan done at 11:53:28,23, to 23.11.2006
Run from D:\smitfreudfix\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mikko


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mikko\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MIKKO\SUOSIKIT


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
[ + lainaa]
mikrosiru
Junior Member

1 tuotearvio
_ 		23. marraskuuta 2006 @ 06:59 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
HjT logi



Logfile of HijackThis v1.99.1
Scan saved at 11:56:32, on 23.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijack\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O2 - BHO: (no name) - {9A36CEDC-2619-43F0-8108-50A321AD3057} - C:\WINDOWS\System32\opnnkjk.dll
O2 - BHO: (no name) - {DA14646E-4460-4874-9068-138C4BC3AD6C} - C:\WINDOWS\System32\pmkhh.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZIP Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: opnnkjk - C:\WINDOWS\SYSTEM32\opnnkjk.dll
O20 - Winlogon Notify: pmkhh - C:\WINDOWS\System32\pmkhh.dll
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
[ + lainaa]
Hujo
Suspended permanently
_ 		23. marraskuuta 2006 @ 07:38 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Lisää poista Sovellutuksesta poista

VSToolBar


Lataa VundoFix.exe
http://www.atribune.org/ccount/click.php?id=4 työpöydällesi.

? Tupla-klikkaa VundoFix.exe ajaaksesi sen.
? Klikkaa Scan for Vundo valintaa.
? Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
? Sinulta kysytään haluatko poistaa filut - klikkaa YES.
? Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
? Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
? Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.


Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.


SmitFraudFix v2.122 vanha versio poista ja ota uusi


[ + lainaa]
Voiko tietsikka koskaan toimia?
mikrosiru
Junior Member

1 tuotearvio
_ 		23. marraskuuta 2006 @ 13:43 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
HjT logi


Logfile of HijackThis v1.99.1
Scan saved at 16:24, on 06-11-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijack\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - C:\WINDOWS\system32\bprltfat.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0DCC0102-3D42-4E7F-BF94-05CD0C9DF0F5} - C:\WINDOWS\System32\pmkhh.dll (file missing)
O2 - BHO: (no name) - {9A36CEDC-2619-43F0-8108-50A321AD3057} - C:\WINDOWS\System32\opnnkjk.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: opnnkjk - C:\WINDOWS\SYSTEM32\opnnkjk.dll
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe


vundofix logi


VundoFix V6.2.11

Checking Java version...

Sun Java not detected
Scan started at 16:18:56 06-11-23

Listing files found while scanning....

C:\WINDOWS\System32\hhkmp.ini
C:\WINDOWS\System32\hhkmp.bak1
C:\WINDOWS\System32\hhkmp.bak2
C:\WINDOWS\System32\hhkmp.ini2
C:\WINDOWS\System32\hhkmp.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\System32\pmkhh.dll
C:\WINDOWS\System32\pmkhh.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\hhkmp.ini
C:\WINDOWS\System32\hhkmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\hhkmp.bak1
C:\WINDOWS\System32\hhkmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\hhkmp.bak2
C:\WINDOWS\System32\hhkmp.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\hhkmp.ini2
C:\WINDOWS\System32\hhkmp.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\hhkmp.tmp
C:\WINDOWS\System32\hhkmp.tmp Has been deleted!

Performing Repairs to the registry.
Done!
[ + lainaa]
mikrosiru
Junior Member

1 tuotearvio
_ 		23. marraskuuta 2006 @ 13:49 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
siin on viel smitfraudfixin logi


SmitFraudFix v2.123

Scan done at 18:48:39.53, 06-11-23
Run from D:\smitfreudfix\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mikko


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mikko\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MIKKO\SUOSIKIT


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
[ + lainaa]
Hujo
Suspended permanently
_ 		23. marraskuuta 2006 @ 13:56 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Scannaa hjt:llä merkkaa paina Fix checked

O2 - BHO: (no name) - {0DCC0102-3D42-4E7F-BF94-05CD0C9DF0F5} - C:\WINDOWS\System32\pmkhh.dll (file missing)


aja Vundoo uudestaan Lähetä raportti
aja Compofix uudestaan Lähetä raportti
uusi HjT -loki

Smitfraudfix ok
[ + lainaa]
Voiko tietsikka koskaan toimia?

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 23. marraskuuta 2006 @ 13:58
mikrosiru
Junior Member

1 tuotearvio
_ 		23. marraskuuta 2006 @ 14:21 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
vundon logi




VundoFix V6.2.11

Checking Java version...

Sun Java not detected
Scan started at 19:08:52 06-11-23

Listing files found while scanning....

