|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Tietokoneessani on viruksia - kuinka poistan ne?
|
|
|
Tooumas
Junior Member
|
21. kesäkuuta 2009 @ 01:13 |
Linkki tähän viestiin
|
Avasin jo aiemmin viestiketjun kun halusin jonkun tarkistavan HJT logini. No löysin siinä välissä itse jo koneelta viruksen tai viruksia. Minulla on 3 päällä olevaa prosessia (b.exe, csrss.exe ja atieclxx.exe) Eli kuinka poistan nämä virukset? Olkaa niin kilttejä ja neuvokaa tarkasti, koska olen aivan aloittelija näissä asioissa. kiitos jo etukäteen.
|
Senior Member
15 tuotearviota
|
21. kesäkuuta 2009 @ 01:43 |
Linkki tähän viestiin
|
|
|
|
Tooumas
Junior Member
|
21. kesäkuuta 2009 @ 02:44 |
Linkki tähän viestiin
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:36:45, on 21.6.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\msa.exe
C:\Users\TUOMAS~1\AppData\Local\Temp\b.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\PC Protection\Common\FSM32.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\*käyttäjän nimi*\Program Files\DNA\btdna.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\PC Protection\FSGUI\fsguidll.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kainuu.com/Main.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\Windows\system32\msxml71.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PC Protection\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PC Protection\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\*käyttäjän nimi*\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Cognac] C:\Users\TUOMAS~1\AppData\Local\Temp\b.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-21-912600381-1854815515-268499315-1001\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Muu perhe')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PC Protection\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\PC Protection\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PC Protection\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\PC Protection\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\PC Protection\ORSP Client\fsorsp.exe
O23 - Service: Google Update Service (gupdate1c98d215460089e) (gupdate1c98d215460089e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 10462 bytes
Kiitos kun kerroit että nuo ovatkin tärketiä ohjemlmia. Joidenkin sivustojen mukaan viruksia. :o? Nyt voin nukkua yön rauhassa. Onko tuo b.exe muuten miten vaarallinen? :/
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 16. heinäkuuta 2009 @ 13:41
|
|
Tooumas
Junior Member
|
21. kesäkuuta 2009 @ 03:02 |
Linkki tähän viestiin
|
|
Nyt kun olin käytänyt tietokonetta kiinni, niin huomasin että piippaus joka tuli luultavasti jostai viruksesta on loppunut. Mutta palaan asiaan huomenna. toivottavasti tuon login avulla joku voi auttaa poistamaan madon.
E. piippaus alkoi jälleen. :/
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 21. kesäkuuta 2009 @ 03:09
|
Senior Member
15 tuotearviota
|
21. kesäkuuta 2009 @ 18:56 |
Linkki tähän viestiin
|
Jep, jep... Lataa koneellesi mbam.exe. Ja tee tämän ohjeen mukaan ja lähetä se logi tänne. Ja sitten tee vielä viestin perään uusi HJT-logi.
|
|
Tooumas
Junior Member
|
21. kesäkuuta 2009 @ 19:14 |
Linkki tähän viestiin
|
Tuon tehtyäni ja useita "Trojan fake alert" tiedostoja poistettuani en löydä ainakaan enää b.exeä :)
tässä logit:
Malwarebytes' Anti-Malware 1.38
Tietokantaversio: 2318
Windows 6.0.6001 Service Pack 1
21.6.2009 19:08:29
mbam-log-2009-06-21 (19-08-29).txt
Tarkistustyyppi: Pikatarkistus
Tarkistetut kohteet: 84817
Kulunut aika: 3 minute(s), 3 second(s)
Saastuneita muistiprosesseja: 2
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 8
Saastuneita rekisteriarvoja: 1
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 14
Saastuneita muistiprosesseja:
C:\Users\\AppData\Local\Temp\b.exe (Trojan.FakeAlert) -*käyttäjän nimi*> Unloaded process successfully.
C:\Windows\msa.exe (Trojan.Agent) -> Unloaded process successfully.
Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriavaimia:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully.
Saastuneita rekisteriarvoja:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cognac (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)
Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)
Saastuneita tiedostoja:
C:\Users\*käyttäjän nimi*\AppData\Local\Temp\b.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\*käyttäjän nimi*\AppData\Local\Temp\a.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\*käyttäjän nimi*\AppData\Local\Temp\Low\1F47.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\*käyttäjän nimi*\AppData\Local\Temp\Low\1F47.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\*käyttäjän nimi*\AppData\Local\Temp\Low\99E3.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\*käyttäjän nimi*\AppData\Local\Temp\Low\99E3.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\*käyttäjän nimi*\AppData\Local\Temp\Low\EEE4.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\*käyttäjän nimi*\AppData\Local\Temp\Low\EEE4.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\*käyttäjän nimi*\AppData\Local\Temp\Low\F2D9.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\*käyttäjän nimi*\AppData\Local\Temp\Low\F2D9.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:13:27, on 21.6.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\PC Protection\Common\FSM32.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\PC Protection\FSGUI\fsguidll.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\*käyttäjän nimi*\Program Files\DNA\btdna.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\TJH\scanneri.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kainuu.com/Main.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PC Protection\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PC Protection\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\*käyttäjän nimi*\Program Files\DNA\btdna.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onl.../fshc/fscax.cab
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PC Protection\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\PC Protection\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PC Protection\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\PC Protection\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\PC Protection\ORSP Client\fsorsp.exe
O23 - Service: Google Update Service (gupdate1c98d215460089e) (gupdate1c98d215460089e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 9908 bytes
Löytyykö enää mitään?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 16. heinäkuuta 2009 @ 13:43
|
|
Tooumas
Junior Member
|
21. kesäkuuta 2009 @ 19:28 |
Linkki tähän viestiin
|
|
Liittyisiköhän tuo nimi "Trojan Fake alert" siihen, että yhtäkkiä alkoi kuulumaan ihmeellistä piipitystä jota helposti luulisi joksikin hälytys ääneksi. Itseasiassa, kun tajusin, että virus oli päässyt koneeseen ja tuo ääni alkoi kuulumaan, luulin sitä F-Securen joksikin varoitusääneksi. Eli olisikohan tuon äänen tarkoitus ärsyttää käyttäjää. Ja välillä aukesi itsekseen IE pop upeja jostain mainoksista. Ja tuli myös wintoosalta ilmoituksia siitä että jokin *****.dll tiedosto on sammunut ja wintoosa etsii ratkaisua tai jotain tämän kaltaista. Nyt kun ajoin tuon ohjelman ja se käski rebootata, niin sen jälkeen ei ole näkynyt sitä b.exe:ä eikä mitään noista oireista ole ilmennyt. Ainakaan toistaiseksi. :)
|
|
Tooumas
Junior Member
|
21. kesäkuuta 2009 @ 19:52 |
Linkki tähän viestiin
|
|
Toivoisin että joku katsoisi nopeasti nuo viimeisimmät logit, sillä huomenna 12 aikoihin päivällä olisin lähdössä mökille ja olisi kiva tietää ennen lähtöä, että onko se kone puhdistunut varmasti kun siellä mökillä kuitenkin olen varmaan perjantaihin. Ei tässä mitään, muuten odottaisin kyllä. Ja kiitos todella todella todella paljon juuSOS neuvoista ja avustasi!
