|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Pelit ja ohjelmat jumittaa
|
|
|
Pistooli
Junior Member
|
20. elokuuta 2008 @ 16:31 |
Linkki tähän viestiin
|
elikkä pelit jumittaa ku alan pelaan eikä mene enään työpöydäle ja myös jotku ohjelmat tekee saman homman myös vaikeuksia ladata netistä jotain ku tulee aina virhe.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:26:49, on 20.8.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Xfire\xfiremusic.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://help.live.com/help.aspx?project=W...ery=25607008ilw
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Xfire Music] "C:\Program Files\Xfire\xfiremusic.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs:
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
--
End of file - 6807 bytes
|
|
Hujo
Suspended permanently
|
20. elokuuta 2008 @ 17:33 |
Linkki tähän viestiin
|
Poista lisää poista sovelutuksesta
Spybot - Search & Destroy
Poista kansio vikasiedossa
C:\Program Files\Spybot - Search & Destroy
scannaa hjt:llä merkkaa paina Fix checked
O20 - AppInit_DLLs:
===============
Javan päivitys ja välimuistin tyhjennys:
Lataa JavaRa ja pura se työpöydällesi.
***Sulje kaikki päällä olevat Internet Explorerin ikkunat ennen jatkamista!***
* Tuplaklikkaa JavaRa.exeä käynnistääksesi ohjelma.
* Valitse English pudotusvalikosta valitaksesi kieleksi englannin ja klikkaa Select.
* Klikkaa Remove Older Versions poistaaksesi vanhat Java-versiot koneeltasi.
* Klikkaa Yes kun pyydetään. Kun JavaRa on valmis, se ilmoittaa, että lokitiedosto on luotu. Klikkaa OK.
* Lokitiedosto avautuu. Lähetä sen sisältö seuraavassa viestissäsi.
4. Asenna uusin Java päivitys seuraavasta linkistä..
[color=blue]http://java.sun.com/javase/downloads/index.jsp[/color]
Rullaa alas kohteeseen Java Runtime Environment (JRE) 6 Update 7
Paina Download
Laita Platform -kohtaan Windows
Ruksaa I agree to the Java SE Runtime Environment 6 License Agreement ja paina Continue
Paina Windows Offline Installationin alapuolella jre-6u4-windows-i586-p.exe
Tallenna tiedosto vaikka työpöydälle ja asenna se.
5. Käynnistä kone uudelleen asennuksen jälkeen.
6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).
7. General-välilehdellä klikkaa Settings. Vedä liukusäädintä (Disk Space) pienemmälle.
(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).
8. Klikkaa Delete Files -nappia. Varmista että kaikki kaksi valintaa ovat rastitettuja:
* Applications and Applets
* Trace and Log Files
Ja paina OK -nappia
Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA.
9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.
10. Välilehti Update: ota ruksi pois kohdasta Check for Updates automatically
Valitse Never check[b]
11. Klikkaa [b]Apply ja OK jättääksesi Java asetusikkunasi.
===========
Lataa Malwarebytes' Anti-Malware työpöydällesi.
1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.
===============
Lataa Tästä Ccleaner
CCleaner v2.05.555- Standard Build, ÄLÄ aseenna Yahoo toolbaria!
Asennuksessa poista merkki/rasti kohdasta "asenna Yahoo! toolbar/työkalupalkki".
Asennuksen jälkeen aukaise CCleaner.
Valitse vasemmalta pystyrivistä Options.
Valitse viereisestä pystyrivistä Settings.
Language kohtaan valitse Suomi.
Puhdistaja
Valitse vasemmalta pystyrivistä Puhdistaja.
Paina alhaalta Tutki.
Nyt CCleaner tutkii, mitä voidaan poistaa (tempit, cookiessit jne.).
Kun tutkiminen on valmis, paina Aja CCleaner.
Nyt CCleaner poistaa löydetyt tempit, cookiessit jne.
Rekisterin virheiden korjaus
Valitse vasemmalta pystyrivistä Rekisteri.
Paina alhaalta Etsi rekisterin virheitä.
Kun etsintä on valmis ja olet varma, että haluat korjata ne rivit jotka ovat merkattuja, niin paina Korjaa valitut rekisterin virheet.
Sinulta kysytään "haluatko varmuuskopioida muutokset rekisteriin", paina Kyllä. Tallenna varmuuskopio vaikka "Omat tiedostot" -kansioon.
Klikkaa uudesta aukeavasta ikkunasta Korjaa kaikki valitut virheet.
Saat vielä varmistus kysymyksen, paina Ok.
Kun virheet on korjattu, paina Sulje.
Nyt voit sulkea CCleanerin painamalla oikealta ylhäältä punaista rastia.
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 20. elokuuta 2008 @ 17:34
|
|
Pistooli
Junior Member
|
20. elokuuta 2008 @ 18:54 |
Linkki tähän viestiin
|
|
JavaRa 1.11 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Fri Aug 15 08:15:53 2008
Found and removed: C:\Windows\System32\jpicpl32.cpl
Found and removed: Software\JavaSoft\Java2D\1.5.0
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510000
Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510000
Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510000
Found and removed: SOFTWARE\Classes\JavaPlugin.150
Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0
Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510000
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510000
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150000}
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zip
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01
------------------------------------
Finished reporting.
JavaRa 1.11 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Fri Aug 15 08:16:48 2008
------------------------------------
Finished reporting.
JavaRa 1.10 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Fri Aug 15 08:17:24 2008
------------------------------------
Finished reporting.
JavaRa 1.11 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Wed Aug 20 17:41:32 2008
Found and removed: C:\Program Files\Java\jre1.5.0
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}
------------------------------------
Finished reporting.
Malwarebytes' Anti-Malware 1.25
Tietokantaversio: 1062
Windows 5.1.2600 Service Pack 3
14:26:10 18.8.2008
mbam-log-08-18-2008 (14-26-10).txt
Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 76924
Kulunut aika: 45 minute(s), 9 second(s)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0
Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)
Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)
Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)
Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)
ja vanha malware loki
Malwarebytes' Anti-Malware 1.24
Tietokantaversio: 1054
Windows 5.1.2600 Service Pack 3
8:06:42 15.8.2008
mbam-log-8-15-2008 (08-06-42).txt
Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 92510
Kulunut aika: 56 minute(s), 1 second(s)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 6
Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)
Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)
Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)
Saastuneita tiedostoja:
C:\Documents and Settings\LocalService\Cookies\bumo.reg (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\LocalService\Cookies\jababug.inf (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\LocalService\Cookies\uwux.exe (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\LocalService\Cookies\jiceji._sy (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\LocalService\Cookies\esycire._dl (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\LocalService\Cookies\syssp.exe (Fake.Dropped.Malware) -> Delete on reboot.
|
|
Pistooli
Junior Member
|
20. elokuuta 2008 @ 19:19 |
Linkki tähän viestiin
|
|
ja tää kone yrittää käynnistää kahta xfireä vaikka mulla on yksi.
|
|
Hujo
Suspended permanently
|
21. elokuuta 2008 @ 00:57 |
Linkki tähän viestiin
|
|
scannaa uusi hjt:n loki
Voiko tietsikka koskaan toimia?
