|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
hjt-loki tarkistettavaksi. mese lähettää jotain linkkiä.
|
|
|
Hoki
Junior Member
|
24. elokuuta 2008 @ 12:43 |
Linkki tähän viestiin
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47:41, on 24.8.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
F:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iltasanomat.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [WinampAgent] "F:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitComet] "F:\Program Files\BitComet22\BitComet.exe" /tray
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] F:\Program Files\DAEMON Tools Pro\DTProAgent.exe -autorun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\Program Files\DAEMON Tools\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1203679456625
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{19783C5D-30CF-464E-B723-878175746807}: NameServer = 212.116.32.218 212.116.32.222
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 9571 bytes
Hoki
|
|
Hoki
Junior Member
|
26. elokuuta 2008 @ 14:16 |
Linkki tähän viestiin
|
|
.
Hoki
|
|
Hujo
Suspended permanently
|
26. elokuuta 2008 @ 14:46 |
Linkki tähän viestiin
|
scannaa hjt:llä merkkaa paina Fix checked
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
=============
1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
============
Lataa Malwarebytes' Anti-Malware työpöydällesi.
1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.
============
Lataa Tästä Ccleaner
CCleaner v2.05.555- Standard Build, ÄLÄ aseenna Yahoo toolbaria!
Asennuksessa poista merkki/rasti kohdasta "asenna Yahoo! toolbar/työkalupalkki".
Asennuksen jälkeen aukaise CCleaner.
Valitse vasemmalta pystyrivistä Options.
Valitse viereisestä pystyrivistä Settings.
Language kohtaan valitse Suomi.
Puhdistaja
Valitse vasemmalta pystyrivistä Puhdistaja.
Paina alhaalta Tutki.
Nyt CCleaner tutkii, mitä voidaan poistaa (tempit, cookiessit jne.).
Kun tutkiminen on valmis, paina Aja CCleaner.
Nyt CCleaner poistaa löydetyt tempit, cookiessit jne.
Rekisterin virheiden korjaus
Valitse vasemmalta pystyrivistä Rekisteri.
Paina alhaalta Etsi rekisterin virheitä.
Kun etsintä on valmis ja olet varma, että haluat korjata ne rivit jotka ovat merkattuja, niin paina Korjaa valitut rekisterin virheet.
Sinulta kysytään "haluatko varmuuskopioida muutokset rekisteriin", paina Kyllä. Tallenna varmuuskopio vaikka "Omat tiedostot" -kansioon.
Klikkaa uudesta aukeavasta ikkunasta Korjaa kaikki valitut virheet.
Saat vielä varmistus kysymyksen, paina Ok.
Kun virheet on korjattu, paina Sulje.
Nyt voit sulkea CCleanerin painamalla oikealta ylhäältä punaista rastia.
Voiko tietsikka koskaan toimia?
|
|
Hoki
Junior Member
|
26. elokuuta 2008 @ 16:57 |
Linkki tähän viestiin
|
ComboFix 08-08-25.01 - Mika 2008-08-26 16:48:50.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.498 [GMT 3:00]
Running from: C:\Documents and Settings\Mika\Työpöytä\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Marjut\Cookies\marjut@turvapc[1].txt
C:\Documents and Settings\Marjut\Cookies\marjut@www.teloos[1].txt
C:\Documents and Settings\Mika\Application Data\inst.exe
C:\Documents and Settings\Mika\Application Data\macromedia\Flash Player\#SharedObjects\Y9ABA9HW\bin.clearspring.com
C:\Documents and Settings\Mika\Application Data\macromedia\Flash Player\#SharedObjects\Y9ABA9HW\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Mika\Application Data\macromedia\Flash Player\#SharedObjects\Y9ABA9HW\interclick.com
C:\Documents and Settings\Mika\Application Data\macromedia\Flash Player\#SharedObjects\Y9ABA9HW\interclick.com\ud.sol
C:\Documents and Settings\Mika\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Mika\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\Mika\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Mika\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Mika\Cookies\mika@2o7[1].txt
C:\Documents and Settings\Mika\Cookies\mika@a.amd[1].txt
C:\Documents and Settings\Mika\Cookies\mika@ad.yieldmanager[3].txt
C:\Documents and Settings\Mika\Cookies\mika@advertising[1].txt
C:\Documents and Settings\Mika\Cookies\mika@clicktorrent[2].txt
C:\Documents and Settings\Mika\Cookies\mika@ehg-discoverynetwork.hitbox[2].txt
C:\Documents and Settings\Mika\Cookies\mika@ehg-theactivenetwork.hitbox[2].txt
C:\Documents and Settings\Mika\Cookies\mika@indextools[2].txt
C:\Documents and Settings\Mika\Cookies\mika@ra01.relev-ant[1].txt
C:\Documents and Settings\Mika\Cookies\mika@revsci[2].txt
C:\Documents and Settings\Mika\Cookies\mika@specificclick[1].txt
C:\Documents and Settings\Mika\Cookies\mika@statcounter[1].txt
C:\Documents and Settings\Mika\Cookies\mika@tradedoubler[1].txt
C:\Documents and Settings\Mika\Cookies\mika@turvapc[3].txt
C:\WINDOWS\BMc32fa0a7.txt
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-07-26 to 2008-08-26 )))))))))))))))))
.