|
Senior Member
15 tuotearviota
|
22. kesäkuuta 2009 @ 18:46 |
Linkki tähän viestiin
|
Hätäisellä tarkastuksella en tuosta mitään löytänyt. Mielenkiintoinen tuo ääntä pitävä virus... :)
Ja jos piippailu jatkuu niin sen pitäisi hiljentyä näillä neuvoilla:
1. Näpsäytä oikealla hiiren painikkeella Oma Tietokonetta
2. Device Manager/Laitehallinta vasemmalla listassa
3. Listalta -> näytä piilotetut laitteet
4. Non-Plug and Play Drivers oikealla hiirellä ominaisuudet/properties
5. Disabled
6. Boottaa kone
Jospa vaikka kuva selventäisi...
Huono suomennos :)
|
|
Tooumas
Junior Member
|
25. kesäkuuta 2009 @ 14:36 |
Linkki tähän viestiin
|
|
Piippaus ei ole jatkunut sen jälkeen kun latasin tuon linkittämäi ohjleman joka poisti joitain Trojalaisia. Mutta jos uudestaan alkaa piipittämään niin kokeilen noita sinun ohjeitasi :)
|
|
Tooumas
Junior Member
|
26. kesäkuuta 2009 @ 21:21 |
Linkki tähän viestiin
|
|
Tuli tuossa mieleen, että mitä nämä on?
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O1 - Hosts: ::1 localhost
Jotain toolbareja?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 26. kesäkuuta 2009 @ 21:21
|
|
warwas
Suspended permanently
|
27. kesäkuuta 2009 @ 11:51 |
Linkki tähän viestiin
|
Nuo 02-riveillä olevat File missing -ilmoitukset ovat luotettavia yhtä örkkiä lukuunottamatta, ja se örkki (gromozon) on nykyään aika harvinainen.
Nuo File missing ovat pelkkiä turhia rekisterinmerkintöjä jotka voi aina poistaa, sinun tapauksessa nyt yahoon ja mesen jämiä.
http://www.systemlookup.com/search.php?t...51-7695ECA05670
http://www.systemlookup.com/search.php?t...64-90988571CECB
Nojoo, jos tän lokin kunnolla kattois.
Avaa Windows Defender.
Klikkaa Tools ja General Settings.
Selaa alas ja ota rasti pois Turn on real-time protection (recommended)-kohdasta.
Tämän jälkeen klikkaa Save ja sulje Windows Defender.
Vistassa kaikki fixit tarvii tehdä järjestelmänvalvojana
Eli hiiren oikealla ja aja järjestelmän valvojana.
[color=blue]Avaa HJT[/color]
Klikkaa Do a system scan only ja merkkaa seuraavat rivit:
[size=9]
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
[/size]
Sammuta kaikki muut ohjelmat paitsi palomuuri ja virustorjunta ja Klikkaa Fix checked
[color=blue]Sulje HJT[/color]
-------------------------------------------------------------------
Skannaa koneesi Kaspersky Online Skannerilla
[list=1][*]Lue läpi vaatimukset ja yksityisyyssäännökset ja klikkaa Accept.
[*]Skannerin ja virustietokannan lataus alkaa. Sinulta kysytään sallitko Kasperskyltä tulevan ohjelman asentamisen. Klikkaa Aja/Run.
[*]Kun lataus on valmis, klikkaa Settings.
[*]Varmistu, että seuraavat kohdat on valittu. Jos ne eivät ole, valitse ne ja klikkaa Save: [list]Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases[/list][*]Klikkaa Oma Tietokone, My Computer Scan-kohdan alapuolelta.
[*]Kun tarkistus on valmis, tulokset näytetään. Klikkaa View Scan Report.
[*]Näet listan saastuneista kohteista. Klikkaa Save Report As....
[*]Tallenna tiedosto työpöydällesi. Muuta Tiedostotyyppi/Files of type muotoon Tekstitiedosto/Text file(.txt) ennen kuin klikkaat Save.
[*]Kopioi ja liitä tiedoston sisältö seuraavaan vastaukseesi uuden HijackThis-lokin kera[/list]
Sammuta ja käynnistä tietokone
[list][*]Lataa tästärandom's system information tool (RSIT) by random/random[/color] ja tallenna se työpöydälle
[*]Tuplaklikkaa RSIT.exeä ajaaksesi RSITin.
[*]Klikkaa Continue.
[*]Kun RSIT on valmis, kaksi lokia avautuu muistioon. Lähetä sekä log.txt:n (<<avautuu suurennettuna) että info.txt:n (<<avautuu pienennettynä) sisältö seuraavassa viestissäsi.[/list]
[color=blue]Lähetätkö seuraavat lokit[/color]
Kasperskyn tulokset
Rsit:n log.txt:n sekä info.txt:n
Edit:Defenderin ohjeet lisätty.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 27. kesäkuuta 2009 @ 12:32
|
|
Tooumas
Junior Member
|
28. kesäkuuta 2009 @ 12:10 |
Linkki tähän viestiin
|
Tuossa nuo Kasperskyn tulokset ja HJT logi. Laitan myöhemin sen RSIT login.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Sunday, June 28, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Sunday, June 28, 2009 06:49:46
Records in database: 2398776
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
Scan statistics:
Files scanned: 281547
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 03:22:08
No malware has been detected. The scan area is clean.
The selected area was scanned.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:12, on 27.6.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\PC Protection\Common\FSM32.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\PC Protection\FSGUI\fsguidll.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\*käyttäjän nimi*\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kainuu.com/Main.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PC Protection\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PC Protection\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\*käyttäjän nimi*\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onl.../fshc/fscax.cab
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PC Protection\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\PC Protection\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PC Protection\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\PC Protection\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\PC Protection\ORSP Client\fsorsp.exe
O23 - Service: Google Update Service (gupdate1c98d215460089e) (gupdate1c98d215460089e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 10042 bytes
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 16. heinäkuuta 2009 @ 13:43
|
|
Tooumas
Junior Member
|
28. kesäkuuta 2009 @ 12:18 |
Linkki tähän viestiin
|
|
RSIT sanoo että:
Line -1:
Error: Subscript used with non-Array variable.
|
|
warwas
Suspended permanently
|
29. kesäkuuta 2009 @ 02:18 |
Linkki tähän viestiin
|
Fiksasitko HJT:lla, sitten boottia ja sitten vasta tuo uusi loki?