C:\WINDOWS\system32\qstwa.ini
C:\WINDOWS\system32\qstwa.bak1

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtsq.dll
C:\WINDOWS\system32\awtsq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qstwa.ini
C:\WINDOWS\system32\qstwa.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\qstwa.bak1
C:\WINDOWS\system32\qstwa.bak1 Has been deleted!

Performing Repairs to the registry.
Done!






combofix logi


Mikko - 06-11-23 19:15:46.51 Service Pack 2
ComboFix 06.11.22 - Running from: "C:\Documents and Settings\Mikko\Ty?p?yt?"

((((((((((((((((((((((((((((((( Files Created from 2006-10-23 to 2006-11-23 ))))))))))))))))))))))))))))))))))


2006-11-23 16:25 <KANSIO> d-------- C:\logit
2006-11-23 16:18 <KANSIO> d-------- C:\VundoFix Backups
2006-11-23 12:29 38,420 --a------ C:\WINDOWS\system32\bprltfat.dll
2006-11-23 12:24 <KANSIO> d-------- C:\WINDOWS\pss
2006-11-23 07:41 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2006-11-23 07:35 <KANSIO> d-------- C:\WINDOWS\Prefetch
2006-11-23 03:15 <KANSIO> d-------- C:\WINDOWS\provisioning
2006-11-23 03:15 <KANSIO> d-------- C:\WINDOWS\peernet
2006-11-23 03:07 <KANSIO> d-------- C:\WINDOWS\ServicePackFiles
2006-11-23 02:53 <KANSIO> d-------- C:\WINDOWS\system32\ReinstallBackups
2006-11-23 02:44 <KANSIO> d-------- C:\WINDOWS\EHome
2006-11-23 02:06 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2006-11-23 00:16 <KANSIO> d-------- C:\hijack
2006-11-21 19:52 <KANSIO> d--h----- C:\WINDOWS\PIF
2006-11-21 14:29 <KANSIO> d-------- C:\Program Files\Ahead
2006-11-21 14:01 <KANSIO> d-------- C:\WINDOWS\RegisteredPackages
2006-11-21 13:58 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2006-11-20 16:36 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\Real
2006-11-19 23:21 1,432 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-19 23:08 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2006-11-19 23:07 <KANSIO> d-------- C:\Program Files\WinZip
2006-11-19 21:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2006-11-19 21:17 <KANSIO> d-------- C:\Program Files\Microsoft.NET
2006-11-19 21:15 <KANSIO> d-------- C:\Program Files\Microsoft Works
2006-11-19 21:15 <KANSIO> d-------- C:\Program Files\Common Files\DESIGNER
2006-11-19 21:14 <KANSIO> d-------- C:\Program Files\Microsoft Visual Studio
2006-11-19 21:13 <KANSIO> d-------- C:\WINDOWS\SHELLNEW
2006-11-19 21:12 <KANSIO> d-------- C:\Program Files\Microsoft Office
2006-11-19 20:54 <KANSIO> d-------- C:\WINDOWS\Downloaded Installations
2006-11-19 00:37 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\SearchToolbarCorp
2006-11-18 22:36 110,612 --a------ C:\WINDOWS\system32\vdlgrndp.exe
2006-11-18 22:36 <KANSIO> d-------- C:\Program Files\VSAdd-in
2006-11-18 11:41 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2006-11-18 11:41 330,752 --a------ C:\WINDOWS\system32\ipnathlp.dll
2006-11-18 11:41 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2006-11-18 11:25 947,472 --a------ C:\WINDOWS\system32\msjava.dll
2006-11-18 11:25 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2006-11-18 11:25 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2006-11-18 11:25 46,352 --a------ C:\WINDOWS\setdebug.exe
2006-11-18 11:25 404,752 --a------ C:\WINDOWS\system32\javart.dll
2006-11-18 11:25 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2006-11-18 11:25 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
2006-11-18 11:25 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2006-11-18 11:25 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
2006-11-18 11:25 172,304 --a------ C:\WINDOWS\system32\jview.exe
2006-11-18 11:25 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2006-11-18 11:25 171,280 --a------ C:\WINDOWS\system32\jit.dll
2006-11-18 11:25 154,384 --a------ C:\WINDOWS\system32\msawt.dll
2006-11-18 11:25 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2006-11-18 11:25 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2006-11-18 11:25 113 --a------ C:\WINDOWS\system32\zonedon.reg
2006-11-18 11:25 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2006-11-18 11:02 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2006-11-18 04:21 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\Macromedia
2006-11-18 01:10 <KANSIO> d-------- C:\Program Files\Adobe
2006-11-18 00:45 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\Adobe
2006-11-18 00:44 <KANSIO> d-------- C:\Program Files\Common Files\Adobe
2006-11-18 00:29 <KANSIO> d-------- C:\Documents and Settings\Mikko\Contacts
2006-11-18 00:27 <KANSIO> d-------- C:\WINDOWS\system32\DRVSTORE
2006-11-18 00:27 <KANSIO> d-------- C:\Program Files\MSN Messenger
2006-11-18 00:19 <KANSIO> d--h----- C:\Program Files\InstallShield Installation Information
2006-11-18 00:18 <KANSIO> d-------- C:\Program Files\Common Files\InstallShield
2006-11-18 00:01 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2006-11-17 22:41 <KANSIO> d---s---- C:\Documents and Settings\Mikko\UserData
2006-11-17 22:36 110,612 --a------ C:\WINDOWS\system32\fmcixqks.exe
2006-11-17 22:19 <KANSIO> d-------- C:\mikko
2006-11-17 22:13 <KANSIO> d-------- C:\WINDOWS\system32\bits
2006-11-17 22:11 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-11-17 22:11 <KANSIO> d--h----- C:\WINDOWS\$hf_mig$
2006-11-17 22:11 <KANSIO> d-------- C:\WINDOWS\system32\PreInstall
2006-11-17 21:59 40,973 ---hs---- C:\WINDOWS\system32\opnnkjk.dll
2006-11-17 21:48 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2006-11-17 21:48 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2006-11-17 21:48 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2006-11-17 21:48 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-11-17 21:45 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\Mozilla
2006-11-17 21:44 <KANSIO> d-------- C:\Program Files\Mozilla Firefox
2006-11-17 21:41 <KANSIO> d-------- C:\WINDOWS\system32\SoftwareDistribution
2006-11-17 21:41 <KANSIO> d-------- C:\mozilla