2008-08-26 13:20 . 2008-08-26 13:20 <KANSIO> d-------- C:\WINDOWS\LastGood
2008-08-23 19:17 . 2008-08-23 19:19 <KANSIO> d-------- C:\WINDOWS\system32\Adobe
2008-08-23 11:24 . 2008-08-23 11:24 <KANSIO> d-------- C:\WINDOWS\Logs
2008-08-23 11:16 . 2008-08-23 11:16 <KANSIO> d-------- C:\Program Files\Common Files\DirectX
2008-08-19 21:19 . 2008-08-19 21:19 <KANSIO> d-------- C:\Documents and Settings\Mika\Application Data\DAEMON Tools
2008-08-19 15:25 . 2008-08-19 15:25 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-08-19 15:05 . 2008-08-19 15:05 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-08-19 15:03 . 2008-08-19 15:09 <KANSIO> d-------- C:\Documents and Settings\Mika\Application Data\DAEMON Tools Pro
2008-08-17 11:34 . 2008-08-17 11:34 <KANSIO> d-------- C:\Documents and Settings\Esa\Application Data\Nero
2008-08-14 19:49 . 2008-08-14 19:49 <KANSIO> d-------- C:\Documents and Settings\Marjut\Application Data\Nero
2008-08-14 09:53 . 2008-08-14 09:55 <KANSIO> d-------- C:\Program Files\Ahead
2008-08-14 09:11 . 2008-08-14 09:11 <KANSIO> d-------- C:\Program Files\Nero
2008-08-11 10:54 . 2008-08-11 10:54 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2008-08-09 20:50 . 2008-02-28 13:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-08-09 20:50 . 2008-02-28 13:01 774,144 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB
2008-08-09 20:49 . 2008-08-09 20:49 0 --a------ C:\WINDOWS\Irremote.ini
2008-08-09 13:52 . 2008-08-17 12:01 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-08-09 13:49 . 2008-08-09 13:49 <KANSIO> d-------- C:\Program Files\NeroInstall.bak
2008-08-09 13:47 . 2008-08-09 13:47 <KANSIO> d-------- C:\Documents and Settings\Mika\Application Data\Nero
2008-08-09 13:40 . 2008-08-14 09:13 <KANSIO> d-------- C:\Program Files\Common Files\Nero
2008-08-09 13:40 . 2008-08-14 09:11 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Nero
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-26 13:47 --------- d-----w C:\Documents and Settings\Mika\Application Data\uTorrent
2008-08-24 11:47 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-23 07:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-21 13:42 --------- d-----w C:\Program Files\Norton Internet Security
2008-08-19 12:03 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-08-09 17:42 --------- d-----w C:\Program Files\Google
2008-07-31 07:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll
2008-07-31 07:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll
2008-07-31 07:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll
2008-07-23 11:56 --------- d-----w C:\Documents and Settings\Mika\Application Data\FLVPlayer4Free
2008-07-15 08:27 --------- d-----w C:\Program Files\Java
2008-07-12 05:18 467,984 ----a-w C:\WINDOWS\system32\d3dx10_39.dll
2008-07-12 05:18 3,851,784 ----a-w C:\WINDOWS\system32\D3DX9_39.dll
2008-07-12 05:18 1,493,528 ----a-w C:\WINDOWS\system32\D3DCompiler_39.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-03 19:41 --------- d-----w C:\Program Files\Real
2008-07-03 19:41 --------- d-----w C:\Program Files\Common Files\xing shared
2008-07-03 19:41 --------- d-----w C:\Program Files\Common Files\Real
2008-06-28 12:09 --------- d-----w C:\Documents and Settings\Mika\Application Data\Ludia
2008-06-28 12:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ludia
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 13:06 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-06-23 16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-06 11:54 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2008-06-06 11:54 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2008-05-30 11:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll
2008-05-30 11:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll
2008-05-30 11:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll
2008-05-30 11:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll
2008-05-30 11:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll
2008-05-30 11:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll
2008-05-30 11:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll
2008-04-19 20:12 47,360 ----a-w C:\Documents and Settings\Mika\Application Data\pcouffin.sys
.
------- Sigcheck -------
2005-03-02 21:13 2181888 6e55b15ee58a0eaaaf20db1f4da39add C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 19:08 2184448 28bafa06aab6df709178b64c16d60c59 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2006-03-02 15:00 2183296 2a8e38e78177bf83c73897511a4eecd0 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 21:08 2181632 ae8d156d1028fba3939609f4c39eb1f1 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 19:02 2182656 df1817bd30438861c183a5427d8fb837 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 19:02 2182656 df1817bd30438861c183a5427d8fb837 C:\WINDOWS\SoftwareDistribution\Download\a1ea65155c8af8d6d56ddb22f7ad86fb\sp2gdr\ntoskrnl.exe
2007-02-28 19:08 2184448 28bafa06aab6df709178b64c16d60c59 C:\WINDOWS\SoftwareDistribution\Download\a1ea65155c8af8d6d56ddb22f7ad86fb\sp2qfe\ntoskrnl.exe
2005-03-02 21:08 2181632 ae8d156d1028fba3939609f4c39eb1f1 C:\WINDOWS\SoftwareDistribution\Download\c9d8cb87b5c72f2be951392f33cdf994\sp2gdr\ntoskrnl.exe
2005-03-02 21:13 2181888 6e55b15ee58a0eaaaf20db1f4da39add C:\WINDOWS\SoftwareDistribution\Download\c9d8cb87b5c72f2be951392f33cdf994\sp2qfe\ntoskrnl.exe
2007-02-28 19:02 2182656 df1817bd30438861c183a5427d8fb837 C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 19:02 2182656 df1817bd30438861c183a5427d8fb837 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
.