Jollet tehnyt sitä niin tee se nyt ja sen jälkeen sammuta ja käynnistä tietokone ja jatka alla olevilla ohjeilla.
Sekä
Vistassa kaikki fixit tarvii tehdä järjestelmänvalvojana
Eli hiiren oikealla ja aja järjestelmän valvojana.
Jollei Rshitti toimaa niin vaihdetaan softaa.
Lataa OTListIt by OldTimer ja tallenna se työpöydälle.
[*] Sulje kaikki päälläolevat ikkunat ja sovellukset.
[*] Tuplaklikkaa OTList.exeä käynnistääksesi OTListItin.
[*] Valitse sininen "Scan All Users"-valintaruutu (laita siihen rasti).
[*] Klikkaa sinistä Run Scan-nappulaa.
[*] OTListIt aloittaa tarkistuksen.
[*] Kun tarkistus on valmis, OTListIt luo kaksi tekstitiedostoa työpöydälle, OTListIt.Txt <- tämä avautuu Muistioon ja Extras.txt
[*] Kopioi (Ctrl+A , Ctrl+C) ja liitä (Ctrl+V) OTListIt.Txt ja Extras.txt-tiedostojen sisältö seuravaan viestiisi
|
|
Tooumas
Junior Member
|
29. kesäkuuta 2009 @ 14:01 |
Linkki tähän viestiin
|
Tein nyt niin että sammutin kaikki hojelmat paitsi virusten torjunnan ja palomuurin, käynnistin HJT:n järjestelmän valvojana, Valitsin nuo 5 "protocol defaults" juttua ja painoin Fix checked. Sitte boottasin koneen ja latasin tuon OT:n ja ajoin sen ohjeiden mukaan. Tässä nämä tekstit.
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000040B | Country: Suomi | Language: FIN | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 98,84% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,63 Gb Total Space | 108,25 Gb Free Space | 46,54% Space Free | Partition Type: NTFS
Drive D: | 596,17 Gb Total Space | 545,22 Gb Free Space | 91,45% Space Free | Partition Type: NTFS
Drive E: | 348,89 Gb Total Space | 346,35 Gb Free Space | 99,27% Space Free | Partition Type: NTFS
Drive F: | 1,93 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: KOTI-PC
Current User Name: *käyttäjän nimi*
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2009.03.16 23:27:06 | 00,180,224 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.03.16 23:27:34 | 00,290,816 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2008.10.29 09:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2009.02.12 17:50:47 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2008.01.21 05:23:32 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008.03.26 08:21:30 | 05,369,856 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.02.14 15:20:06 | 00,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
PRC - [2008.02.14 15:19:54 | 00,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
PRC - [2008.01.27 01:27:12 | 00,523,312 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008.02.25 18:57:48 | 00,034,040 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
PRC - [2008.12.04 17:02:40 | 00,182,936 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\Common\FSM32.EXE
PRC - [2007.03.06 18:48:46 | 00,488,984 | ---- | M] (Labtec Inc,) -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2009.03.09 06:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008.10.15 01:04:34 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2008.01.21 05:25:11 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2008.01.21 05:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 05:25:11 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2009.05.15 16:28:12 | 00,321,344 | ---- | M] (BitTorrent, Inc.) -- C:\Users\*käyttäjän nimi*\Program Files\DNA\btdna.exe
PRC - [2007.03.06 18:51:26 | 00,252,704 | ---- | M] (Labtec Inc.) -- C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
PRC - [2008.12.18 14:32:52 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2008.12.18 13:19:44 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2008.01.25 18:49:04 | 00,269,448 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2008.02.25 18:57:22 | 00,021,752 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
PRC - [2008.01.27 01:27:18 | 00,509,488 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.02.14 15:19:18 | 00,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2009.03.04 14:41:10 | 00,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\Anti-Virus\fsgk32st.exe
PRC - [2008.12.04 17:02:40 | 00,117,400 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\Common\FSMA32.EXE
PRC - [2009.05.28 11:44:47 | 00,461,952 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\Anti-Virus\FSGK32.EXE
PRC - [2008.12.04 17:02:40 | 00,232,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\Common\FSMB32.EXE
PRC - [2007.01.17 11:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008.02.25 02:02:54 | 00,049,152 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
PRC - [2008.02.25 18:53:16 | 00,131,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2009.04.12 14:19:49 | 00,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
PRC - [2006.07.19 21:36:58 | 00,262,247 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2008.01.21 05:24:59 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008.12.04 17:02:38 | 00,125,592 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\Common\FCH32.EXE
PRC - [2008.01.21 05:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 05:23:32 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2008.12.04 17:02:38 | 00,404,064 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\Common\FAMEH32.EXE
PRC - [2008.12.04 16:57:06 | 00,043,680 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\Anti-Virus\fsqh.exe
PRC - [2008.12.04 17:03:02 | 00,707,168 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\FSPC\fspc.exe
PRC - [2008.12.04 17:04:02 | 00,055,904 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\ORSP Client\fsorsp.exe
PRC - [2009.05.28 11:44:47 | 00,575,616 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\Anti-Virus\fssm32.exe
PRC - [2008.12.04 16:55:26 | 00,490,080 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\FSAUA\program\fsaua.exe
PRC - [2008.12.04 16:57:54 | 00,510,560 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\FWES\Program\fsdfwd.exe
PRC - [2008.12.04 16:59:14 | 00,604,768 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\FSGUI\fsguidll.exe
PRC - [2008.12.22 18:01:30 | 00,174,688 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\FSAUA\program\fsus.exe
PRC - [2008.01.21 05:23:52 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009.03.03 05:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2009.03.04 14:41:10 | 00,347,744 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\Anti-Virus\fsav32.exe
PRC - [2009.03.24 17:13:34 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
PRC - [2009.03.03 05:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2009.06.29 13:45:17 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\*käyttäjän nimi*\Desktop\OTL.exe
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - [2008.01.25 18:49:04 | 00,269,448 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service [Auto | Running])
SRV - [2009.03.16 23:27:06 | 00,180,224 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility [Auto | Running])
SRV - [2008.02.25 18:57:22 | 00,021,752 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc [Auto | Running])
SRV - [2008.01.21 05:24:55 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008.01.27 01:27:18 | 00,509,488 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service [Auto | Running])
SRV - [2008.01.21 05:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006.11.02 15:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006.11.02 15:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008.02.14 15:19:18 | 00,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService [Auto | Running])
SRV - [2008.01.21 05:23:49 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2009.03.04 14:41:10 | 00,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter [Auto | Running])