2006-11-17 21:39 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-11-17 21:39 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-11-17 21:39 194,840 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-11-17 21:39 173,848 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-11-17 21:39 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2006-11-17 21:39 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-11-17 21:39 <KANSIO> d-------- C:\WINDOWS\SoftwareDistribution
2006-11-17 21:18 68,752 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2006-11-17 21:18 26,928 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2006-11-17 21:17 118,784 -r------- C:\WINDOWS\bwUnin-6.3.2.62-7681197L.exe
2006-11-17 21:14 <KANSIO> d-------- C:\Program Files\F-Secure
2006-11-17 18:20 40,973 ---hs---- C:\WINDOWS\system32\awtqnkh.dll
2006-11-17 15:52 <KANSIO> d--hs---- C:\Recycled
2006-11-17 15:46 66,591 --a------ C:\WINDOWS\system32\drivers\el90xbc5.sys
2006-11-17 02:37 <KANSIO> d---s---- C:\WINDOWS\system32\Microsoft
2006-11-17 02:29 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2006-11-17 02:28 75,264 --a------ C:\WINDOWS\system32\MACDec.dll
2006-11-17 02:28 679,936 --a------ C:\WINDOWS\system32\xvidcore.dll
2006-11-17 02:28 45,568 --a------ C:\WINDOWS\system32\huffyuv.dll
2006-11-17 02:28 446,464 --a------ C:\WINDOWS\system32\vp31vfw.dll
2006-11-17 02:28 438,272 --a------ C:\WINDOWS\system32\vp6vfw.dll
2006-11-17 02:28 421,888 --a------ C:\WINDOWS\system32\OpenQuicktimeLib.dll
2006-11-17 02:28 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2006-11-17 02:28 413,760 --a------ C:\WINDOWS\system32\DivXc32f.dll
2006-11-17 02:28 413,760 --a------ C:\WINDOWS\system32\DivXc32.dll
2006-11-17 02:28 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-11-17 02:28 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2006-11-17 02:28 338,432 --a------ C:\WINDOWS\system32\ir41_qcx.dll
2006-11-17 02:28 286,720 --a------ C:\WINDOWS\system32\3ivxVfWCodec.dll
2006-11-17 02:28 245,408 --a------ C:\WINDOWS\system32\unicows.dll
2006-11-17 02:28 200,192 --a------ C:\WINDOWS\system32\Ir50_qc.dll
2006-11-17 02:28 19,968 --a------ C:\WINDOWS\system32\cpuinf32.dll
2006-11-17 02:28 183,808 --a------ C:\WINDOWS\system32\Ir50_qcx.dll
2006-11-17 02:28 155,648 --a------ C:\WINDOWS\system32\xvidvfw.dll
2006-11-17 02:28 120,320 --a------ C:\WINDOWS\system32\ir41_qc.dll
2006-11-17 02:28 1,824,768 --a------ C:\WINDOWS\system32\divx.dll
2006-11-17 02:28 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll
2006-11-17 02:28 1,024,000 --a------ C:\WINDOWS\system32\3ivx.dll
2006-11-17 02:28 <KANSIO> d-------- C:\WINDOWS\system32\QuickTime
2006-11-17 02:26 <KANSIO> d-------- C:\klm codec
2006-11-17 02:18 <KANSIO> d--hs---- C:\WINDOWS\Installer
2006-11-17 02:17 <KANSIO> dr-h----- C:\Documents and Settings\Mikko\SendTo
2006-11-17 02:17 <KANSIO> dr-h----- C:\Documents and Settings\Mikko\Recent
2006-11-17 02:17 <KANSIO> dr-h----- C:\Documents and Settings\Mikko\Application Data\.
2006-11-17 02:17 <KANSIO> dr-h----- C:\Documents and Settings\Mikko\Application Data
2006-11-17 02:17 <KANSIO> dr------- C:\Documents and Settings\Mikko\Suosikit
2006-11-17 02:17 <KANSIO> dr------- C:\Documents and Settings\Mikko\Omat tiedostot
2006-11-17 02:17 <KANSIO> dr------- C:\Documents and Settings\Mikko\K?ynnist?-valikko
2006-11-17 02:17 <KANSIO> d--h----- C:\Program Files\Uninstall Information
2006-11-17 02:17 <KANSIO> d--h----- C:\Documents and Settings\Mikko\Verkkoymp?rist?
2006-11-17 02:17 <KANSIO> d--h----- C:\Documents and Settings\Mikko\Tulostinymp?rist?
2006-11-17 02:17 <KANSIO> d--h----- C:\Documents and Settings\Mikko\Mallit
2006-11-17 02:17 <KANSIO> d--h----- C:\Documents and Settings\Mikko\Local Settings
2006-11-17 02:17 <KANSIO> d---s---- C:\Documents and Settings\Mikko\Cookies
2006-11-17 02:17 <KANSIO> d---s---- C:\Documents and Settings\Mikko\Application Data\Microsoft
2006-11-17 02:17 <KANSIO> d-------- C:\Documents and Settings\Mikko\Ty?p?yt?
2006-11-17 02:17 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\Identities
2006-11-17 02:17 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\..
2006-11-17 02:17 <KANSIO> d-------- C:\Documents and Settings\Mikko\..
2006-11-17 02:17 <KANSIO> d-------- C:\Documents and Settings\Mikko\.
2006-11-17 02:15 <KANSIO> d--hs---- C:\System Volume Information
2006-11-17 02:10 0 -rahs---- C:\MSDOS.SYS
2006-11-17 02:10 0 -rahs---- C:\IO.SYS
2006-11-17 02:10 0 --a------ C:\CONFIG.SYS
2006-11-17 02:10 0 --a------ C:\AUTOEXEC.BAT
2006-11-17 02:10 <KANSIO> d-------- C:\WINDOWS\system32\xircom
2006-11-17 02:10 <KANSIO> d-------- C:\Program Files\xerox
2006-11-17 02:10 <KANSIO> d-------- C:\Program Files\microsoft frontpage
2006-11-17 02:09 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-11-17 02:08 <KANSIO> dr------- C:\WINDOWS\Offline Web Pages
2006-11-17 02:08 <KANSIO> d--hs---- C:\Documents and Settings\All Users\DRM
2006-11-17 02:08 <KANSIO> d---s---- C:\WINDOWS\Downloaded Program Files
2006-11-17 02:07 <KANSIO> d-------- C:\WINDOWS\system32\DirectX
2006-11-17 02:06 86,016 --a------ C:\WINDOWS\system32\isign32.dll
2006-11-17 02:06 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-11-17 02:06 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-11-17 02:06 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-11-17 02:06 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-11-17 02:06 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-11-17 02:06 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-11-17 02:06 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-11-17 02:06 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-11-17 02:06 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-11-17 02:06 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-11-17 02:06 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-11-17 02:06 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-11-17 02:06 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-11-17 02:06 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-11-17 02:06 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-11-17 02:06 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-11-17 02:06 278,528 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-11-17 02:06 276,480 --a------ C:\WINDOWS\system32\mstask.dll