|
|
Pistooli
Junior Member
|
21. elokuuta 2008 @ 11:52 |
Linkki tähän viestiin
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:52:03, on 21.8.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://help.live.com/help.aspx?project=W...ery=25607008ilw
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Xfire Music] "C:\Program Files\Xfire\xfiremusic.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
--
End of file - 5854 bytes
|
|
Hujo
Suspended permanently
|
22. elokuuta 2008 @ 11:02 |
Linkki tähän viestiin
|
Poista lisää poista sovelutuksesta
AVG Anti-Spyware 7.5
Poista kansio lisää poista sovelutuksesta
C:\Program Files\Grisoft
==========
Mites kone toimii
Voiko tietsikka koskaan toimia?
|
|
Pistooli
Junior Member
|
22. elokuuta 2008 @ 15:56 |
Linkki tähän viestiin
|
|
Ihan hyvin mutta vielä yrittää käynnistää xfireä kahta kertaa ja prosessit heittelee.
|
|
Hujo
Suspended permanently
|
22. elokuuta 2008 @ 16:12 |
Linkki tähän viestiin
|
|
scannaaa uusi hjt:n loki
Voiko tietsikka koskaan toimia?
|
|
Pistooli
Junior Member
|
22. elokuuta 2008 @ 16:47 |
Linkki tähän viestiin
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:46:42, on 22.8.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://help.live.com/help.aspx?project=W...ery=25607008ilw
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Xfire Music] "C:\Program Files\Xfire\xfiremusic.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
--
End of file - 5648 bytes
|
|
Hujo
Suspended permanently
|
22. elokuuta 2008 @ 17:18 |
Linkki tähän viestiin
|
Scannaa hjt:llä merkkaa paina Fix checked
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
Voiko tietsikka koskaan toimia?
|
|
Pistooli
Junior Member
|
22. elokuuta 2008 @ 18:04 |
Linkki tähän viestiin
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:54:22, on 22.8.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://help.live.com/help.aspx?project=W...ery=25607008ilw
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Xfire Music] "C:\Program Files\Xfire\xfiremusic.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
--
End of file - 5536 bytes
Ja nyt toimii kone niinku pitää kiitos avusta.
|
|
Pistooli
Junior Member
|
23. elokuuta 2008 @ 10:50 |
Linkki tähän viestiin
|
|
Nyt tuli yksi kysymys joku svchost.exe yrittää päästä nettiin ip 78.109.18.210 mutta en ole hyväksyny vielä
|
|
Pistooli
Junior Member
|
23. elokuuta 2008 @ 12:23 |
Linkki tähän viestiin
|
ja tätä ennen ku palomuuri kysy että hyväksytäänkö kaatu heti kysymyksen jälkeen palomuurit mutta sain ne takas edeleen en ole hyväksyny tota.
|
|
Hujo
Suspended permanently
|
23. elokuuta 2008 @ 12:31 |
Linkki tähän viestiin
|
Lataa fixwareout.exe täältä > FixWareout.exe
tai täältä >
FixWareout.exe
ja tallenna se työpöydälle. Tuplaklikkaa sitä ja seuraa ohjeita. Klikkaa Next, sitten Install ja varmistu, että "Run fixit" on valittu. Sinun pitää käynnistää kone uudelleen, kun niin käsketään.
Lähetä uusi HjT-loki ja c:\fixwareout\report.txt sisältö
Voiko tietsikka koskaan toimia?
|
|
Pistooli
Junior Member
|
23. elokuuta 2008 @ 12:41 |
Linkki tähän viestiin
|
Username "Omistaja" - 23.08.2008 12:35:08 [Fixwareout edited 9/01/2007]
~~~~~ Prerun check
DNS-tulkintatoiminnon välimuistin tyhjentäminen onnistui.
System was rebooted successfully.
~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"SoundMan"="SOUNDMAN.EXE"
"AtiPTA"="atiptaxx.exe"
"Logitech Utility"="Logi_MwX.Exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\""
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Steam"="\"c:\\program files\\steam\\steam.exe\" -silent"
"MsnMsgr"="\"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe\" /background"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"SVCHOST.EXE"="C:\\WINDOWS\\system32\\drivers\\svchost.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40:57, on 23.8.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://help.live.com/help.aspx?project=W...ery=25607008ilw
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
--
End of file - 6112 bytes
|
|
Pistooli
Junior Member
|
23. elokuuta 2008 @ 12:48 |
Linkki tähän viestiin
|
|
tota ei ollu ennen muissa hijack this noteissa outoa
|
|
Hujo
Suspended permanently
|
23. elokuuta 2008 @ 12:50 |
Linkki tähän viestiin
|
1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
============
Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.
Käynnistä koneesi vikasietotilaan:
sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä
Jossakin koneissa hakataan F8:sin sijasta F5:tä
" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.
Voiko tietsikka koskaan toimia?
|
|
Pistooli
Junior Member
|
23. elokuuta 2008 @ 13:12 |
Linkki tähän viestiin
|
ComboFix 08-08-21.02 - Omistaja 2008-08-23 12:54:08.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.615 [GMT 3:00]
Running from: C:\Documents and Settings\Omistaja\Työpöytä\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\svchost.exe
.
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-07-23 to 2008-08-23 )))))))))))))))))
.
2008-08-23 12:34 . 2008-08-23 12:38 <KANSIO> d-------- C:\fixwareout
2008-08-20 18:45 . 2008-08-20 18:45 <KANSIO> d-------- C:\Program Files\CCleaner
2008-08-20 18:13 . 2008-08-20 18:13 <KANSIO> d-------- C:\Program Files\Sun
2008-08-20 07:31 . 2007-03-08 08:10 1,011,712 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-08-20 07:31 . 2008-06-23 19:29 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-20 07:31 . 2008-06-23 19:29 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-20 07:31 . 2008-06-23 19:29 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-20 07:31 . 2008-06-23 12:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-20 07:30 . 2008-06-23 19:29 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-20 07:30 . 2007-04-17 12:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-08-20 07:30 . 2008-06-23 19:29 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-20 07:30 . 2008-06-23 19:29 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-20 02:03 . 2008-08-20 18:31 <KANSIO> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-20 02:03 . 2008-08-20 17:36 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-19 20:21 . 2008-08-19 20:21 <KANSIO> d-------- C:\wally
2008-08-19 18:56 . 2008-08-19 18:56 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Windows Search
2008-08-19 14:39 . 2008-08-19 14:39 <KANSIO> d-------- C:\Program Files\Microsoft Silverlight
2008-08-19 14:38 . 2008-08-19 14:38 <KANSIO> d-------- C:\WINDOWS\system32\GroupPolicy
2008-08-19 14:38 . 2008-08-19 14:38 <KANSIO> d-------- C:\Program Files\Windows Desktop Search
2008-08-19 14:38 . 2008-08-19 14:38 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Windows Desktop Search
2008-08-19 14:37 . 2008-03-07 20:02 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-08-19 14:37 . 2008-03-07 20:02 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-08-19 14:37 . 2008-03-07 20:02 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-08-19 14:28 . 2008-07-22 17:52 1,214,526 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-08-19 14:28 . 2008-07-22 17:52 790,846 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-08-19 14:28 . 2008-07-22 17:52 9,696 -----c--- C:\WINDOWS\system32\dllcache\drvmain.sdb
2008-08-18 22:46 . 2008-08-18 22:46 <KANSIO> d-------- C:\Program Files\uTorrent
2008-08-18 22:46 . 2008-08-20 20:17 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\uTorrent
2008-08-18 14:27 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-08-18 14:27 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-08-18 14:27 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-08-18 14:27 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-08-18 14:27 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-08-18 14:27 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-08-18 14:26 . 2008-08-18 14:26 <KANSIO> d-------- C:\Program Files\Sygate