SRV - [2009.04.04 22:38:56 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008.01.21 05:25:20 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008.12.04 16:55:26 | 00,490,080 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\FSAUA\program\fsaua.exe -- (FSAUA [On_Demand | Running])
SRV - [2008.12.04 16:57:54 | 00,510,560 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\FWES\Program\fsdfwd.exe -- (FSDFWD [On_Demand | Running])
SRV - [2008.12.04 17:02:40 | 00,117,400 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\Common\FSMA32.EXE -- (FSMA [Auto | Running])
SRV - [2008.12.04 17:04:02 | 00,055,904 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\ORSP Client\fsorsp.exe -- (FSORSPClient [On_Demand | Running])
SRV - [2009.02.12 17:50:47 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c98d215460089e [Auto | Stopped])
SRV - [2009.03.24 17:13:34 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running])
SRV - [2008.01.21 05:25:20 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2007.01.17 11:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2007.03.06 18:55:24 | 00,105,248 | ---- | M] (Labtec Inc.) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher [Auto | Stopped])
SRV - [2008.01.21 05:25:21 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008.02.25 02:02:54 | 00,049,152 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc [Auto | Running])
SRV - [2008.02.25 18:53:16 | 00,131,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc [Auto | Running])
SRV - [2007.08.24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006.10.26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009.04.12 14:19:49 | 00,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
SRV - [2006.07.19 21:36:58 | 00,262,247 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2008.01.21 05:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008.01.21 05:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - [2008.08.14 07:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\drivers\adfs.sys -- (adfs [Auto | Running])
DRV - [2008.01.21 05:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2008.01.21 05:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2008.01.21 05:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2008.01.21 05:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2007.12.19 09:45:00 | 00,170,000 | ---- | M] (AMD Technologies Inc.) -- C:\Windows\system32\drivers\ahcix86s.sys -- (ahcix86s [Boot | Running])
DRV - [2006.11.02 12:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2008.01.21 05:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2008.01.21 05:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2008.01.21 05:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2009.02.20 08:17:50 | 00,095,760 | ---- | M] (ATI Research Inc.) -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService [On_Demand | Running])
DRV - [2009.03.17 00:33:54 | 04,361,216 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\DRIVERS\atikmdag.sys -- (atikmdag [On_Demand | Running])
DRV - [2006.10.30 06:23:12 | 00,007,680 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie [Boot | Running])
DRV - [2006.11.10 16:08:50 | 00,024,064 | ---- | M] () -- C:\Windows\System32\DRIVERS\ATITool.sys -- (ATITool [System | Stopped])
DRV - [2006.11.02 11:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006.11.02 11:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006.11.02 11:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006.11.02 11:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006.11.02 11:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006.11.02 11:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2008.01.21 05:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2008.01.21 05:23:24 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2008.01.21 05:23:22 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2008.12.04 16:57:10 | 00,039,776 | ---- | M] () -- C:\Program Files\PC Protection\Anti-Virus\Win2K\FSfilter.sys -- (F-Secure Filter [Disabled | Stopped])
DRV - [2009.05.28 11:46:25 | 00,086,648 | ---- | M] () -- C:\Program Files\PC Protection\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper [On_Demand | Running])
DRV - [2008.12.04 17:02:20 | 00,067,808 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\HIPS\drivers\fshs.sys -- (F-Secure HIPS [System | Running])
DRV - [2008.12.04 16:57:10 | 00,025,184 | ---- | M] () -- C:\Program Files\PC Protection\Anti-Virus\Win2K\FSrec.sys -- (F-Secure Recognizer [Disabled | Stopped])
DRV - [2009.02.02 13:36:47 | 00,033,408 | ---- | M] () -- C:\Windows\system32\Drivers\fsbts.sys -- (fsbts [Boot | Running])
DRV - [2008.12.04 16:57:36 | 00,035,552 | ---- | M] (F-Secure Corporation) -- C:\Windows\System32\drivers\fses.sys -- (FSES [System | Running])
DRV - [2008.12.04 16:57:54 | 00,070,944 | ---- | M] (F-Secure Corporation) -- C:\Windows\System32\drivers\fsdfw.sys -- (FSFW [System | Running])
DRV - [2008.12.04 16:57:08 | 00,012,384 | ---- | M] () -- C:\Program Files\PC Protection\Anti-Virus\minifilter\fsvista.sys -- (fsvista [System | Running])
DRV - [2008.01.21 05:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2008.01.21 05:23:23 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2006.11.02 12:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2008.02.14 15:16:12 | 00,015,392 | ---- | M] (Acer, Inc.) -- C:\Windows\System32\drivers\int15.sys -- (int15 [Auto | Running])
DRV - [2008.03.26 13:35:54 | 02,103,512 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2006.11.02 12:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006.11.02 12:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2008.01.21 05:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2008.01.21 05:23:25 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2008.01.21 05:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2007.03.06 18:50:30 | 01,669,664 | ---- | M] () -- C:\Windows\System32\DRIVERS\LVcKap.sys -- (LVcKap [On_Demand | Stopped])
DRV - [2007.03.06 18:52:46 | 02,261,792 | ---- | M] (Labtec Inc.) -- C:\Windows\System32\DRIVERS\LVMVDrv.sys -- (LVMVDrv [On_Demand | Stopped])
DRV - [2007.03.06 18:54:40 | 00,041,376 | ---- | M] (Labtec Inc.) -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Running])
DRV - [2008.01.21 05:23:27 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2008.01.21 05:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR [Disabled | Stopped])
DRV - [2006.11.02 12:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2006.11.02 12:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2008.01.30 12:52:06 | 00,014,848 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Windows\System32\DRIVERS\NTIDrvr.sys -- (NTIDrvr [On_Demand | Running])
DRV - [2006.11.02 10:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2008.01.21 05:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2008.01.21 05:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - [2007.03.06 18:48:46 | 00,014,240 | ---- | M] (Labtec Inc.) -- C:\Windows\System32\DRIVERS\lv302af.sys -- (pepifilter [On_Demand | Running])
DRV - [2007.03.06 18:48:46 | 01,273,504 | ---- | M] (Labtec Inc.) -- C:\Windows\System32\DRIVERS\LV302V32.SYS -- (PID_PEPI [On_Demand | Running])
DRV - [2008.01.27 01:27:26 | 00,018,480 | ---- | M] (Egis Incorporated) -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter [Boot | Running])
DRV - [2008.01.27 01:27:28 | 00,016,432 | ---- | M] (Egis Incorporated) -- C:\Windows\System32\DRIVERS\PSDNServ.sys -- (PSDNServ [Auto | Running])
DRV - [2008.01.27 01:27:28 | 00,059,952 | ---- | M] (Egis Incorporated) -- C:\Windows\System32\DRIVERS\PSDVdisk.sys -- (psdvdisk [Auto | Running])
DRV - [2008.01.21 05:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006.11.02 12:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2005.11.03 21:39:02 | 00,245,504 | ---- | M] (Ralink Technology, Corp.) -- C:\Windows\System32\DRIVERS\Dr71WU.sys -- (RT73 [On_Demand | Stopped])