2006-11-17 02:06 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-11-17 02:06 240,640 --a------ C:\WINDOWS\system32\srrstr.dll
2006-11-17 02:06 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-11-17 02:06 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-11-17 02:06 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-11-17 02:06 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-11-17 02:06 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-11-17 02:06 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-11-17 02:06 <KANSIO> d---s---- C:\WINDOWS\Tasks
2006-11-17 02:06 <KANSIO> d-------- C:\WINDOWS\system32\Restore
2006-11-17 02:06 <KANSIO> d-------- C:\WINDOWS\system32\Macromed
2006-11-17 02:06 <KANSIO> d-------- C:\WINDOWS\srchasst
2006-11-17 02:06 <KANSIO> d-------- C:\WINDOWS\PCHealth
2006-11-17 02:06 <KANSIO> d-------- C:\Program Files\Outlook Express
2006-11-17 02:06 <KANSIO> d-------- C:\Program Files\NetMeeting
2006-11-17 02:06 <KANSIO> d-------- C:\Program Files\Movie Maker
2006-11-17 02:06 <KANSIO> d-------- C:\Program Files\Internet Explorer
2006-11-17 02:06 <KANSIO> d-------- C:\Program Files\Common Files\System
2006-11-17 02:06 <KANSIO> d-------- C:\Program Files\Common Files\Services
2006-11-17 02:06 <KANSIO> d-------- C:\Program Files\Common Files\MSSoap
2006-11-17 02:05 <KANSIO> d-------- C:\WINDOWS\Registration
2006-11-17 02:05 <KANSIO> d-------- C:\Program Files\ComPlus Applications
2006-11-17 02:04 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-11-17 02:04 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-11-17 02:04 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-11-17 02:04 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-11-17 02:04 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-11-17 02:04 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-11-17 02:04 186,368 --a------ C:\WINDOWS\system32\accwiz.exe
2006-11-17 02:04 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-11-17 02:04 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-11-17 02:04 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-11-17 02:04 <KANSIO> d--h----- C:\Program Files\WindowsUpdate
2006-11-17 02:04 <KANSIO> d-------- C:\Program Files\Windows Media Player
2006-11-17 02:04 <KANSIO> d-------- C:\Program Files\Online Services
2006-11-17 02:04 <KANSIO> d-------- C:\Program Files\MSN Gaming Zone
2006-11-17 02:04 <KANSIO> d-------- C:\Program Files\Messenger
2006-11-17 02:03 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2006-11-17 02:03 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-11-17 02:03 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-11-17 02:03 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-11-17 02:03 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-11-17 02:03 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-11-17 02:03 80,896 --a------ C:\WINDOWS\system32\charmap.exe
2006-11-17 02:03 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-11-17 02:03 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-11-17 02:03 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-11-17 02:03 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-11-17 02:03 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-11-17 02:03 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-11-17 02:03 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-11-17 02:03 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-11-17 02:03 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-11-17 02:03 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-11-17 02:03 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-11-17 02:03 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-11-17 02:03 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-11-17 02:03 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-11-17 02:03 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-11-17 02:03 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-11-17 02:03 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-11-17 02:03 404,992 --a------ C:\WINDOWS\system32\mstsc.exe
2006-11-17 02:03 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-11-17 02:03 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-11-17 02:03 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-11-17 02:03 39,424 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-11-17 02:03 344,064 --a------ C:\WINDOWS\system32\mspaint.exe
2006-11-17 02:03 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-11-17 02:03 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-11-17 02:03 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-11-17 02:03 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-11-17 02:03 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-11-17 02:03 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-11-17 02:03 21,504 --a------ C:\WINDOWS\system32\msg.exe
2006-11-17 02:03 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-11-17 02:03 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-11-17 02:03 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-11-17 02:03 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-11-17 02:03 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-11-17 02:03 17,408 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-11-17 02:03 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-11-17 02:03 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-11-17 02:03 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-11-17 02:03 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-11-17 02:03 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-11-17 02:03 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-11-17 02:03 15,360 --a------ C:\WINDOWS\system32\tscon.exe