((((((((((((((((((((((((((((( snapshot_2008-06-16_10.42.52,04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-14 18:05:39 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP2QFE\bthport.sys
+ 2008-06-14 17:34:47 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP3GDR\bthport.sys
+ 2008-06-14 17:40:21 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP3QFE\bthport.sys
+ 2007-11-30 11:19:02 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\spmsg.dll
+ 2007-11-30 11:19:02 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\spuninst.exe
+ 2007-11-30 11:19:02 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\spcustom.dll
+ 2007-11-30 11:19:03 757,112 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe
+ 2007-11-30 11:19:03 392,056 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\updspapi.dll
+ 2006-08-16 12:14:20 100,352 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
+ 2008-06-20 10:44:08 138,368 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
+ 2008-06-20 17:37:17 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
+ 2008-06-20 17:37:17 246,784 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
+ 2008-06-20 10:44:42 360,960 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
+ 2008-06-20 09:32:39 225,920 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
+ 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
+ 2008-06-20 17:47:56 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
+ 2008-06-20 17:47:56 246,784 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
+ 2008-06-20 11:51:12 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
+ 2008-06-20 11:08:27 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
+ 2008-06-20 11:48:03 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
+ 2008-06-20 17:44:04 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
+ 2008-06-20 17:44:04 246,784 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
+ 2008-06-20 11:59:02 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
+ 2008-06-20 11:16:44 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
+ 2007-11-30 12:39:27 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spmsg.dll
+ 2007-11-30 12:39:27 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spuninst.exe
+ 2007-11-30 12:39:27 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\spcustom.dll
+ 2007-11-30 12:39:25 757,112 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
+ 2007-11-30 12:39:25 392,056 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\updspapi.dll
+ 2008-04-14 15:52:59 272,128 -c----w C:\WINDOWS\$NtUninstallKB951376-v2$\bthport.sys
+ 2007-11-30 11:19:02 232,824 -c----w C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe
+ 2007-11-30 11:19:03 392,056 -c----w C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\updspapi.dll
+ 2006-03-02 12:00:00 138,496 -c----w C:\WINDOWS\$NtUninstallKB951748$\afd.sys
+ 2008-02-20 05:38:03 148,992 -c----w C:\WINDOWS\$NtUninstallKB951748$\dnsapi.dll
+ 2006-03-02 12:00:00 246,784 -c----w C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
+ 2007-11-30 12:39:27 232,824 -c----w C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe
+ 2007-11-30 12:39:25 392,056 -c----w C:\WINDOWS\$NtUninstallKB951748$\spuninst\updspapi.dll
+ 2007-10-30 17:20:55 360,064 -c----w C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
+ 2006-08-16 09:37:30 225,664 -c----w C:\WINDOWS\$NtUninstallKB951748$\tcpip6.sys
- 2008-05-01 11:18:01 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-08-23 08:21:22 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2008-05-01 11:18:01 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-08-23 08:21:22 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2008-05-01 11:18:01 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-08-23 08:21:23 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2008-05-01 11:17:57 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-23 08:21:16 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-05-01 11:17:57 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-23 08:21:17 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-05-01 11:17:58 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-23 08:21:18 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-05-01 11:17:58 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-23 08:21:18 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-05-01 11:17:58 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-23 08:21:19 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-05-01 11:17:59 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-23 08:21:20 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-05-01 11:17:59 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-23 08:21:20 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-05-01 11:17:59 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-23 08:21:21 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-05-01 11:18:00 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-23 08:21:21 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-05-01 11:18:02 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-23 08:21:23 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-05-01 11:18:02 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-08-23 08:21:23 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2008-05-01 11:18:02 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-08-23 08:21:24 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2008-05-01 11:18:02 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-08-23 08:21:24 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2008-05-01 11:18:03 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-08-23 08:21:24 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2008-05-01 11:18:01 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-08-23 08:21:22 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2008-04-14 15:52:59 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-06-14 17:59:49 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-04-23 04:16:41 124,928 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\advpack.dll
+ 2008-04-23 04:16:42 347,136 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\dxtmsft.dll
+ 2008-04-23 04:16:42 214,528 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\dxtrans.dll
+ 2008-04-23 04:16:42 133,120 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\extmgr.dll
+ 2008-04-23 04:16:42 63,488 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\icardie.dll
+ 2008-04-22 07:41:08 70,656 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ie4uinit.exe
+ 2008-04-23 04:16:42 153,088 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieakeng.dll
+ 2008-04-23 04:16:42 230,400 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieaksie.dll
+ 2008-04-20 05:07:51 161,792 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieakui.dll
+ 2008-04-23 04:16:42 383,488 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieapfltr.dll
+ 2008-04-23 04:16:42 384,512 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iedkcs32.dll
+ 2008-04-23 04:16:42 6,066,176 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieframe.dll
+ 2008-04-23 04:16:42 44,544 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iernonce.dll
+ 2008-04-23 04:16:42 267,776 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iertutil.dll
+ 2008-04-22 07:39:58 13,824 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieudinit.exe