DRV - [2006.11.02 09:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2008.01.21 05:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2009.05.12 22:09:56 | 00,721,904 | ---- | M] () -- C:\Windows\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2006.11.02 12:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006.11.02 12:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006.11.02 12:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2007.09.28 15:29:12 | 00,014,544 | ---- | M] (EnTech Taiwan) -- C:\Windows\System32\drivers\tvicport.sys -- (tvicport [Auto | Running])
DRV - [2008.01.30 12:51:50 | 00,013,824 | ---- | M] (NewTech Infosystems Corporation) -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper [Boot | Running])
DRV - [2008.01.21 05:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006.11.02 12:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2008.01.21 05:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2008.01.21 05:23:21 | 00,073,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
DRV - [2008.01.21 05:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2008.01.21 05:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
DRV - [2007.12.28 05:51:00 | 00,298,496 | ---- | M] (Marvell) -- C:\Windows\System32\DRIVERS\yk60x86.sys -- (yukonwlh [On_Demand | Running])
DRV - [2007.09.28 15:29:12 | 00,006,080 | ---- | M] (Zeal SoftStudio) -- C:\Windows\System32\drivers\zntport.sys -- (zntport [Auto | Running])
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-912600381-1854815515-268499315-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.kainuu.com/Main.aspx
IE - HKU\S-1-5-21-912600381-1854815515-268499315-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-912600381-1854815515-268499315-1000\S-1-5-21-912600381-1854815515-268499315-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.02.02 14:08:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.06.27 11:13:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.06.27 11:13:19 | 00,000,000 | ---D | M]
[2009.06.26 00:21:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009.06.27 11:13:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.02.07 22:50:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009.03.28 18:53:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009.06.27 11:13:07 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009.06.27 11:13:07 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007.04.10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009.01.16 20:17:04 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2008.09.04 03:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2009.03.09 06:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009.06.27 11:13:12 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008.10.14 21:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009.06.27 11:13:14 | 00,002,062 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bookplus-fi.xml
[2009.06.27 11:13:14 | 00,001,069 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons-fi.xml
[2009.06.27 11:13:14 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009.06.27 11:13:14 | 00,002,677 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\huuto-fi.xml
[2009.06.27 11:13:14 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fi.xml
[2009.06.27 11:13:14 | 00,000,796 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-fi.xml
O1 HOSTS File: (1243 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (Adobe PDF Reader -linkkiavustaja) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Windows Liven kirjautumisapuohjelma) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe (Egis Incorporated)
O4 - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Lau File not found
O4 - HKLM..\Run: [F-Secure Manager] File not found
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\PC Protection\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Labtec Inc,)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Labtec\WebCam10\WebCam10.exe ()
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\Skytel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-21-912600381-1854815515-268499315-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-912600381-1854815515-268499315-1000..\Run: [BitTorrent DNA] C:\Users\*käyttäjän nimi*\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-912600381-1854815515-268499315-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-912600381-1854815515-268499315-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-912600381-1854815515-268499315-1000..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-912600381-1854815515-268499315-1000..\Run: [Orb] C:\Program Files\Winamp Remote\bin\OrbTray.exe File not found
O4 - HKU\S-1-5-21-912600381-1854815515-268499315-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Users\All Users\Adobe [2009.05.17 18:12:32 | 00,000,000 | ---D | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\All Users\ATI [2009.04.29 16:06:34 | 00,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\CyberLink [2008.04.23 00:39:49 | 00,000,000 | ---D | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\All Users\Desktop [2006.11.02 16:02:03 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Documents [2006.11.02 16:02:03 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\eSobi [2008.04.23 01:08:52 | 00,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\f-secure [2009.02.02 12:26:51 | 00,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Favorites [2006.11.02 16:02:03 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\FLEXnet [2009.04.04 22:50:06 | 00,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\FloodLightGames [2008.04.23 00:42:19 | 00,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\fssg [2009.02.02 12:25:43 | 00,000,000 | ---D | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\All Users\Käynnistä-valikko [2009.02.02 11:58:14 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Mallit [2009.02.02 11:58:14 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Malwarebytes [2009.06.21 19:03:19 | 00,000,000 | ---D | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\All Users\Microsoft [2009.04.16 17:57:58 | 00,000,000 | --SD | M]
O4 - Startup: C:\Users\All Users\Microsoft [2009.04.16 17:57:58 | 00,000,000 | --SD | M]
O4 - Startup: C:\Users\All Users\OrbNetworks [2009.02.18 21:33:31 | 00,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Sony [2009.03.08 21:08:34 | 00,000,000 | ---D | M]
O4 - Startup: File not found
O4 - Startup: File not found
O4 - Startup: C:\Users\All Users\Suosikit [2009.02.02 11:58:14 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\TEMP [2009.05.09 15:14:36 | 00,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Templates [2006.11.02 16:02:04 | 00,000,000 | -HSD | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\All Users\Tiedostot [2009.02.02 11:58:14 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Työpöytä [2009.02.02 11:58:14 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Ubisoft [2009.04.08 20:37:11 | 00,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{174892B1-CBE7-44F5-86FF-AB555EFD73A3} [2008.04.23 00:59:16 | 00,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\AppData [2006.11.02 14:18:34 | 00,000,000 | -H-D | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\Default\Cookies [2006.11.02 16:02:03 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Desktop [2006.11.02 13:23:35 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Documents [2009.02.02 11:58:14 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Downloads [2006.11.02 13:23:35 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Favorites [2008.04.23 00:41:29 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Käynnistä-valikko [2009.02.02 11:58:14 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Links [2006.11.02 13:23:35 | 00,000,000 | R--D | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\Default\Mallit [2009.02.02 11:58:14 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Music [2006.11.02 13:23:35 | 00,000,000 | R--D | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\Default\NetHood [2006.11.02 16:02:03 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()