2006-11-17 02:03 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-11-17 02:03 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-11-17 02:03 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-11-17 02:03 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-11-17 02:03 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-11-17 02:03 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-11-17 02:03 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-11-17 02:03 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-11-17 02:03 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-11-17 02:03 124,696 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-11-17 02:03 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-11-17 02:03 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-11-17 02:03 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-11-17 02:03 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-11-17 02:03 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-11-17 02:03 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-11-17 02:03 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-11-17 02:03 102,400 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-11-17 02:03 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-11-17 02:03 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-11-17 02:03 <KANSIO> d-------- C:\WINDOWS\system32\MsDtc
2006-11-17 02:03 <KANSIO> d-------- C:\WINDOWS\system32\Com
2006-11-17 02:03 <KANSIO> d-------- C:\Program Files\Windows NT
2006-11-17 02:03 <KANSIO> d-------- C:\Program Files\MSN
2006-11-17 01:58 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-11-17 01:58 7,552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2006-11-17 01:58 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-11-17 01:58 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-11-17 01:58 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-11-17 01:58 5,376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2006-11-17 01:58 4,992 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2006-11-17 01:58 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-11-17 01:58 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-11-17 01:58 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-11-17 01:57 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-11-17 01:57 57,216 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-11-17 01:57 33,599 --a------ C:\WINDOWS\system32\drivers\wATV04nt.sys
2006-11-17 01:57 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2006-11-17 01:57 29,311 --a------ C:\WINDOWS\system32\drivers\wATV01nt.sys
2006-11-17 01:57 23,615 --a------ C:\WINDOWS\system32\drivers\wCh7xxNT.sys
2006-11-17 01:57 19,551 --a------ C:\WINDOWS\system32\drivers\wATV02NT.sys
2006-11-17 01:57 19,455 --a------ C:\WINDOWS\system32\drivers\wVchNTxx.sys
2006-11-17 01:57 12,415 --a------ C:\WINDOWS\system32\drivers\wADV01nt.sys
2006-11-17 01:57 12,127 --a------ C:\WINDOWS\system32\drivers\wADV02NT.sys
2006-11-17 01:57 12,063 --a------ C:\WINDOWS\system32\drivers\wSiINTxx.sys
2006-11-17 01:57 11,775 --a------ C:\WINDOWS\system32\drivers\wADV05NT.sys
2006-11-17 01:56 96,256 --a------ C:\WINDOWS\system32\drivers\ac97intc.sys
2006-11-17 01:56 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2006-11-17 01:56 702,845 --a------ C:\WINDOWS\system32\i81xdnt5.dll
2006-11-17 01:56 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-11-17 01:56 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-11-17 01:56 2,944 --a------ C:\WINDOWS\system32\drivers\msmpu401.sys
2006-11-17 01:56 161,020 --a------ C:\WINDOWS\system32\drivers\i81xnt5.sys
2006-11-17 01:56 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2006-11-17 01:56 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2006-11-17 01:54 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2006-11-17 01:54 9,008 --a------ C:\WINDOWS\system\VER.DLL
2006-11-17 01:54 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-11-17 01:54 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2006-11-17 01:54 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-11-17 01:54 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-11-17 01:54 74,240 --a------ C:\WINDOWS\system32\storprop.dll
2006-11-17 01:54 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-11-17 01:54 69,856 --a------ C:\WINDOWS\system\AVICAP.DLL
2006-11-17 01:54 69,632 --a------ C:\WINDOWS\notepad.exe
2006-11-17 01:54 68,768 --a------ C:\WINDOWS\system\mmsystem.dll
2006-11-17 01:54 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-11-17 01:54 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-11-17 01:54 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-11-17 01:54 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-11-17 01:54 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-11-17 01:54 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-11-17 01:54 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-11-17 01:54 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-11-17 01:54 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-11-17 01:54 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-11-17 01:54 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-11-17 01:54 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-11-17 01:54 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-11-17 01:54 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-11-17 01:54 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-11-17 01:54 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-11-17 01:54 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-11-17 01:54 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2006-11-17 01:54 33,120 --a------ C:\WINDOWS\system\COMMDLG.DLL