2008-08-18 14:26 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-08-17 13:06 . 2008-08-17 13:06 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-08-17 09:23 . 2008-08-17 10:32 <KANSIO> d-------- C:\Program Files\Quake III Arena
2008-08-16 20:59 . 2008-08-16 16:15 138,181 --a------ C:\WINDOWS\_detmp.1
2008-08-16 15:50 . 1999-10-09 17:30 305,152 --a------ C:\WINDOWS\IsUninst.exe
2008-08-16 15:50 . 2008-08-17 10:32 606 --a------ C:\WINDOWS\QIII.INI
2008-08-16 15:48 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-08-16 15:45 . 2008-08-16 15:52 <KANSIO> d-------- C:\Program Files\DAEMON Tools
2008-08-16 15:42 . 2008-08-16 15:42 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-08-16 15:32 . 2008-08-17 10:39 <KANSIO> d-------- C:\Program Files\COMODO
2008-08-16 12:37 . 2008-08-23 00:05 <KANSIO> d-------- C:\Program Files\Google
2008-08-15 08:22 . 2008-08-15 08:22 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-08-15 08:22 . 2008-08-15 08:22 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-15 07:39 . 2008-08-15 07:39 <KANSIO> dr------- C:\Documents and Settings\NetworkService\Suosikit
2008-08-15 06:47 . 2008-08-18 13:19 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-15 06:47 . 2008-08-15 06:47 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Malwarebytes
2008-08-15 06:47 . 2008-08-15 06:47 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-15 06:47 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-15 06:47 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-14 08:14 . 2008-05-01 17:35 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-14 08:10 . 2008-04-11 22:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-12 14:28 . 2008-08-12 14:28 <KANSIO> d-------- C:\Program Files\Xfire Plus
2008-08-12 14:23 . 2008-08-23 00:35 <KANSIO> d-------- C:\Program Files\Xfire
2008-08-12 14:23 . 2008-08-23 12:48 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Xfire
2008-08-12 07:22 . 2008-06-24 13:45 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-08-12 07:22 . 2008-06-23 17:36 773,120 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB
2008-08-12 07:20 . 2008-08-12 07:20 0 --a------ C:\WINDOWS\Irremote.ini
2008-08-11 07:45 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-08-11 07:45 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-08-11 07:45 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2008-08-11 07:45 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2008-08-11 07:45 . 2007-03-05 12:42 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2008-08-11 07:41 . 2008-08-11 07:45 <KANSIO> d--h----- C:\WINDOWS\msdownld.tmp
2008-08-11 07:41 . 2008-08-11 07:41 <KANSIO> d-------- C:\WINDOWS\Logs
2008-08-09 21:15 . 2008-08-20 23:28 <KANSIO> d-------- C:\Program Files\SpeedFan
2008-08-09 21:15 . 2008-08-20 23:27 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-08-09 19:22 . 2008-08-15 08:23 <KANSIO> d-------- C:\Program Files\a-squared Free
2008-08-09 18:22 . 2000-05-21 22:00 1,066,176 --a------ C:\WINDOWS\system32\mscomctl.ocx
2008-08-09 18:22 . 1998-06-17 00:00 929,844 --a------ C:\WINDOWS\system32\MFC42D.DLL
2008-08-09 18:22 . 1998-06-17 00:00 798,773 --a------ C:\WINDOWS\system32\MFCO42D.DLL
2008-08-09 18:22 . 2000-05-21 23:00 647,872 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-08-09 18:22 . 2000-07-15 00:00 434,252 --a------ C:\WINDOWS\system32\MSVCRTD.DLL
2008-08-09 18:22 . 1999-05-06 16:00 140,288 --a------ C:\WINDOWS\system32\comdlg32.ocx
2008-08-09 18:22 . 1998-06-24 00:00 115,016 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-08-09 18:22 . 2000-05-21 22:00 83,144 --a------ C:\WINDOWS\system32\picclp32.ocx
2008-08-09 18:22 . 2001-04-26 16:12 57,399 --a------ C:\WINDOWS\system32\Registry.ocx
2008-08-09 16:08 . 2008-08-11 15:43 <KANSIO> d-------- C:\Program Files\Ray Adams
2008-08-08 20:45 . 2008-08-08 20:45 <KANSIO> d-------- C:\Documents and Settings\NetworkService\Omat tiedostot
2008-08-07 20:12 . 2008-08-07 20:12 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Xfire Plus
2008-08-07 18:43 . 2008-08-07 18:43 <KANSIO> d-------- C:\Program Files\Belarc
2008-08-07 18:43 . 2008-02-27 13:49 3,840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-08-07 16:20 . 2008-08-22 18:07 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-08-07 01:03 . 2008-08-07 01:03 <KANSIO> d-------- C:\Program Files\Paint.NET
2008-08-07 00:58 . 2008-08-07 00:58 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Blender Foundation
2008-08-07 00:57 . 2008-08-07 00:57 <KANSIO> d-------- C:\Program Files\Blender Foundation
2008-08-06 03:25 . 2008-08-06 03:25 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-08-05 21:21 . 2008-08-05 21:24 <KANSIO> d-------- C:\WINDOWS\ServicePackFiles
2008-08-03 04:16 . 2008-08-03 04:16 <KANSIO> d-------- C:\Program Files\Combined Community Codec Pack
2008-08-03 04:08 . 2008-08-03 04:09 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Media Player Classic
2008-07-31 20:55 . 2008-08-11 18:01 <KANSIO> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-30 23:14 . 2008-07-30 23:14 <KANSIO> d-------- C:\Program Files\Common Files\INCA Shared
2008-07-30 23:12 . 2003-07-20 21:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-07-30 23:12 . 2005-01-04 12:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-07-30 22:54 . 2008-07-30 22:54 <KANSIO> d-------- C:\WINDOWS\ROSE Online Evolution
2008-07-30 22:54 . 2008-07-30 22:54 <KANSIO> d-------- C:\Program Files\Triggersoft
2008-07-30 21:08 . 2008-07-30 21:08 <KANSIO> d-------- C:\Program Files\CAPCOM
2008-07-30 13:57 . 2008-07-30 13:57 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-07-30 11:56 . 2008-08-20 14:16 <KANSIO> d-------- C:\WINDOWS\system32\fi-fi
2008-07-30 11:56 . 2008-08-05 21:23 <KANSIO> d-------- C:\WINDOWS\system32\fi
2008-07-30 11:56 . 2008-08-05 21:23 <KANSIO> d-------- C:\WINDOWS\system32\bits
2008-07-30 11:56 . 2008-08-05 21:23 <KANSIO> d-------- C:\WINDOWS\l2schemas
2008-07-30 11:45 . 2008-04-13 21:53 264,832 --a------ C:\WINDOWS\system32\drivers\http.sys
2008-07-30 11:45 . 2008-04-13 19:36 144,384 --------- C:\WINDOWS\system32\drivers\hdaudbus.sys
2008-07-30 11:45 . 2008-04-13 21:36 79,232 --a------ C:\WINDOWS\system32\drivers\sdbus.sys
2008-07-30 11:45 . 2008-04-14 18:37 41,728 --a------ C:\WINDOWS\system32\drivers\amdk7.sys
2008-07-30 11:45 . 2008-04-14 18:45 40,320 --a------ C:\WINDOWS\system32\drivers\intelppm.sys
2008-07-30 11:45 . 2008-04-13 21:45 30,208 --a------ C:\WINDOWS\system32\drivers\usbehci.sys
2008-07-30 11:45 . 2008-04-13 21:36 15,488 --a------ C:\WINDOWS\system32\drivers\mssmbios.sys
2008-07-30 11:45 . 2008-04-13 21:56 12,288 --a------ C:\WINDOWS\system32\drivers\tunmp.sys
2008-07-30 11:45 . 2008-04-13 21:40 11,904 --a------ C:\WINDOWS\system32\drivers\sffdisk.sys
2008-07-30 11:45 . 2008-04-13 21:40 11,008 --a------ C:\WINDOWS\system32\drivers\sffp_sd.sys
2008-07-30 11:44 . 2008-04-14 19:11 409,088 --a------ C:\WINDOWS\system32\qmgr.dll
2008-07-30 11:44 . 2008-06-14 20:34 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-07-30 11:44 . 2008-04-13 21:32 129,792 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2008-07-30 11:44 . 2008-04-13 21:53 36,608 --a------ C:\WINDOWS\system32\drivers\ip6fw.sys
2008-07-30 11:42 . 2008-08-05 21:14 <KANSIO> d-------- C:\WINDOWS\EHome
2008-07-30 11:42 . 2008-04-14 18:49 2,191,360 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-07-30 11:42 . 2008-04-14 18:49 2,068,224 --a------ C:\WINDOWS\system32\ntkrnlpa.exe
2008-07-30 11:42 . 2008-04-13 22:17 83,072 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2008-07-30 11:42 . 2008-04-13 21:44 81,664 --a------ C:\WINDOWS\system32\drivers\videoprt.sys
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-20 15:12 --------- d-----w C:\Program Files\Java
2008-07-23 09:13 --------- d-----w C:\Program Files\Common Files\DirectX
2008-07-23 07:39 472,576 ----a-w C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe
2008-07-23 06:51 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-23 06:51 --------- d-----w C:\Program Files\Common Files\Java
.