+ 2008-04-22 07:41:30 625,664 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iexplore.exe
+ 2008-04-23 04:16:42 27,648 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\jsproxy.dll
+ 2008-04-23 04:16:42 459,264 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msfeeds.dll
+ 2008-04-23 04:16:42 52,224 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msfeedsbs.dll
+ 2008-04-23 19:16:44 3,591,680 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mshtml.dll
+ 2008-04-23 04:16:42 478,208 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mshtmled.dll
+ 2008-04-23 04:16:42 193,024 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msrating.dll
+ 2008-04-23 04:16:42 671,232 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mstime.dll
+ 2008-04-23 04:16:42 102,912 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\occache.dll
+ 2008-04-23 04:16:42 44,544 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\pngfilt.dll
+ 2007-03-06 01:31:14 214,752 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:32:23 380,640 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\updspapi.dll
+ 2008-04-23 04:16:42 105,984 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\url.dll
+ 2008-04-23 04:16:43 1,159,680 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\urlmon.dll
+ 2008-04-23 04:16:43 233,472 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\webcheck.dll
+ 2008-04-23 04:16:43 826,368 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
+ 2008-08-11 07:54:18 32,768 ----a-r C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe
- 2000-08-31 05:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 05:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe
+ 2008-08-06 13:22:02 114,688 ----a-w C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
+ 2008-08-06 13:30:48 202,168 ----a-w C:\WINDOWS\system32\Adobe\Director\swdir.dll
+ 2008-08-06 13:31:08 67,000 ----a-w C:\WINDOWS\system32\Adobe\Director\SwDnld.exe
+ 2008-08-06 13:22:42 499,712 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Control.dll
+ 2008-08-06 12:45:40 1,798,144 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\dirapi.dll
+ 2008-08-06 13:22:44 9,216 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2008-08-06 12:35:52 706,048 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gi.dll
+ 2008-08-06 12:35:52 1,145,896 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gt.exe
+ 2008-08-06 12:35:52 52,288 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gtapi.dll
+ 2008-08-06 12:42:04 892,928 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\iml32.dll
+ 2008-08-06 12:35:52 54,656 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\pccuapi.dll
+ 2008-08-06 13:21:14 266,240 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Plugin.dll
+ 2008-08-06 13:24:14 446,464 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Proj.dll
+ 2008-08-06 13:30:30 447,928 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1100465.exe
+ 2008-08-06 13:24:56 114,688 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwInit.exe
+ 2008-08-06 13:21:04 94,208 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2008-08-06 12:35:52 50,808 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 1999-06-25 07:55:30 149,504 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\UNWISE.EXE
- 2008-04-23 04:16:41 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-06-23 16:29:13 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 1999-12-20 10:16:40 15,360 ----a-w C:\WINDOWS\system32\asfsipc.dll
+ 2008-03-05 12:56:58 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll
+ 2008-02-05 20:07:36 462,864 ----a-w C:\WINDOWS\system32\d3dx10_37.dll
+ 2008-03-05 12:56:58 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll
- 2008-04-23 04:16:41 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-06-23 16:29:13 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
- 2006-03-02 12:00:00 138,496 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys
+ 2008-06-20 10:44:38 138,368 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys
- 2008-04-14 15:52:59 272,128 -c----w C:\WINDOWS\system32\dllcache\bthport.sys
+ 2008-06-14 17:59:49 272,128 -c----w C:\WINDOWS\system32\dllcache\bthport.sys
- 2008-02-20 05:38:03 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-06-20 17:41:09 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
- 2008-04-23 04:16:42 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-06-23 16:29:13 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-04-23 04:16:42 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-06-23 16:29:13 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2005-07-26 04:40:30 243,200 -c--a-w C:\WINDOWS\system32\dllcache\es.dll
+ 2008-07-07 20:31:56 253,952 -c--a-w C:\WINDOWS\system32\dllcache\es.dll
- 2008-04-23 04:16:42 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-06-23 16:29:13 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-04-23 04:16:42 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-06-23 16:29:13 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-04-22 07:41:08 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-06-23 09:21:15 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2008-04-23 04:16:42 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-06-23 16:29:13 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-04-23 04:16:42 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-06-23 16:29:13 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-04-20 05:07:51 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-06-21 05:23:54 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2008-04-23 04:16:42 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-06-23 16:29:13 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-04-23 04:16:42 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-06-23 16:29:13 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-04-23 04:16:42 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-06-23 16:29:14 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-04-23 04:16:42 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-06-23 16:29:14 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-04-23 04:16:42 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-06-23 16:29:14 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2008-04-22 07:39:58 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-06-23 09:20:26 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2008-04-22 07:41:30 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-06-23 09:21:31 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-08-21 06:17:25 683,520 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2008-04-11 18:51:34 683,520 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2008-04-23 04:16:42 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-06-23 16:29:15 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2006-03-02 12:00:00 331,776 -c--a-w C:\WINDOWS\system32\dllcache\msadce.dll
+ 2008-05-01 14:32:24 331,776 -c--a-w C:\WINDOWS\system32\dllcache\msadce.dll
- 2005-06-29 01:49:52 74,240 -c--a-w C:\WINDOWS\system32\dllcache\mscms.dll
+ 2008-06-24 16:23:58 74,240 -c--a-w C:\WINDOWS\system32\dllcache\mscms.dll