O4 - Startup: C:\Users\Default\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Default\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: File not found
O4 - Startup: C:\Users\Default\Pictures [2006.11.02 13:23:35 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\PrintHood [2006.11.02 16:02:03 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Recent [2006.11.02 16:02:03 | 00,000,000 | -HSD | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\Default\SendTo [2006.11.02 16:02:03 | 00,000,000 | -HSD | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\Default\Templates [2006.11.02 16:02:03 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Tulostinympäristö [2009.02.02 11:58:14 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Verkkoympäristö [2009.02.02 11:58:14 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Videos [2006.11.02 13:23:35 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Muu perhe\AppData [2009.02.03 14:57:48 | 00,000,000 | -H-D | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\Muu perhe\Contacts [2009.02.03 14:57:37 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Muu perhe\Cookies [2009.02.03 14:57:31 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\Muu perhe\Desktop [2009.06.21 00:33:39 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Muu perhe\Documents [2009.06.25 15:27:26 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Muu perhe\Downloads [2009.02.03 14:57:48 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Muu perhe\Favorites [2009.02.03 14:57:51 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Muu perhe\Käynnistä-valikko [2009.02.03 14:57:31 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\Muu perhe\Links [2009.02.03 14:57:49 | 00,000,000 | R--D | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\Muu perhe\Mallit [2009.02.03 14:57:31 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\Muu perhe\Music [2009.02.03 14:57:48 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Muu perhe\NTUSER.DAT ()
O4 - Startup: C:\Users\Muu perhe\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Muu perhe\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Muu perhe\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\Muu perhe\NTUSER.DAT ()
O4 - Startup: C:\Users\Muu perhe\NTUSER.DAT ()
O4 - Startup: C:\Users\Muu perhe\ntuser.ini ()
O4 - Startup: File not found
O4 - Startup: C:\Users\Muu perhe\Pictures [2009.03.10 17:59:39 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Muu perhe\Recent [2009.02.03 14:57:31 | 00,000,000 | -HSD | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\Muu perhe\Searches [2009.02.03 14:57:49 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Muu perhe\SendTo [2009.02.03 14:57:31 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\Muu perhe\Tracing [2009.06.25 15:10:25 | 00,000,000 | ---D | M]
O4 - Startup: C:\Users\Muu perhe\Tulostinympäristö [2009.02.03 14:57:31 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\Muu perhe\Verkkoympäristö [2009.02.03 14:57:31 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\Muu perhe\Videos [2009.03.10 17:59:39 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Desktop [2009.06.26 00:21:41 | 00,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Documents [2009.04.04 22:45:33 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Downloads [2006.11.02 15:50:50 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Favorites [2006.11.02 13:23:35 | 00,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Music [2006.11.02 15:50:50 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\NTUSER.DAT ()
O4 - Startup: C:\Users\Public\NTUSER.DAT.LOG1 ()
O4 - Startup: C:\Users\Public\NTUSER.DAT.LOG2 ()
O4 - Startup: C:\Users\Public\NTUSER.DAT{594efddb-f108-11dd-bbb9-001fe25a0517}.TM.blf ()
O4 - Startup: C:\Users\Public\NTUSER.DAT ()
O4 - Startup: C:\Users\Public\NTUSER.DAT ()
O4 - Startup: C:\Users\Public\NTUSER.DAT{894836eb-f78c-11dd-b6b6-0022b00c898e}.TM.blf ()
O4 - Startup: C:\Users\Public\NTUSER.DAT ()
O4 - Startup: C:\Users\Public\NTUSER.DAT ()
O4 - Startup: C:\Users\Public\Pictures [2006.11.02 15:50:50 | 00,000,000 | R--D | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\Public\Videos [2006.11.02 15:50:50 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\*käyttäjän nimi*\AppData [2009.02.02 12:03:58 | 00,000,000 | -H-D | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\*käyttäjän nimi*\Contacts [2009.02.02 12:18:22 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\*käyttäjän nimi*\Cookies [2009.02.02 12:01:46 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\*käyttäjän nimi*\Desktop [2009.06.29 13:45:16 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\*käyttäjän nimi*\Documents [2009.05.31 15:29:32 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\*käyttäjän nimi*\Downloads [2009.06.07 14:27:53 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\*käyttäjän nimi*\Favorites [2009.05.20 17:55:23 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\*käyttäjän nimi*\Games [2009.04.13 19:24:01 | 00,000,000 | ---D | M]
O4 - Startup: C:\Users\*käyttäjän nimi*\Käynnistä-valikko [2009.02.02 12:01:46 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\*käyttäjän nimi*\Links [2006.11.02 13:23:35 | 00,000,000 | R--D | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\*käyttäjän nimi*\Mallit [2009.02.02 12:01:46 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\*käyttäjän nimi*\Music [2009.05.15 23:38:19 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\*käyttäjän nimi*\NTUSER.DAT ()
O4 - Startup: C:\Users\*käyttäjän nimi*\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\*käyttäjän nimi*\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\*käyttäjän nimi*\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\*käyttäjän nimi*\NTUSER.DAT ()
O4 - Startup: C:\Users\*käyttäjän nimi*\NTUSER.DAT ()
O4 - Startup: C:\Users\*käyttäjän nimi*\ntuser.ini ()
O4 - Startup: File not found
O4 - Startup: C:\Users\*käyttäjän nimi*\Option [2009.06.09 00:10:05 | 00,000,000 | ---D | M]
O4 - Startup: C:\Users\*käyttäjän nimi*\Pictures [2009.05.15 23:38:19 | 00,000,000 | R--D | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\*käyttäjän nimi*\Recent [2009.02.02 12:01:46 | 00,000,000 | -HSD | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\*käyttäjän nimi*\Searches [2009.04.06 15:37:51 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\*käyttäjän nimi*\SendTo [2009.02.02 12:01:46 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\*käyttäjän nimi*\Tracing [2009.06.29 13:43:10 | 00,000,000 | ---D | M]
O4 - Startup: C:\Users\*käyttäjän nimi*\Tulostinympäristö [2009.02.02 12:01:46 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\*käyttäjän nimi*\Verkkoympäristö [2009.02.02 12:01:46 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\*käyttäjän nimi*\Videos [2009.05.15 23:38:19 | 00,000,000 | R--D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: V&ie Microsoft Exceliin - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll (F-Secure Corporation)
O9 - Extra 'Tools' menuitem : Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll (F-Secure Corporation)