2006-11-17 01:54 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-11-17 01:54 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2006-11-17 01:54 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2006-11-17 01:54 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-11-17 01:54 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-11-17 01:54 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-11-17 01:54 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2006-11-17 01:54 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-11-17 01:54 109,504 --a------ C:\WINDOWS\system\AVIFILE.DLL
2006-11-17 01:54 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2006-11-17 01:54 <KANSIO> dr------- C:\Program Files\Common Files\..
2006-11-17 01:54 <KANSIO> dr------- C:\Program Files\.
2006-11-17 01:54 <KANSIO> dr------- C:\Program Files
2006-11-17 01:54 <KANSIO> d-------- C:\Program Files\Common Files\SpeechEngines
2006-11-17 01:54 <KANSIO> d-------- C:\Program Files\Common Files\ODBC
2006-11-17 01:54 <KANSIO> d-------- C:\Program Files\Common Files\Microsoft Shared
2006-11-17 01:54 <KANSIO> d-------- C:\Program Files\Common Files\.
2006-11-17 01:54 <KANSIO> d-------- C:\Program Files\Common Files
2006-11-17 01:54 <KANSIO> d-------- C:\Program Files\..
2006-11-17 01:53 <KANSIO> dr-h----- C:\Documents and Settings\All Users\Application Data\.
2006-11-17 01:53 <KANSIO> dr-h----- C:\Documents and Settings\All Users\Application Data
2006-11-17 01:53 <KANSIO> dr------- C:\Documents and Settings\All Users\Tiedostot
2006-11-17 01:53 <KANSIO> dr------- C:\Documents and Settings\All Users\K?ynnist?-valikko
2006-11-17 01:53 <KANSIO> d--h----- C:\Documents and Settings\All Users\Mallit
2006-11-17 01:53 <KANSIO> d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2006-11-17 01:53 <KANSIO> d-------- C:\WINDOWS\system32\CatRoot2
2006-11-17 01:53 <KANSIO> d-------- C:\WINDOWS\system32\CatRoot
2006-11-17 01:53 <KANSIO> d-------- C:\Documents and Settings\All Users\Ty?p?yt?
2006-11-17 01:53 <KANSIO> d-------- C:\Documents and Settings\All Users\Suosikit
2006-11-17 01:53 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\..
2006-11-17 01:52 <KANSIO> d-------- C:\Documents and Settings\All Users\..
2006-11-17 01:52 <KANSIO> d-------- C:\Documents and Settings\All Users\.
2006-11-17 01:52 <KANSIO> d-------- C:\Documents and Settings
2006-11-17 01:46 <KANSIO> dr-hs---- C:\WINDOWS\system32\dllcache
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\WinSxS
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\twain_32
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\Temp
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\usmt
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\oobe
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\npp
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\mui
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\inetsrv
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\IME
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\icsxml
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\ias
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\export
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\3com_dmi
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\3076
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\2052
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\1054
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\1042
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\1041
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\1037
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\1035
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\1033
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\1031
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\1028
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\1025
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\security
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\Resources
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\mui
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\msapps
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\ime
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\Driver Cache
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\Debug
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\Connection Wizard
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\AppPatch
2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\addins
2006-11-17 01:45 <KANSIO> dr--s---- C:\WINDOWS\Fonts
2006-11-17 01:45 <KANSIO> dr------- C:\WINDOWS\Web
2006-11-17 01:45 <KANSIO> d--h----- C:\WINDOWS\inf
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\wins
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\wbem
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\spool
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\ShellExt
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\Setup
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\ras
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\drivers\etc
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\drivers\disdn
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\drivers\..
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\drivers\.
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\drivers
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\dhcp
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\config
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\..
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\.
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system\..
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system\.
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\repair
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\msagent
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\Media
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\java
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\Help
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\Cursors
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\Config
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\..
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\.
2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))