((((((((((((((((((((((((((((( snapshot@2008-08-15_ 7.05.51.84 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-19 11:30:07 311,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt.resources\2.0.0.0_fi_b03f5f7f11d50a3a\aspnetmmcext.resources.dll
+ 2008-08-19 11:30:15 53,248 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine.resources\2.0.0.0_fi_b03f5f7f11d50a3a\Microsoft.Build.Engine.resources.dll
+ 2008-08-19 11:30:16 135,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks.resources\2.0.0.0_fi_b03f5f7f11d50a3a\Microsoft.Build.Tasks.resources.dll
+ 2008-08-19 11:30:17 9,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities.resources\2.0.0.0_fi_b03f5f7f11d50a3a\Microsoft.Build.Utilities.Resources.dll
+ 2008-08-19 11:30:11 45,056 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Jscript.resources\8.0.0.0_fi_b03f5f7f11d50a3a\Microsoft.JScript.resources.dll
+ 2008-08-19 11:30:37 8,704 ----a-w C:\WINDOWS\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.data.resources\8.0.0.0_fi_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.resources.dll
+ 2008-08-19 11:30:36 9,216 ----a-w C:\WINDOWS\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.resources\8.0.0.0_fi_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.resources.dll
+ 2008-08-19 11:30:35 57,344 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_fi_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
+ 2008-08-19 11:30:18 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fi_b77a5c561934e089\mscorlib.resources.dll
+ 2008-08-19 11:30:28 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl.resources\2.0.0.0_fi_b03f5f7f11d50a3a\sysglobl.resources.dll
+ 2008-08-19 11:30:19 16,896 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install.resources\2.0.0.0_fi_b03f5f7f11d50a3a\System.Configuration.Install.resources.dll
+ 2008-08-19 11:30:29 45,056 ----a-w C:\WINDOWS\assembly\GAC_MSIL\system.configuration.resources\2.0.0.0_fi_b03f5f7f11d50a3a\System.Configuration.resources.dll
+ 2008-08-19 11:30:20 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.OracleClient.resources\2.0.0.0_fi_b77a5c561934e089\System.Data.OracleClient.resources.dll
+ 2008-08-19 11:30:30 323,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_fi_b77a5c561934e089\System.Data.resources.dll
+ 2008-08-19 11:30:20 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml.resources\2.0.0.0_fi_b77a5c561934e089\system.data.sqlxml.resources.dll
+ 2008-08-19 11:30:10 376,832 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_fi_b03f5f7f11d50a3a\System.Deployment.resources.dll
+ 2008-08-19 11:30:30 524,288 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design.resources\2.0.0.0_fi_b03f5f7f11d50a3a\System.Design.resources.dll
+ 2008-08-19 11:30:13 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols.resources\2.0.0.0_fi_b03f5f7f11d50a3a\System.DirectoryServices.Protocols.resources.dll
+ 2008-08-19 11:30:12 40,960 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.resources\2.0.0.0_fi_b03f5f7f11d50a3a\System.DirectoryServices.resources.dll
+ 2008-08-19 11:30:21 6,144 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design.resources\2.0.0.0_fi_b03f5f7f11d50a3a\System.Drawing.Design.resources.dll
+ 2008-08-19 11:30:32 24,576 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_fi_b03f5f7f11d50a3a\System.Drawing.resources.dll
+ 2008-08-19 11:30:22 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.EnterpriseServices.resources\2.0.0.0_fi_b03f5f7f11d50a3a\System.EnterpriseServices.resources.dll
+ 2008-08-19 11:30:23 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\system.management.resources\2.0.0.0_fi_b03f5f7f11d50a3a\System.Management.resources.dll
+ 2008-08-19 11:30:32 57,344 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging.resources\2.0.0.0_fi_b03f5f7f11d50a3a\System.Messaging.resources.dll
+ 2008-08-19 11:30:33 200,704 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.resources\2.0.0.0_fi_b77a5c561934e089\system.resources.dll
+ 2008-08-19 11:30:23 19,968 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_fi_b77a5c561934e089\System.Runtime.Remoting.resources.dll
+ 2008-08-19 11:30:25 11,264 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_fi_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
+ 2008-08-19 11:30:11 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security.resources\2.0.0.0_fi_b03f5f7f11d50a3a\System.Security.resources.dll
+ 2008-08-19 11:30:25 40,960 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_fi_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
+ 2008-08-19 11:30:26 15,872 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Transactions.resources\2.0.0.0_fi_b77a5c561934e089\System.Transactions.resources.dll
+ 2008-08-19 11:30:34 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile.resources\2.0.0.0_fi_b03f5f7f11d50a3a\System.Web.Mobile.resources.dll
+ 2008-08-19 11:30:13 577,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.resources\2.0.0.0_fi_b03f5f7f11d50a3a\System.Web.resources.dll
+ 2008-08-19 11:30:14 77,824 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services.resources\2.0.0.0_fi_b03f5f7f11d50a3a\System.Web.Services.resources.dll
+ 2008-08-19 11:30:27 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_fi_b77a5c561934e089\System.Windows.Forms.resources.dll
+ 2008-08-19 11:30:15 155,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.XML.resources\2.0.0.0_fi_b77a5c561934e089\System.xml.resources.dll
+ 2008-04-14 16:11:30 61,440 -c----w C:\WINDOWS\ie7\admparse.dll
+ 2008-04-14 16:11:31 100,864 -c----w C:\WINDOWS\ie7\advpack.dll
+ 2004-12-21 09:14:24 28,672 -c----w C:\WINDOWS\ie7\custsat.dll
+ 2008-04-14 16:11:34 357,888 -c----w C:\WINDOWS\ie7\dxtmsft.dll
+ 2008-04-14 16:11:34 205,312 -c----w C:\WINDOWS\ie7\dxtrans.dll
+ 2008-04-14 16:11:34 55,808 -c----w C:\WINDOWS\ie7\extmgr.dll
+ 2008-04-14 16:11:35 38,912 -c----w C:\WINDOWS\ie7\hmmapi.dll
+ 2008-04-14 16:12:14 34,304 -c----w C:\WINDOWS\ie7\ie4uinit.exe
+ 2008-04-14 16:11:36 143,360 -c----w C:\WINDOWS\ie7\ieakeng.dll
+ 2008-04-14 16:11:36 218,112 -c----w C:\WINDOWS\ie7\ieaksie.dll
+ 2004-09-15 12:00:00 225,280 -c----w C:\WINDOWS\ie7\ieakui.dll
+ 2008-04-14 16:11:36 323,584 -c----w C:\WINDOWS\ie7\iedkcs32.dll
+ 2008-04-14 16:12:15 18,432 -c----w C:\WINDOWS\ie7\iedw.exe
+ 2008-04-14 16:11:36 251,392 -c----w C:\WINDOWS\ie7\iepeers.dll
+ 2008-04-14 16:11:36 48,640 -c----w C:\WINDOWS\ie7\iernonce.dll
+ 2008-04-14 16:11:36 62,976 -c----w C:\WINDOWS\ie7\iesetup.dll
+ 2008-04-14 16:12:15 93,184 -c----w C:\WINDOWS\ie7\iexplore.exe
+ 2008-04-14 16:11:36 35,840 -c----w C:\WINDOWS\ie7\imgutil.dll
+ 2008-04-14 16:11:36 96,256 -c----w C:\WINDOWS\ie7\inseng.dll
+ 2008-04-14 16:11:37 15,872 -c----w C:\WINDOWS\ie7\jsproxy.dll
+ 2008-04-14 16:11:38 22,016 -c----w C:\WINDOWS\ie7\licmgr10.dll
+ 2008-04-14 16:12:19 29,184 -c----w C:\WINDOWS\ie7\mshta.exe
+ 2008-06-23 15:10:15 3,088,384 -c----w C:\WINDOWS\ie7\mshtml.dll
+ 2008-04-14 16:11:39 449,024 -c----w C:\WINDOWS\ie7\mshtmled.dll
+ 2008-04-14 15:39:01 57,344 -c----w C:\WINDOWS\ie7\mshtmler.dll
+ 2004-09-15 12:00:00 146,432 -c----w C:\WINDOWS\ie7\msls31.dll
+ 2008-04-14 16:11:42 146,432 -c----w C:\WINDOWS\ie7\msrating.dll
+ 2008-04-14 16:11:42 532,480 -c----w C:\WINDOWS\ie7\mstime.dll
+ 2008-04-14 16:11:45 96,768 -c----w C:\WINDOWS\ie7\occache.dll
+ 2008-04-14 16:11:45 39,424 -c----w C:\WINDOWS\ie7\pngfilt.dll
+ 2007-10-04 06:51:52 33,472 -c----w C:\WINDOWS\ie7\spuninst\iecustom.dll
+ 2007-10-04 06:49:32 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 14:43:26 214,752 -c----w C:\WINDOWS\ie7\spuninst\spuninst.exe
+ 2006-09-06 14:43:26 380,640 -c----w C:\WINDOWS\ie7\spuninst\updspapi.dll
+ 2008-04-14 16:11:55 37,888 -c----w C:\WINDOWS\ie7\url.dll
+ 2008-06-26 08:14:07 619,008 -c----w C:\WINDOWS\ie7\urlmon.dll