- 2008-04-23 04:16:42 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-06-23 16:29:15 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-04-23 04:16:42 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-06-23 16:29:15 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-04-23 19:16:44 3,591,680 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-06-24 07:29:16 3,592,192 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-04-23 04:16:42 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-06-23 16:29:15 477,696 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-04-23 04:16:42 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-06-23 16:29:15 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-04-23 04:16:42 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-06-23 16:29:15 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
- 2006-03-02 12:00:00 246,784 -c--a-w C:\WINDOWS\system32\dllcache\mswsock.dll
+ 2008-06-20 17:41:09 246,784 -c--a-w C:\WINDOWS\system32\dllcache\mswsock.dll
- 2008-04-23 04:16:42 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-06-23 16:29:15 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-04-23 04:16:42 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-06-23 16:29:15 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-10-30 17:20:55 360,064 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2008-06-20 10:45:13 360,320 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2006-08-16 09:37:30 225,664 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
- 2008-04-23 04:16:42 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-06-23 16:29:16 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
- 2008-04-23 04:16:43 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-06-23 16:29:16 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2004-08-03 19:58:46 15,104 -c--a-w C:\WINDOWS\system32\dllcache\usbscan.sys
- 2008-04-23 04:16:43 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-06-23 16:29:16 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-04-23 04:16:43 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-06-23 16:29:16 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-02-20 05:38:03 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:41:09 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2006-03-02 12:00:00 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
+ 2008-06-20 10:44:38 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
- 2008-04-14 15:52:59 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
+ 2008-06-14 17:59:49 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
+ 2008-06-08 06:37:46 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
+ 2008-06-08 06:37:56 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
+ 2008-06-10 16:02:40 15,864 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
+ 2008-06-10 16:02:44 34,296 ----a-w C:\WINDOWS\system32\drivers\mbamcatchme.sys
- 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2008-06-20 10:45:13 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2006-08-16 09:37:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
+ 2004-08-03 19:58:46 15,104 ----a-w C:\WINDOWS\system32\drivers\usbscan.sys
- 2008-04-23 04:16:42 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-06-23 16:29:13 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-04-23 04:16:42 214,528 ------w C:\WINDOWS\system32\dxtrans.dll
+ 2008-06-23 16:29:13 214,528 ------w C:\WINDOWS\system32\dxtrans.dll
- 2008-04-23 04:16:42 133,120 ------w C:\WINDOWS\system32\extmgr.dll
+ 2008-06-23 16:29:13 133,120 ------w C:\WINDOWS\system32\extmgr.dll
- 2008-04-23 04:16:42 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-06-23 16:29:13 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2008-04-22 07:41:08 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-06-23 09:21:15 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
- 2008-04-23 04:16:42 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
+ 2008-06-23 16:29:13 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
- 2008-04-23 04:16:42 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
+ 2008-06-23 16:29:13 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
- 2008-04-20 05:07:51 161,792 ------w C:\WINDOWS\system32\ieakui.dll
+ 2008-06-21 05:23:54 161,792 ------w C:\WINDOWS\system32\ieakui.dll
- 2008-04-23 04:16:42 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-06-23 16:29:13 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-04-23 04:16:42 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-06-23 16:29:13 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
- 2008-04-23 04:16:42 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-06-23 16:29:14 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-04-23 04:16:42 44,544 ------w C:\WINDOWS\system32\iernonce.dll
+ 2008-06-23 16:29:14 44,544 ------w C:\WINDOWS\system32\iernonce.dll
- 2008-04-23 04:16:42 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-06-23 16:29:14 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-06-23 09:20:26 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2000-09-21 16:02:28 507,904 ----a-w C:\WINDOWS\system32\imagr5.dll
+ 2000-09-27 15:15:06 532,480 ----a-w C:\WINDOWS\system32\imagx5.dll
+ 2006-03-17 09:45:52 1,757,184 ----a-w C:\WINDOWS\system32\imagX7.dll
+ 2000-09-21 11:53:00 275,312 ----a-w C:\WINDOWS\system32\ImagXpr5.dll
+ 2006-03-17 09:45:54 497,296 ----a-w C:\WINDOWS\system32\imagXpr7.dll
+ 2006-03-17 09:45:54 258,048 ----a-w C:\WINDOWS\system32\imagXR7.dll
+ 2006-03-17 09:45:54 802,816 ----a-w C:\WINDOWS\system32\imagXRA7.dll
- 2007-08-21 06:17:25 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2008-04-11 18:51:34 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2006-12-19 07:30:26 81,920 ----a-w C:\WINDOWS\system32\IoctlSvc.exe
- 2008-02-21 23:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-09 22:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2008-02-21 23:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-09 22:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2008-02-22 00:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-09 23:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2008-04-23 04:16:42 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
+ 2008-06-23 16:29:15 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
- 2007-10-11 12:12:48 1,468,968 ------w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2008-03-20 15:06:36 1,480,232 ----a-w C:\WINDOWS\system32\LegitCheckControl.DLL
+ 2007-05-02 10:32:04 182,512 ----a-w C:\WINDOWS\system32\Macromed\Director\swdir_bckup.dll
+ 2008-03-25 02:32:44 218,496 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe
- 2008-05-17 05:12:20 74,137 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-06-19 16:26:18 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
- 2007-04-30 15:11:28 585,728 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Control.dll
+ 2008-03-14 20:29:22 581,632 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Control.dll
+ 2008-03-14 20:12:30 1,490,944 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\dirapiX.dll
- 2007-04-30 14:30:38 24,576 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\DynaPlayer.dll
+ 2008-03-14 20:29:58 24,576 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\DynaPlayer.dll
+ 2008-03-14 20:10:06 606,208 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\iml32X.dll
- 2007-04-30 15:11:22 339,968 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Plugin.dll
+ 2008-03-14 20:28:48 339,968 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Plugin.dll