(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\MSMSGS.EXE\" /background"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"F-Secure Manager"="\"C:\\Program Files\\F-Secure\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\\Program Files\\F-Secure\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^WinZip Quick Pick.lnk]
"path"="C:\\Documents and Settings\\All Users\\Käynnistä-valikko\\Ohjelmat\\Käynnistys\\WinZip Quick Pick.lnk"
"backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "
"item"="WinZip Quick Pick"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"



~ ~ ~ ~ ~ ~ ~ ~ HijackThis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20061123-190502-379
O2 - BHO: (no name) - {0DCC0102-3D42-4E7F-BF94-05CD0C9DF0F5} - C:\WINDOWS\System32\pmkhh.dll (file missing)
Completion time: 06-11-23 19:18:16.54
C:\ComboFix.txt ... 06-11-23 19:18










HjT logi



Logfile of HijackThis v1.99.1
Scan saved at 19:20:22, on 23.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\system32\slserv.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
C:\hijack\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - C:\WINDOWS\system32\bprltfat.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {50DD71F9-1282-4934-8996-193079D5ED0E} - C:\WINDOWS\system32\awtsq.dll (file missing)
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
[ + lainaa]
Hujo
Suspended permanently
_ 		23. marraskuuta 2006 @ 14:51 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Tuosta sitten http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Click Start and Click Yes - it is normal to cause a blue screen of deathif it removes the Virtumundo trojan. Simply turn off your computer by holding down the power button for 10 seconds or hitting the reset button)
[ + lainaa]
Voiko tietsikka koskaan toimia?