+ 2008-04-14 16:11:56 278,016 -c----w C:\WINDOWS\ie7\webcheck.dll
+ 2008-04-14 16:11:55 851,968 -c----w C:\WINDOWS\ie7\vgx.dll
+ 2008-06-23 15:10:15 666,112 -c----w C:\WINDOWS\ie7\wininet.dll
+ 2007-08-13 15:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\advpack.dll
+ 2007-08-13 15:35:46 346,624 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\dxtmsft.dll
+ 2007-08-13 15:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\dxtrans.dll
+ 2007-08-13 15:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\extmgr.dll
+ 2007-08-13 15:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\icardie.dll
+ 2007-08-13 15:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ie4uinit.exe
+ 2007-08-13 15:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieakeng.dll
+ 2007-08-13 15:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieaksie.dll
+ 2007-08-13 14:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieakui.dll
+ 2007-02-12 13:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieapfltr.dat
+ 2007-07-11 09:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieapfltr.dll
+ 2007-08-13 15:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iedkcs32.dll
+ 2007-08-13 15:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieframe.dll
+ 2007-08-13 15:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iernonce.dll
+ 2007-08-13 15:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iertutil.dll
+ 2007-08-13 15:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieudinit.exe
+ 2007-08-13 15:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iexplore.exe
+ 2007-08-13 15:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\jsproxy.dll
+ 2007-08-13 15:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msfeeds.dll
+ 2007-08-13 15:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msfeedsbs.dll
+ 2007-08-13 15:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mshtml.dll
+ 2007-08-13 15:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mshtmled.dll
+ 2007-08-13 15:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msrating.dll
+ 2007-08-13 15:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mstime.dll
+ 2007-08-13 15:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\occache.dll
+ 2007-08-13 15:36:12 44,544 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\pngfilt.dll
+ 2007-03-06 01:31:14 214,752 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:32:23 380,640 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\updspapi.dll
+ 2007-08-13 15:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\url.dll
+ 2007-08-13 15:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\urlmon.dll
+ 2007-08-13 15:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\webcheck.dll
+ 2007-08-13 15:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
- 2008-08-07 14:31:01 4,608 ----a-r C:\WINDOWS\Installer\{F34D9A5F-484A-4E31-A9D3-908CB265B289}\IconC989D247.exe
+ 2008-08-18 11:26:51 4,608 ----a-r C:\WINDOWS\Installer\{F34D9A5F-484A-4E31-A9D3-908CB265B289}\IconC989D247.exe
+ 2005-12-20 15:11:36 20,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1035\alinkui.dll
+ 2005-12-20 15:11:38 146,432 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1035\cscompui.dll
+ 2005-12-20 15:11:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1035\CvtResUI.dll
+ 2005-12-20 15:11:44 196,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1035\vbc7ui.dll
+ 2005-12-20 15:11:34 208,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1035\Vsavb7rtUI.dll
+ 2005-12-20 15:11:34 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fi\aspnet_compiler.resources.dll
+ 2005-12-20 15:11:34 74,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fi\aspnet_rc.dll
+ 2005-12-20 15:11:34 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fi\aspnet_regbrowsers.resources.dll
+ 2005-12-20 15:11:34 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fi\aspnet_regsql.resources.dll
+ 2005-12-20 15:11:34 311,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fi\aspnetmmcext.resources.dll
+ 2005-12-20 15:11:42 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fi\caspol.resources.dll
+ 2005-12-20 15:11:44 4,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fi\InstallUtil.resources.dll
+ 2005-12-20 15:11:40 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fi\JSC.resources.dll
+ 2005-12-20 15:11:44 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fi\Microsoft.Build.Engine.resources.dll
+ 2005-12-20 15:11:44 135,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fi\Microsoft.Build.Tasks.resources.dll
+ 2005-12-20 15:11:44 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fi\Microsoft.Build.Utilities.Resources.dll
+ 2005-12-20 15:11:40 45,056 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fi\Microsoft.JScript.resources.dll
+ 2005-12-20 15:11:46 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fi\Microsoft.VisualBasic.resources.dll
+ 2005-12-20 15:11:44 12,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fi\MSBuild.resources.dll
+ 2005-12-20 15:11:44 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fi\mscorlib.resources.dll
+ 2005-12-20 15:11:44 374,272 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fi\mscorrc.dll
+ 2005-12-20 15:11:44 11,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fi\Regasm.Resources.dll
+ 2005-12-20 15:11:44 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fi\ShFusRes.dll
+ 2005-12-20 15:11:44 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fi\sysglobl.resources.dll
+ 2005-12-20 15:11:44 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fi\System.Configuration.Install.resources.dll
+ 2005-12-20 15:11:44 45,056 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fi\System.Configuration.resources.dll
+ 2005-12-20 15:11:44 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fi\System.Data.OracleClient.resources.dll
+ 2005-12-20 15:11:44 323,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fi\System.Data.resources.dll
+ 2005-12-20 15:11:44 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fi\system.data.sqlxml.resources.dll
+ 2005-12-20 15:11:38 376,832 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fi\System.Deployment.resources.dll
+ 2005-12-20 15:11:44 524,288 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fi\System.Design.resources.dll
+ 2005-12-20 15:11:44 16,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fi\System.DirectoryServices.Protocols.resources.dll
+ 2005-12-20 15:11:44 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fi\System.DirectoryServices.resources.dll
+ 2005-12-20 15:11:44 6,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fi\System.Drawing.Design.resources.dll
+ 2005-12-20 15:11:44 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fi\System.Drawing.resources.dll
+ 2005-12-20 15:11:44 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fi\System.EnterpriseServices.resources.dll
+ 2005-12-20 15:11:44 12,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fi\System.Management.resources.dll
+ 2005-12-20 15:11:44 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fi\System.Messaging.resources.dll
+ 2005-12-20 15:11:44 200,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fi\system.resources.dll
+ 2005-12-20 15:11:44 19,968 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fi\System.Runtime.Remoting.resources.dll
+ 2005-12-20 15:11:44 11,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fi\System.Runtime.Serialization.Formatters.Soap.resources.dll
+ 2005-12-20 15:11:44 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fi\System.Security.resources.dll
+ 2005-12-20 15:11:44 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fi\System.ServiceProcess.resources.dll