- 2007-04-30 15:11:24 483,328 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\PluginPing.dll
+ 2008-03-14 20:28:56 475,136 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\PluginPing.dll
- 2007-04-30 15:11:30 180,224 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Proj.dll
+ 2008-03-14 20:21:52 180,224 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Proj.dll
- 2007-04-30 14:33:00 77,824 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe
+ 2008-03-14 20:31:28 77,824 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe
+ 2008-03-15 08:38:08 86,016 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwMenuX.dll
- 2007-04-30 14:33:00 98,304 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwOnce.dll
+ 2008-03-14 20:31:28 98,304 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwOnce.dll
- 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-08-05 18:11:01 15,888,504 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-04-23 04:16:42 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-06-23 16:29:15 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2008-04-23 04:16:42 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-06-23 16:29:15 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2008-04-23 19:16:44 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-06-24 07:29:16 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-04-23 04:16:42 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-06-23 16:29:15 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-04-23 04:16:42 193,024 ------w C:\WINDOWS\system32\msrating.dll
+ 2008-06-23 16:29:15 193,024 ------w C:\WINDOWS\system32\msrating.dll
- 2008-04-23 04:16:42 671,232 ------w C:\WINDOWS\system32\mstime.dll
+ 2008-06-23 16:29:15 671,232 ------w C:\WINDOWS\system32\mstime.dll
+ 2007-05-08 12:03:04 1,275,392 ----a-w C:\WINDOWS\system32\msxml4.dll
+ 2003-04-18 13:29:26 82,432 ----a-w C:\WINDOWS\system32\msxml4r.dll
+ 2001-07-09 10:50:42 155,648 ----a-w C:\WINDOWS\system32\NeroCheck.exe
+ 1999-12-20 10:16:40 8,704 ----a-w C:\WINDOWS\system32\npwmsdrm.dll
- 2008-04-23 04:16:42 102,912 ------w C:\WINDOWS\system32\occache.dll
+ 2008-06-23 16:29:15 102,912 ------w C:\WINDOWS\system32\occache.dll
+ 2000-09-21 06:47:10 35,328 ----a-w C:\WINDOWS\system32\picn20.dll
- 1998-03-08 16:28:54 273,408 ----a-w C:\WINDOWS\system32\Pncrt.dll
+ 2008-07-03 19:41:28 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
+ 2008-07-03 19:41:29 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
+ 2008-07-03 19:41:30 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
- 2008-04-23 04:16:42 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-06-23 16:29:15 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2001-10-05 13:31:36 5,632 ----a-w C:\WINDOWS\system32\ptpusb.dll
+ 2004-09-14 13:11:56 159,232 ----a-w C:\WINDOWS\system32\ptpusd.dll
+ 2008-07-03 19:41:34 185,944 ----a-w C:\WINDOWS\system32\rmoc3260.dll
- 2007-11-30 11:19:02 17,272 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 12:39:27 17,272 ------w C:\WINDOWS\system32\spmsg.dll
+ 2000-06-26 09:45:30 106,496 ----a-w C:\WINDOWS\system32\TwnLib20.dll
+ 2006-03-17 12:49:46 368,640 ----a-w C:\WINDOWS\system32\TwnLib4.dll
- 2007-11-13 11:31:11 60,416 ------w C:\WINDOWS\system32\tzchange.exe
+ 2008-07-14 11:09:18 62,976 ------w C:\WINDOWS\system32\tzchange.exe
- 2008-04-23 04:16:42 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-06-23 16:29:16 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-04-23 04:16:43 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-06-23 16:29:16 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-04-23 04:16:43 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-06-23 16:29:16 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-03-05 13:00:06 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll
+ 2008-03-05 13:03:20 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll
+ 2008-03-05 13:03:54 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll
+ 2007-03-20 18:22:04 972,336 ----a-w C:\WINDOWS\UNNeroBackItUp.exe
+ 2007-02-28 13:41:02 972,336 ----a-w C:\WINDOWS\UNNeroShowTime.exe
+ 2007-03-21 18:02:12 972,336 ----a-w C:\WINDOWS\UNNeroVision.exe
+ 2008-08-09 11:04:43 1,233,920 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
+ 2007-05-08 12:06:44 1,275,392 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll
+ 2008-08-09 11:04:43 82,432 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
+ 2006-12-01 19:56:00 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-01 19:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-01 19:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-01 19:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-01 21:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-01 21:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-01 21:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-01 21:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-01 21:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-01 21:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-01 21:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-01 21:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-01 21:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-01 21:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-01 21:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-01 21:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-01 21:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-01 21:46:44 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 15:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 13:54 5674352]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 11:03 868352]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 16:06 1840424]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 11:37 2321600]
"DAEMON Tools Pro Agent"="F:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2008-07-30 14:54 200136]
"DAEMON Tools Lite"="F:\Program Files\DAEMON Tools\daemon.exe" [2008-08-08 15:11 490952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 13:00 58728]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-01-20 17:43 100056]
"WinampAgent"="F:\Program Files\Winamp\winampa.exe" [2008-01-16 01:54 37376]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 22:10 335872]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 09:31 2221352]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 09:53 570664]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 13:50 155648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 15:00 15360]
C:\Documents and Settings\All Users\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 10:15:54 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"F:\\Ohjelmat\\utorrent.exe"=
"C:\\Downloads\\utorrent.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Documents and Settings\\Mika\\Työpöytä\\utorrent.exe"=
"F:\\Pro Evolution Soccer 2008\\PES2008.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22012:TCP"= 22012:TCP:BitComet 22012 TCP
"22012:UDP"= 22012:UDP:BitComet 22012 UDP
"23653:TCP"= 23653:TCP:BitComet 23653 TCP
"23653:UDP"= 23653:UDP:BitComet 23653 UDP
"20153:TCP"= 20153:TCP:BitComet 20153 TCP
"20153:UDP"= 20153:UDP:BitComet 20153 UDP
R2 Automattinen LiveUpdate-ajastustoiminto;Automattinen LiveUpdate-ajastustoiminto;C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 18:58]
S3 zlportio;zlportio;F:\Pelit\Ultrastar\UltraStar Deluxe\zlportio.sys []
.