O9 - Extra Button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\PC Protection\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\PC Protection\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\PC Protection\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\PC Protection\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\PC Protection\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\PC Protection\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\PC Protection\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab (Symantec Configuration Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstal...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} http://support.f-secure.com/enu/home/onl.../fshc/fscax.cab (F-Secure Health Check 1.1)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstal...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstal...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.19 00:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.11.01 13:59:48 | 01,187,840 | R--- | M] () - F:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2005.11.01 13:59:48 | 01,187,840 | R--- | M] () - F:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2005.11.01 13:59:47 | 00,000,043 | R--- | M] () - F:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2009.06.28 12:16:04 | 00,000,000 | ---D | C] -- C:\rsit
[2009.06.26 00:21:41 | 00,001,728 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009.06.21 20:54:01 | 00,000,532 | ---- | C] () -- C:\Windows\tasks\Scheduled scanning task.job
[2009.06.21 20:28:45 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009.06.21 19:03:21 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009.06.21 19:03:19 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009.06.21 19:03:19 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009.06.21 17:52:57 | 32,183,09120 | -HS- | C] () -- C:\hiberfil.sys
[2009.06.21 17:16:35 | 24,450,3826 | ---- | C] () -- C:\SYM_REGISTRY_BACKUP.reg
[2009.06.13 21:30:01 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009.06.13 21:30:00 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009.06.13 21:30:00 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009.06.13 21:30:00 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009.06.13 21:29:59 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009.06.13 19:38:29 | 03,581,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009.06.13 19:38:27 | 06,069,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009.06.13 19:38:26 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009.06.13 19:38:25 | 00,827,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009.06.13 19:38:25 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009.06.13 19:38:24 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009.06.13 19:38:24 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009.06.13 19:38:23 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009.06.13 19:38:23 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009.06.13 19:38:23 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009.06.13 19:38:22 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009.06.13 19:38:22 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009.06.13 19:38:22 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009.06.13 19:38:22 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009.06.13 19:38:20 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009.06.13 19:37:26 | 02,033,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009.06.13 19:37:22 | 00,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2009.06.13 19:37:14 | 00,784,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
[2009.06.02 00:22:03 | 00,003,120 | ---- | C] () -- C:\Windows\System32\ENNEZFID.ocx
[2009.06.02 00:21:43 | 00,131,072 | ---- | C] (Concept Software, Inc.) -- C:\Windows\System32\SKCA32.dll
[2009.06.02 00:21:43 | 00,127,488 | ---- | C] (Concept Software, Inc.) -- C:\Windows\System32\KEYLIB32.dll
[2009.05.31 15:28:28 | 00,000,000 | ---D | C] -- C:\Program Files\Deluxe Ski Jump 3
[2009.05.31 11:07:01 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009.05.31 11:06:56 | 14,045,4760 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009.05.15 23:09:14 | 00,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2009.05.14 19:08:21 | 00,000,340 | ---- | C] () -- C:\Windows\wininit.ini
[2009.04.02 18:59:32 | 00,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.03.16 23:26:02 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.02.18 22:08:46 | 00,051,370 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009.02.18 21:35:52 | 00,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009.02.18 19:14:30 | 00,138,168 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.02.02 12:26:55 | 00,033,408 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys
[2008.07.22 11:01:25 | 00,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2008.04.23 01:07:38 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.04.23 01:07:38 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.04.23 00:26:27 | 00,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.04.23 00:23:17 | 00,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2007.05.15 19:06:58 | 00,071,208 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll
[2007.04.14 15:57:06 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007.04.14 15:57:06 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007.04.14 15:57:06 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007.04.14 15:57:04 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007.04.14 15:57:04 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007.04.14 15:57:04 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007.04.14 15:57:04 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007.04.14 15:57:04 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007.04.14 15:57:04 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.03.06 18:50:30 | 01,669,664 | ---- | C] () -- C:\Windows\System32\drivers\Lvckap.sys
[2006.11.10 16:08:50 | 00,024,064 | ---- | C] () -- C:\Windows\System32\drivers\ATITool.sys
[2006.11.02 15:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 13:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006.11.02 13:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006.11.02 10:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.02.25 02:59:49 | 00,318,014 | ---- | C] () -- C:\Windows\System32\flt1chk4.dll
[2004.10.28 17:38:10 | 00,315,728 | ---- | C] () -- C:\Windows\System32\flt1chk3.dll
[2002.03.14 01:46:46 | 00,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2001.12.26 16:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2009.06.29 13:45:28 | 00,000,900 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009.06.29 13:43:08 | 00,000,992 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachine.job
[2009.06.29 13:43:02 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009.06.29 13:43:02 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009.06.29 13:43:01 | 00,000,532 | ---- | M] () -- C:\Windows\tasks\Scheduled scanning task.job
[2009.06.29 13:43:01 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009.06.29 13:42:59 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009.06.29 13:42:55 | 32,183,09120 | -HS- | M] () -- C:\hiberfil.sys
[2009.06.29 12:27:22 | 01,216,208 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009.06.29 12:27:22 | 00,592,668 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009.06.29 12:27:22 | 00,442,516 | ---- | M] () -- C:\Windows\System32\perfh00B.dat
[2009.06.29 12:27:22 | 00,102,856 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009.06.29 12:27:22 | 00,083,758 | ---- | M] () -- C:\Windows\System32\perfc00B.dat
[2009.06.27 23:31:57 | 00,138,168 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.06.27 23:30:33 | 00,189,472 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2009.06.27 23:30:33 | 00,189,472 | ---- | M] () -- C:\Windows\System32\PnkBstrB.exe
[2009.06.26 00:21:41 | 00,001,728 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009.06.21 17:16:49 | 24,450,3826 | ---- | M] () -- C:\SYM_REGISTRY_BACKUP.reg