+ 2005-12-20 15:11:44 15,872 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fi\System.Transactions.resources.dll
+ 2005-12-20 15:11:44 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fi\System.Web.Mobile.resources.dll
+ 2005-12-20 15:11:44 577,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fi\System.Web.resources.dll
+ 2005-12-20 15:11:44 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fi\System.Web.Services.resources.dll
+ 2005-12-20 15:11:44 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fi\System.Windows.Forms.resources.dll
+ 2005-12-20 15:11:44 155,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fi\System.xml.resources.dll
+ 2005-12-20 15:11:46 8,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC\FI\Microsoft.VisualBasic.Compatibility.Data.resources.dll
+ 2005-12-20 15:11:46 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC\FI\Microsoft.VisualBasic.Compatibility.resources.dll
+ 2005-12-09 07:45:40 609,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FIN\install.exe
+ 2005-12-09 07:45:40 81,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FIN\install.res.1035.dll
+ 2005-12-09 09:26:10 245,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FIN\unicows.dll
+ 2005-12-20 15:11:44 22,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI\040B\mscorsecr.dll
- 2008-04-14 16:11:30 61,440 ----a-w C:\WINDOWS\system32\admparse.dll
+ 2007-08-13 15:39:20 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
- 2008-04-14 16:11:31 100,864 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-06-23 16:29:13 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2007-07-30 16:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
+ 2008-07-18 19:10:48 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
- 2008-07-23 07:58:20 249,592 ----a-w C:\WINDOWS\system32\cssdll32.dll
+ 2008-08-16 12:33:38 249,592 ----a-w C:\WINDOWS\system32\cssdll32.dll
+ 2007-08-13 15:39:20 71,680 -c----w C:\WINDOWS\system32\dllcache\admparse.dll
+ 2008-06-23 16:29:13 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2006-09-23 10:12:54 1,022,976 -c----w C:\WINDOWS\system32\dllcache\browseui.dll
- 2007-07-30 16:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2008-07-18 19:10:48 94,920 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2007-08-13 15:42:54 17,408 -c----w C:\WINDOWS\system32\dllcache\corpol.dll
- 2004-12-21 09:14:24 28,672 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
+ 2007-08-13 15:54:10 33,792 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
+ 2008-06-23 16:29:13 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-06-23 16:29:13 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-06-23 16:29:13 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-08-13 15:18:02 60,416 -c----w C:\WINDOWS\system32\dllcache\hmmapi.dll
+ 2008-06-23 09:21:15 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-06-23 16:29:13 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-06-23 16:29:13 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2004-09-15 12:00:00 225,280 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-06-21 05:23:54 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-06-23 16:29:13 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2007-08-13 15:44:02 69,120 -c----w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-08-13 15:45:18 78,336 -c----w C:\WINDOWS\system32\dllcache\ieencode.dll
+ 2007-08-13 15:54:10 191,488 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-06-23 16:29:14 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2007-08-13 15:39:12 55,296 -c----w C:\WINDOWS\system32\dllcache\iesetup.dll
+ 2008-06-23 09:21:31 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2007-08-13 15:36:06 36,352 -c----w C:\WINDOWS\system32\dllcache\imgutil.dll
+ 2007-08-13 15:39:02 92,672 -c----w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-06-23 16:29:15 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-08-13 15:44:18 40,960 -c----w C:\WINDOWS\system32\dllcache\licmgr10.dll
+ 2007-08-13 15:32:30 45,568 -c----w C:\WINDOWS\system32\dllcache\mshta.exe
- 2008-06-23 15:10:15 3,088,384 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-06-24 07:29:16 3,592,192 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-06-23 16:29:15 477,696 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-08-13 15:01:12 48,128 -c----w C:\WINDOWS\system32\dllcache\mshtmler.dll
- 2004-09-15 12:00:00 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
+ 2007-08-13 15:54:10 156,160 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
+ 2008-06-23 16:29:15 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-06-23 16:29:15 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-06-23 16:29:15 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-06-23 16:29:15 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2006-09-23 10:12:54 474,112 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-06-23 16:29:16 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
- 2008-06-26 08:14:07 619,008 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-06-23 16:29:16 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-06-23 16:29:16 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2007-08-13 15:54:10 765,952 -c----w C:\WINDOWS\system32\dllcache\VGX.dll
- 2008-06-23 15:10:15 666,112 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-06-23 16:29:16 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2007-07-30 16:19:36 549,720 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
+ 2008-07-18 19:09:44 563,912 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
- 2007-07-30 16:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
+ 2008-07-18 19:10:42 53,448 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
- 2007-07-30 16:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
+ 2008-07-18 19:09:42 1,811,656 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
- 2007-07-30 16:19:32 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
+ 2008-07-18 19:09:46 325,832 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
- 2007-07-30 16:18:40 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
+ 2008-07-18 19:10:20 36,552 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
- 2007-07-30 16:19:28 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2008-07-18 19:09:44 205,000 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
- 2008-04-14 16:11:34 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-06-23 16:29:13 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-04-14 16:11:34 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-06-23 16:29:13 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-04-14 16:11:34 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-06-23 16:29:13 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-06-23 16:29:13 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2006-06-29 05:05:44 26,112 ------w C:\WINDOWS\system32\idndl.dll
- 2008-04-14 16:12:14 34,304 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-06-23 09:21:15 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2008-04-14 16:11:36 143,360 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-06-23 16:29:13 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2008-04-14 16:11:36 218,112 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-06-23 16:29:13 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2004-09-15 12:00:00 225,280 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-06-21 05:23:54 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