'Ajoitetut tehtävät'-kansion sisältö
2008-08-22 C:\WINDOWS\Tasks\Norton AntiVirus - Tarkista tietokone - Mika.job
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe [2005-11-28 15:58]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-BitComet - F:\Program Files\BitComet22\BitComet.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.iltasanomat.fi/
O17 -: HKLM\CCS\Interface\{19783C5D-30CF-464E-B723-878175746807}: NameServer = 212.116.32.218 212.116.32.222
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-26 16:52:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
Completion time: 2008-08-26 16:53:18
ComboFix-quarantined-files.txt 2008-08-26 13:53:15
ComboFix2.txt 2008-06-16 07:43:04
ComboFix3.txt 2008-06-05 17:57:42
Pre-Run: 7,840,624,640 tavua vapaana
Post-Run: 10,358,583,296 tavua vapaana
565 --- E O F --- 2008-08-25 19:37:53
Hoki
|
|
Hoki
Junior Member
|
26. elokuuta 2008 @ 17:29 |
Linkki tähän viestiin
|
Malwarebytes' Anti-Malware 1.17
Database version: 859
17:35:04 26.8.2008
mbam-log-8-26-2008 (17-35-04).txt
Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 116303
Time elapsed: 26 minute(s), 23 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
F:\Pelit\Ultrastar\UltraStar Deluxe\sqlite3.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
Hoki
|
|
Hoki
Junior Member
|
26. elokuuta 2008 @ 17:36 |
Linkki tähän viestiin
|
Hoki
|
|
Hujo
Suspended permanently
|
26. elokuuta 2008 @ 21:30 |
Linkki tähän viestiin
|
Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.
Käynnistä koneesi vikasietotilaan:
sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä
Jossakin koneissa hakataan F8:sin sijasta F5:tä
" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.
Voiko tietsikka koskaan toimia?
|
|
Hoki
Junior Member
|
27. elokuuta 2008 @ 16:57 |
Linkki tähän viestiin
|
uusin hjt loki...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:02:48, on 27.8.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
F:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iltasanomat.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [WinampAgent] "F:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] F:\Program Files\DAEMON Tools Pro\DTProAgent.exe -autorun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\Program Files\DAEMON Tools\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1203679456625
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{19783C5D-30CF-464E-B723-878175746807}: NameServer = 212.116.32.218 212.116.32.222
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 8505 bytes
ja sit sdfixin report..
SDFix: Version 1.219
Run by Mika on ke 27.08.2008 at 16:27
Microsoft Windows XP [versio 5.1.2600]
Running From: C:\Documents and Settings\Mika\Ty?p?yt?\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-27 16:39:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:165a6500
"s2"=dword:a5463b33
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"u0"=hex:b8,96,90,02,04,00,00,00,00,00,00,00,38,65,39,35,61,30,31,30,61,..
"p0"="F:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000001
"hdf12"=hex:48,99,c1,10,56,d6,85,48,ee,0b,33,4b,6b,e9,02,7c,f4,54,18,41,91,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,b0,28,68,4c,7b,80,e0,5a,20,4a,47,5b,24,f4,e8,34,26,..
"hdf12"=hex:3e,27,b5,9c,5c,53,b4,24,17,6d,de,a7,78,7e,a7,72,92,51,8b,e3,d9,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:a4,1a,23,5a,93,61,63,ae,c5,cf,74,aa,20,6d,f1,72,c4,a2,a0,15,78,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:97,47,ab,0b,bb,29,ac,54,a3,ad,9f,dc,7a,66,98,6e,66,3a,c0,fa,32,..
"p0"="F:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:f0,d2,4e,1c,63,8c,68,4c,06,d5,7c,9f,1f,74,6d,ed,b6,24,a7,89,ad,..
"a0"=hex:20,01,00,00,13,ca,11,4b,79,52,73,98,87,e0,ce,fb,25,5f,9a,82,95,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:25,bd,3d,04,2f,fd,9c,02,02,13,56,4f,d0,25,cc,17,35,83,ec,fa,04,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Lsa]
"LsaPid"=dword:00000220
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\Memory Management\PrefetchParameters]
"VideoInitTime"=dword:0000037a
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Watchdog\Display]
"ShutdownCount"=dword:00000270
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\PNPA000\4&62aa061d&0]
"Service"="an14528e"
"DeviceDesc"="AN14528E IDE Controller"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\PNPA000\4&62aa061d&1]
"DeviceDesc"="AMY7IT97 IDE Controller"
"Service"="amy7it97"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Epoch]
"Epoch"=dword:00006d83
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SPBBCDrv]
"Start"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"u0"=hex:b8,96,90,02,04,00,00,00,00,00,00,00,38,65,39,35,61,30,31,30,61,..
"p0"="F:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000001
"hdf12"=hex:48,99,c1,10,56,d6,85,48,ee,0b,33,4b,6b,e9,02,7c,f4,54,18,41,91,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,b0,28,68,4c,7b,80,e0,5a,20,4a,47,5b,24,f4,e8,34,26,..