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 23. marraskuuta 2006 @ 14:52
mikrosiru
Junior Member

1 tuotearvio
_ 		23. marraskuuta 2006 @ 14:58 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
[11/23/2006, 19:56:58] - VirtumundoBeGone v1.5 ( "C:\virtumundobegone\VirtumundoBeGone.exe" )
[11/23/2006, 19:57:08] - Detected System Information:
[11/23/2006, 19:57:08] - Windows Version: 5.1.2600, Service Pack 2
[11/23/2006, 19:57:09] - Current Username: Mikko (Admin)
[11/23/2006, 19:57:09] - Windows is in NORMAL mode.
[11/23/2006, 19:57:09] - Searching for Browser Helper Objects:
[11/23/2006, 19:57:09] - BHO 1: {013A653B-49A6-4f76-8B68-E4875EA6BA54} ()
[11/23/2006, 19:57:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/23/2006, 19:57:10] - Checking for HKLM\...\Winlogon\Notify\bprltfat
[11/23/2006, 19:57:10] - Key not found: HKLM\...\Winlogon\Notify\bprltfat, continuing.
[11/23/2006, 19:57:10] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[11/23/2006, 19:57:10] - BHO 3: {50DD71F9-1282-4934-8996-193079D5ED0E} ()
[11/23/2006, 19:57:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/23/2006, 19:57:11] - Checking for HKLM\...\Winlogon\Notify\awtsq
[11/23/2006, 19:57:11] - Key not found: HKLM\...\Winlogon\Notify\awtsq, continuing.
[11/23/2006, 19:57:11] - Finished Searching Browser Helper Objects
[11/23/2006, 19:57:12] - Finishing up...
[11/23/2006, 19:57:12] - Nothing found! Exiting...
[ + lainaa]
Hujo
Suspended permanently
_ 		23. marraskuuta 2006 @ 15:05 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Scannaa ja fixsaa

O2 - BHO: (no name) - {50DD71F9-1282-4934-8996-193079D5ED0E} - C:\WINDOWS\system32\awtsq.dll (file missing)
[ + lainaa]
Voiko tietsikka koskaan toimia?
mikrosiru
Junior Member

1 tuotearvio
_ 		23. marraskuuta 2006 @ 15:06 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
millä ohjelmalla?
[ + lainaa]
mikrosiru
Junior Member

1 tuotearvio
_ 		23. marraskuuta 2006 @ 15:09 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Logfile of HijackThis v1.99.1
Scan saved at 20:08:50, on 23.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\system32\slserv.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
C:\WINDOWS\explorer.exe
C:\hijack\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - C:\WINDOWS\system32\bprltfat.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
[ + lainaa]
mikrosiru
Junior Member

1 tuotearvio
_ 		23. marraskuuta 2006 @ 15:18 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
pitäskös nyt olla täysin kondiksessa?
[ + lainaa]
-kemisti-
AfterDawn Addict
_ 		23. marraskuuta 2006 @ 15:27 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Tuo fixiin:

O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - C:\WINDOWS\system32\bprltfat.dll

Poista jos löytyy:

C:\WINDOWS\system32\bprltfat.dll

Käynnistä uudelleen ja lähetä uusi HjT-loki.
[ + lainaa]
Ei HjT-lokeja tms. yksityisviestillä!
mikrosiru
Junior Member

1 tuotearvio
_ 		25. marraskuuta 2006 @ 15:20 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Logfile of HijackThis v1.99.1
Scan saved at 20:19:25, on 25.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\system32\slserv.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijack\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
[ + lainaa]
mikrosiru
Junior Member

1 tuotearvio
_ 		7. joulukuuta 2006 @ 15:11 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
kiitoksia paljon neuvoista niistä oli todella paljon apua.
[ + lainaa]
Mainos
_ 		__
 
_
Hujo
Suspended permanently
_ 		7. joulukuuta 2006 @ 15:20 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Loki on puhas mun silmään.
[ + lainaa]
Voiko tietsikka koskaan toimia?
Viestiketju on suljettu. Uusien viestien lähettäminen ei ole mahdollista.
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > konejumittaa prosessorin käyttö 100%
 

Apua ongelmiin: AfterDawnin keskustelualueet | AfterDawnin Vastaukset
Uutiset: IT-alan uutiset | Uutisia puhelimista
Musiikkia: MP3Lizard.com
Tuotearviot: Laitevertailu | Vertaa puhelimia | Vertaa kännykkäliittymiä
Pelit: Pelitiedostot, pelidemot ja trailerit
Ohjelmat: download.fi | AfterDawnin ohjelma-alueet
International: AfterDawn in English | Software downloads | Free, legal MP3s | AfterDawn på svenska
RSS -syötteet: AfterDawnin uutiset | Uusimmat ohjelmapäivitykset | Keskustelualueiden viestit
Tietoja: Tietoa AfterDawn Oy:stä | Mainosta sivuillamme | Sivuston käyttöehdot ja tietoja yksityisyydensuojasta
Ota yhteyttä: Lähetä palautetta | Ota yhteyttä mainosmyyntiimme
 
  © 1999-2025 AfterDawn Oy