+ 2008-06-23 16:29:13 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-04-14 16:11:36 323,584 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-06-23 16:29:13 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-06-23 16:29:14 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-04-14 16:11:36 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-08-13 15:54:10 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2008-04-14 16:11:36 48,640 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-06-23 16:29:14 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-06-23 16:29:14 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2008-04-14 16:11:36 62,976 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2007-08-13 15:39:12 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2008-06-23 09:20:26 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2007-08-13 15:54:10 180,736 ------w C:\WINDOWS\system32\ieui.dll
- 2008-04-14 16:11:36 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
+ 2007-08-13 15:36:06 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
- 2008-04-14 16:11:36 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-08-13 15:39:02 92,672 ----a-w C:\WINDOWS\system32\inseng.dll
- 2008-07-23 06:51:21 49,245 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-08-15 05:22:18 139,264 ----a-w C:\WINDOWS\system32\java.exe
- 2008-07-23 06:51:21 49,247 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-08-15 05:22:18 139,264 ----a-w C:\WINDOWS\system32\javaw.exe
- 2008-07-23 06:51:21 127,075 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-08-15 05:22:18 143,360 ----a-w C:\WINDOWS\system32\javaws.exe
- 2008-04-14 16:11:37 15,872 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-06-23 16:29:15 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-04-14 16:11:38 22,016 ----a-w C:\WINDOWS\system32\licmgr10.dll
+ 2007-08-13 15:44:18 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
- 2008-07-23 11:58:39 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
+ 2008-08-19 20:57:51 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
- 2008-04-14 16:11:39 29,696 ----a-w C:\WINDOWS\system32\mimefilt.dll
+ 2008-03-07 17:02:08 29,696 ----a-w C:\WINDOWS\system32\mimefilt.dll
+ 2008-06-23 16:29:15 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-06-23 16:29:15 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2007-08-13 15:36:40 12,288 ------w C:\WINDOWS\system32\msfeedssync.exe
- 2008-04-14 16:12:19 29,184 ----a-w C:\WINDOWS\system32\mshta.exe
+ 2007-08-13 15:32:30 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
- 2008-06-23 15:10:15 3,088,384 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-06-24 07:29:16 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-04-14 16:11:39 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-06-23 16:29:15 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-04-14 15:39:01 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll
+ 2007-08-13 15:01:12 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
- 2004-09-15 12:00:00 146,432 ----a-w C:\WINDOWS\system32\msls31.dll
+ 2007-08-13 15:54:10 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
- 2008-04-14 16:11:42 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-06-23 16:29:15 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-05-26 19:17:44 34,816 ------w C:\WINDOWS\system32\msscb.dll
+ 2008-05-26 19:17:26 60,416 ------w C:\WINDOWS\system32\msscntrs.dll
+ 2008-05-26 19:17:38 11,776 ------w C:\WINDOWS\system32\msshooks.dll
+ 2008-05-26 19:18:34 231,936 ------w C:\WINDOWS\system32\msshsq.dll
+ 2008-05-26 19:17:26 87,552 ------w C:\WINDOWS\system32\mssitlb.dll
+ 2008-05-26 19:18:26 350,208 ------w C:\WINDOWS\system32\mssph.dll
+ 2008-05-26 19:18:56 203,776 ------w C:\WINDOWS\system32\mssphtb.dll
+ 2008-05-26 19:17:28 32,768 ------w C:\WINDOWS\system32\mssprxy.dll
+ 2008-05-26 19:21:26 1,418,240 ------w C:\WINDOWS\system32\mssrch.dll
+ 2008-05-26 19:18:42 44,032 ------w C:\WINDOWS\system32\msstrc.dll
- 2008-04-14 16:11:42 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-06-23 16:29:15 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2007-07-30 16:19:10 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
+ 2008-07-18 19:07:34 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
+ 2005-12-20 15:11:44 6,656 ----a-w C:\WINDOWS\system32\mui\040B\mscorees.dll
- 2007-07-30 16:19:04 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
+ 2008-07-18 19:07:32 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
- 2008-04-14 16:11:42 98,304 ----a-w C:\WINDOWS\system32\nlhtml.dll
+ 2008-03-07 17:02:08 98,304 ----a-w C:\WINDOWS\system32\nlhtml.dll
+ 2006-06-28 14:59:26 24,576 ------w C:\WINDOWS\system32\nlsdl.dll
+ 2006-06-29 05:05:44 23,552 ------w C:\WINDOWS\system32\normaliz.dll
- 2008-04-14 16:11:45 96,768 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-06-23 16:29:15 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-05-26 19:19:36 273,408 ------w C:\WINDOWS\system32\oeph.dll
+ 2008-05-26 19:19:16 11,264 ------w C:\WINDOWS\system32\oephRes.dll
- 2008-04-14 16:11:45 192,000 ----a-w C:\WINDOWS\system32\offfilt.dll
+ 2008-03-07 17:02:08 192,000 ----a-w C:\WINDOWS\system32\offfilt.dll
- 2008-08-07 12:45:19 75,610 ----a-w C:\WINDOWS\system32\perfc00B.dat
+ 2008-08-19 11:38:12 85,114 ----a-w C:\WINDOWS\system32\perfc00B.dat
- 2008-08-07 12:45:19 375,602 ----a-w C:\WINDOWS\system32\perfh00B.dat
+ 2008-08-19 11:38:12 396,372 ----a-w C:\WINDOWS\system32\perfh00B.dat
- 2008-04-14 16:11:45 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-06-23 16:29:15 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-05-26 19:18:08 71,680 ------w C:\WINDOWS\system32\propdefs.dll
+ 2008-05-26 19:17:48 754,176 ------w C:\WINDOWS\system32\propsys.dll
+ 2008-05-26 19:18:32 38,400 ------w C:\WINDOWS\system32\rtffilt.dll
+ 2008-05-26 19:17:56 87,552 ------w C:\WINDOWS\system32\searchfilterhost.exe
+ 2008-05-26 19:18:44 439,808 ------w C:\WINDOWS\system32\searchindexer.exe
+ 2008-05-26 19:18:18 184,832 ------w C:\WINDOWS\system32\searchprotocolhost.exe
+ 2008-07-18 19:10:20 36,552 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-07-18 19:10:40 45,768 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
- 2007-11-30 12:39:27 17,272 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:19:02 17,272 ------w C:\WINDOWS\system32\spmsg.dll
+ 2008-05-26 19:17:30 301,568 ------w C:\WINDOWS\system32\srchadmin.dll
+ 2008-05-26 18:59:40 106,605 ------w C:\WINDOWS\system32\structuredqueryschema.bin
+ 2008-05-26 18:59:42 18,904 ------w C:\WINDOWS\system32\structuredqueryschematrivial.bin
+ 2008-05-26 19:21:08 1,582,592 ------w C:\WINDOWS\system32\tquery.dll
+ 2008-05-26 19:19:20 97,792 ------w C:\WINDOWS\system32\UncCplExt.dll
+ 2008-05-26 19:19:22 143,872 ------w C:\WINDOWS\system32\UncDMS.dll
+ 2008-05-26 19:19:28 108,032 ------w C:\WINDOWS\system32\UncNE.dll
+ 2008-05-26 19:19:28 131,072 ------w C:\WINDOWS\system32\UncPH.dll
+ 2008-05-26 19:19:26 2,048 ------w C:\WINDOWS\system32\UncRes.dll
- 2008-04-14 16:11:55 37,888 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-06-23 16:29:16 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-06-26 08:14:07 619,008 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-06-23 16:29:16 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-04-14 16:11:56 278,016 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-06-23 16:29:16 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2007-08-13 15:45:16 206,336 ------w C:\WINDOWS\system32\WinFXDocObj.exe
- 2008-06-23 15:10:15 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-06-23 16:29:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
- 2007-07-30 16:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
+ 2008-07-18 19:09:44 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
- 2007-07-30 16:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
+ 2008-07-18 19:10:42 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
- 2007-07-30 16:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