"hdf12"=hex:3e,27,b5,9c,5c,53,b4,24,17,6d,de,a7,78,7e,a7,72,92,51,8b,e3,d9,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:a4,1a,23,5a,93,61,63,ae,c5,cf,74,aa,20,6d,f1,72,c4,a2,a0,15,78,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:97,47,ab,0b,bb,29,ac,54,a3,ad,9f,dc,7a,66,98,6e,66,3a,c0,fa,32,..
"p0"="F:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:f0,d2,4e,1c,63,8c,68,4c,06,d5,7c,9f,1f,74,6d,ed,b6,24,a7,89,ad,..
"a0"=hex:20,01,00,00,13,ca,11,4b,79,52,73,98,87,e0,ce,fb,25,5f,9a,82,95,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:25,bd,3d,04,2f,fd,9c,02,02,13,56,4f,d0,25,cc,17,35,83,ec,fa,04,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C0536EDA-1CB6-43DC-8B96-A238F689CD5C}]
"LeaseObtainedTime"=dword:48b5521c
"T1"=dword:48b5521c
"T2"=dword:48b5521c
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\{C0536EDA-1CB6-43DC-8B96-A238F689CD5C}\Parameters\Tcpip]
"LeaseObtainedTime"=dword:48b5521c
"T1"=dword:48b5521c
"T2"=dword:48b5521c
[HKEY_LOCAL_MACHINE\SYSTEM\LastKnownGoodRecovery\LastGood.Tmp]
"INF/oem12.inf"=dword:00000001
"INF/oem12.PNF"=dword:00000001
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19]
"RefCount"=dword:00000001
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"F:\\Ohjelmat\\utorrent.exe"="F:\\Ohjelmat\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Downloads\\utorrent.exe"="C:\\Downloads\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Documents and Settings\\Mika\\Ty?p?yt?\\utorrent.exe"="C:\\Documents and Settings\\Mika\\Ty?p?yt?\\utorrent.exe:*:Enabled:æTorrent"
"F:\\Pro Evolution Soccer 2008\\PES2008.exe"="F:\\Pro Evolution Soccer 2008\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files :
Files with Hidden Attributes :
Mon 5 May 2008 43,008 ...H. --- "C:\Documents and Settings\Marjut\Omat tiedostot\~WRL3444.tmp"
Sat 19 Apr 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 11 May 2008 94,720 ...H. --- "C:\Documents and Settings\Marjut\Application Data\Microsoft\Word\~WRL1563.tmp"
Sun 11 May 2008 117,248 ...H. --- "C:\Documents and Settings\Marjut\Application Data\Microsoft\Word\~WRL2718.tmp"
Finished!
Hoki
|
|
Hujo
Suspended permanently
|
27. elokuuta 2008 @ 17:10 |
Linkki tähän viestiin
|
|
Loki kunnossa
mites kone toimii
Voiko tietsikka koskaan toimia?
|
|
Hoki
Junior Member
|
28. elokuuta 2008 @ 20:11 |
Linkki tähän viestiin
|
|
kiiitos. kone toimii hyvin eikä mese oo lähetelly mitään linkkejä.
Hoki
|
|
Hoki
Junior Member
|
29. elokuuta 2008 @ 16:31 |
Linkki tähän viestiin
|
|
korjaus. messenger lähettää edelleen jotain linkkiä.
Hoki
|
|
Hujo
Suspended permanently
|
29. elokuuta 2008 @ 16:36 |
Linkki tähän viestiin
|
|
mitäs linkkiä se lähettää
Voiko tietsikka koskaan toimia?
|
|
Hoki
Junior Member
|
31. elokuuta 2008 @ 18:32 |
Linkki tähän viestiin
|
|
esim. faocazae.mobi ja sit hymiöitä vaikka. faocazae.mobi ;)
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 2. syyskuuta 2008 @ 17:44
|
|
Hujo
Suspended permanently
|
1. syyskuuta 2008 @ 13:43 |
Linkki tähän viestiin
|
|
ookos antanut salasanas mesenkerissä jonnekin
vaihda salasana
Voiko tietsikka koskaan toimia?
|
|
Hoki
Junior Member
|
2. syyskuuta 2008 @ 16:14 |
Linkki tähän viestiin
|
|
en oo antanu. koitetaan.
Hoki
|
Moderator
14 tuotearviota
|
2. syyskuuta 2008 @ 17:45 |
Linkki tähän viestiin
|
|
Eipä laitella suoria linkkejä sivuille joiden epäilet olevan viruksen antamia..
Phenom X4 955BE | HD 5770 | 4GB DDR3 || #afterdawn.com @ QuakeNet
|
|
Hoki
Junior Member
|
3. syyskuuta 2008 @ 08:32 |
Linkki tähän viestiin
|
|
ok.
Hoki
|
|
Hoki
Junior Member
|
4. syyskuuta 2008 @ 08:57 |
Linkki tähän viestiin
|
|
vaihdoin salasanan niin nyt ei ole tullut kavereilta mitään että ois lähetelly mitään linkkiä
Hoki
|
|
Mainos
|
|
|
|
Hujo
Suspended permanently
|
4. syyskuuta 2008 @ 13:04 |
Linkki tähän viestiin
|
|
Niin olit mennyt siihen huijaus halpaan.
Salasanaa ei kannata antaa siinä pitää jo epäilys nousta huijauksesta.
Voiko tietsikka koskaan toimia?
|
|