+ 2008-07-18 19:09:42 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
- 2007-07-30 16:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
+ 2008-07-18 19:09:46 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
- 2007-07-30 16:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll
+ 2008-07-18 19:10:20 36,552 ----a-w C:\WINDOWS\system32\wups.dll
- 2007-07-30 16:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
+ 2008-07-18 19:10:40 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
- 2007-07-30 16:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2008-07-18 19:09:44 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2008-05-26 19:18:34 56,320 ------w C:\WINDOWS\system32\xmlfilter.dll
+ 2008-08-23 09:57:14 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_1ac.dat
+ 2008-08-23 09:56:58 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6ec.dat
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:12 15360]
"Steam"="c:\program files\steam\steam.exe" [2008-07-23 11:01 1271032]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 14:24 167368]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-08-23 00:05 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-08-15 08:22 144792]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 17:00 81920 C:\WINDOWS\SOUNDMAN.EXE]
"AtiPTA"="atiptaxx.exe" [2006-02-22 04:05 344064 C:\WINDOWS\system32\atiptaxx.exe]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 12:50 20992 C:\WINDOWS\LOGI_MWX.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 19:12 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 22:19 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Steam\\steamapps\\aki944\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\steamapps\\aki944\\team fortress 2\\hl2.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Steam\\steamapps\\common\\trackmania united\\TmForever.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 17:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 17:37]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-08-15 08:22]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fi/
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://help.live.com/help.aspx?project=WLInstaller&market=fi-fi&querytype=keyword&query=25607008ilw
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-23 12:57:39
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\searchindexer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-08-23 13:04:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-23 10:04:27
ComboFix2.txt 2008-08-15 04:06:33
Pre-Run: 105,909,239,808 tavua vapaana
Post-Run: 105,861,918,720 tavua vapaana
604 --- E O F --- 2008-08-20 11:16:36
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:07:11, on 23.8.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://help.live.com/help.aspx?project=W...ery=25607008ilw
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
--
End of file - 5778 bytes
ja kohta pistän sen sdfixin
|
|
Hujo
Suspended permanently
|
23. elokuuta 2008 @ 13:51 |
Linkki tähän viestiin
|
laita tämäkin ja loki siintä
Lataa SmitfraudFix (c) S!Ri
Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:
Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
Postita ponnahtava rapport ? muistion sisältö viestiketjuusi.
Löytyy myös C:\rapport.txt
Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat
(AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja.
A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä,
silloin ne saattavat varoittaa käyttäjää.
Voiko tietsikka koskaan toimia?
|
|
Pistooli
Junior Member
|
23. elokuuta 2008 @ 14:25 |
Linkki tähän viestiin
|
SDFix: Version 1.218
Run by Omistaja on la 23.08.2008 at 13:27
Microsoft Windows XP [versio 5.1.2600]
Running From: C:\Documents and Settings\Omistaja\Ty”p”yt„\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-23 14:19:03
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:d5,11,4c,4d,d5,ea,46,ab,27,eb,1f,91,9a,25,62,5d,04,b0,5f,d4,a8,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,1d,59,b9,bb,fa,4f,20,08,25,80,be,4e,0b,b9,d8,26,63,..
"khjeh"=hex:6b,a1,49,a6,73,84,7b,ba,1b,01,29,0f,78,5d,a7,e1,7a,f3,dc,0d,64,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:01,87,1d,0b,94,6b,42,ca,21,90,2b,70,8e,71,b0,d7,04,40,4e,04,3f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:d5,11,4c,4d,d5,ea,46,ab,27,eb,1f,91,9a,25,62,5d,04,b0,5f,d4,a8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,1d,59,b9,bb,fa,4f,20,08,25,80,be,4e,0b,b9,d8,26,63,..
"khjeh"=hex:6b,a1,49,a6,73,84,7b,ba,1b,01,29,0f,78,5d,a7,e1,7a,f3,dc,0d,64,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:01,87,1d,0b,94,6b,42,ca,21,90,2b,70,8e,71,b0,d7,04,40,4e,04,3f,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000004c
"TracesSuccessful"=dword:00000016
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\Steam\\steamapps\\aki944\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\aki944\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\steamapps\\aki944\\team fortress 2\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\aki944\\team fortress 2\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Opera\\opera.exe"="C:\\Program Files\\Opera\\opera.exe:*:Enabled:Opera Internet Browser"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Steam\\steamapps\\common\\trackmania united\\TmForever.exe"="C:\\Program Files\\Steam\\steamapps\\common\\trackmania united\\TmForever.exe:*:Enabled:TmForever"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files :
Files with Hidden Attributes :
Wed 23 Jul 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 23 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\91671d33fbb0a8b5168be907aaf53cb2\BIT6.tmp"
Finished!
|
|
Pistooli
Junior Member
|
23. elokuuta 2008 @ 14:34 |
Linkki tähän viestiin
|
SmitFraudFix v2.339
Scan done at 14:29:30,35, la 23.08.2008
Run from C:\Documents and Settings\Omistaja\Ty”p”yt„\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Omistaja
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Omistaja\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Omistaja\Suosikit
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Nykyinen kotisivu"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, following keys are not inevitably infected!!!
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: NVIDIA nForce Networking Controller - Paketinajoituksen miniportti
DNS Server Search Order: 192.168.0.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F3BE4217-A63B-46CD-A8EE-F5414DC14BD4}: DhcpNameServer=192.168.0.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F3BE4217-A63B-46CD-A8EE-F5414DC14BD4}: DhcpNameServer=192.168.0.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.254
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
|
|
Pistooli
Junior Member
|
23. elokuuta 2008 @ 14:38 |
Linkki tähän viestiin
|
kone teki taas saman tempun ku kerran eiku Avast! uusiksi latamaan.
|
|
Hujo
Suspended permanently
|
23. elokuuta 2008 @ 14:42 |
Linkki tähän viestiin
|
Lataa OTMoveIt
OTMoveIt ja tallenna se työpöydällesi.
Tuplaklikkaa OTMoveIt.exe.
Klikkaa CleanUp!.
Valitse Yes kun kysytään "Begin cleanup Process?".
Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.
HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.
===============
ja ei halua nettiin enään vai?
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 23. elokuuta 2008 @ 14:43
|
|
Mainos
|
|
|
|
Pistooli
Junior Member
|
23. elokuuta 2008 @ 14:44 |
Linkki tähän viestiin
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:43:28, on 23.8.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://help.live.com/help.aspx?project=W...ery=25607008ilw
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
--
End of file - 5898 bytes
|
|