[2009.06.17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009.06.17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009.06.13 21:24:32 | 02,224,320 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.06.05 20:38:51 | 00,131,072 | ---- | M] (Concept Software, Inc.) -- C:\Windows\System32\SKCA32.dll
[2009.06.05 20:38:51 | 00,127,488 | ---- | M] (Concept Software, Inc.) -- C:\Windows\System32\KEYLIB32.dll
[2009.06.02 00:22:03 | 00,003,120 | ---- | M] () -- C:\Windows\System32\ENNEZFID.ocx
[2009.06.01 19:51:12 | 23,635,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009.05.31 11:07:01 | 14,045,4760 | ---- | M] () -- C:\Windows\MEMORY.DMP
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 512 bytes -> C:\Users\All Users\TEMP:05EE1EEF
@Alternate Data Stream - 110 bytes -> C:\Users\All Users\TEMP:888AFB86
@Alternate Data Stream - 105 bytes -> C:\Users\All Users\TEMP:C95B63DA
< End of report >
OTL Extras logfile created on: 29.6.2009 13:46:14 - Run 1
OTL by OldTimer - Version 3.0.5.3 Folder = C:\Users\*käyttäjän nimi*\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000040B | Country: Suomi | Language: FIN | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 98,84% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,63 Gb Total Space | 108,25 Gb Free Space | 46,54% Space Free | Partition Type: NTFS
Drive D: | 596,17 Gb Total Space | 545,22 Gb Free Space | 91,45% Space Free | Partition Type: NTFS
Drive E: | 348,89 Gb Total Space | 346,35 Gb Free Space | 99,27% Space Free | Partition Type: NTFS
Drive F: | 1,93 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: KOTI-PC
Current User Name: *käyttäjän nimi*
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
File not found -- Reg Error: Unknown registry data type
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0CCC0F9A-81E6-3529-4394-86384585325C}" = Catalyst Control Center Graphics Light
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{153A64E0-7140-A1AE-C7ED-745A3218DFBD}" = ccc-utility
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Liven lataustyökalu
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13
"{27DC856A-0916-4988-8198-8714DDD3183D}" = AGEIA PhysX v7.05.17
"{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus G
"{2C99779B-99A9-CE50-C43F-A9F765E1FE23}" = ATI Catalyst Install Manager
"{2FBE4C1F-D40A-B18C-FEC0-EE01199DECD1}" = ccc-core-static
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A51E32B-2EAD-44A0-AC41-9B27025AD892}" = Windows Liven asennustyökalu
"{4D917177-4E73-144B-EFFE-802EFF83D5B4}" = Catalyst Control Center InstallProxy
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5731C0A8-B266-451A-8D3F-8066AA21836F}" = Tom Clancy's Rainbow Six Vegas
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6495D83E-3A5B-4674-A17F-3A6DDCDC0F89}" = Microsoft Works
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
"{7157C65D-270C-F593-C873-FF9AD949E221}" = Skins
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{733C47BE-4A73-66BE-03EC-460AC98E550C}" = Catalyst Control Center Graphics Previews Vista
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{79329446-9BBD-46CE-9D73-AD907BFEFBF4}" = Windows Live Messenger
"{79C051A5-3141-1CD2-D601-7127D0CD9E22}" = Catalyst Control Center HydraVision Full
"{7C9AD221-994C-45B2-B46D-26F5735158CF}" = Sony Vegas Pro 8.0
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{899FEBB5-CDF7-FD73-01B5-1381EAA75EED}" = CCC Help English
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BECF123-B0EF-4E51-B7F3-923EFE15CC4A}" = Battlefield 2(TM) Demo
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-040B-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Finnish) 2007
"{90120000-0016-040B-0000-0000000FF1CE}_HOMESTUDENTR_{E2697EE8-D953-4482-8A30-D6A4D07DE5FB}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-040B-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Finnish) 2007
"{90120000-0018-040B-0000-0000000FF1CE}_HOMESTUDENTR_{E2697EE8-D953-4482-8A30-D6A4D07DE5FB}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-040B-0000-0000000FF1CE}" = Microsoft Office Word MUI (Finnish) 2007
"{90120000-001B-040B-0000-0000000FF1CE}_HOMESTUDENTR_{E2697EE8-D953-4482-8A30-D6A4D07DE5FB}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040B-0000-0000000FF1CE}" = Microsoft Office Proof (Finnish) 2007
"{90120000-001F-040B-0000-0000000FF1CE}_HOMESTUDENTR_{F14C929B-E0E6-4EB5-8BFD-FC71AAC7D39C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-041D-0000-0000000FF1CE}" = Microsoft Office Proof (Swedish) 2007
"{90120000-001F-041D-0000-0000000FF1CE}_HOMESTUDENTR_{A8626CEF-CB0A-4BC2-8F51-210A43B6158D}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-040B-0000-0000000FF1CE}" = Microsoft Office Proofing (Finnish) 2007
"{90120000-006E-040B-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Finnish) 2007
"{90120000-006E-040B-0000-0000000FF1CE}_HOMESTUDENTR_{E8865B68-C2A1-4B9D-BBA7-782E8FC2E52F}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-040B-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Finnish) 2007
"{90120000-00A1-040B-0000-0000000FF1CE}_HOMESTUDENTR_{E2697EE8-D953-4482-8A30-D6A4D07DE5FB}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon® 3
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995BF1A7-30E5-49E5-A0E4-AD3213D9E330}" = Labtec WebCam
"{998152E5-B605-4BBB-9853-E749AEE02B21}" = Windows Liven kirjautumisavustaja
"{9B091E1C-781A-4769-9A8D-9AFB6A39EBCC}" = Active Sky Advanced
"{9C87F6BB-75E4-4F35-8353-F5E295264E98}" = Windows Live Call
"{A3BC9DDC-4B4C-F307-FEDC-7B77992FBC9F}" = Catalyst Control Center Graphics Full New
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AC76BA86-7AD7-1035-7B44-A81300000003}" = Adobe Reader 8.1.4 - Suomi
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD960D1B-2D16-5A6A-FAD7-E5C32BB78CE7}" = Catalyst Control Center Graphics Full Existing
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D191837E-0AE9-F062-9EE3-A97DD6D9A11D}" = Catalyst Control Center Core Implementation
"{D36165EF-5846-45A6-BD11-F581D183F312}" = LAGO FS Falcon FS2004 version 2.00
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{E369A040-E812-37B3-A5B9-311E5579FAC3}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fin
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E94F42C9-75F5-FFA4-0112-37D2F040017F}" = Catalyst Control Center Graphics Previews Common
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"763v2" = Level-D Simulations 767-300
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Airports of MeXico Center Edition for FS2004 by FlyMex" = Airports of MeXico Center Edition for FS2004 by FlyMex
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Deluxe Ski Jump 3_is1" = Deluxe Ski Jump 3 v1.7.0
"eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook!
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.00
"FinnTerrain 1.8" = FinnTerrain 1.8
"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 A Century of Flight
"Fraps" = Fraps (remove only)
"FSD Cheyenne LS 400 for FS 2004" = FSD gmax® Cheyenne 400 LSs\CurrentVersion\Uninstal
"F-Secure Product 444" = F-Secure PC Protection Plus
"GameSpy Arcade" = GameSpy Arcade
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - fin" = Microsoft .NET Framework 3.5 SP1:n kielitukipaketti - FI
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"PIPER PA-28RT 201 ARROW IV FS2004" = PIPER PA-28RT 201 ARROW IV FS2004
"ProPilkki2" = Pro Pilkki 2
"PSS - Boeing 757 Pro. v1.3" = PSS - Boeing 757 Pro. v1.3
"PunkBusterSvc" = PunkBuster Services
"QcDrv" = Labtec® Camera -ohjain
"REAL SKY PRO EDITION_is1" = FS9 Version
"Rovaniemi 4.1" = Rovaniemi 4.1
"SopCast" = SopCast 3.0.3
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Ultimate Terrain - Europe" = Ultimate Terrain - Europe
"WinLiveSuite_Wave3" = Windows Liven asennustyökalu
"WinRAR archiver" = WinRAR-pakkausohjelma
"VLC media player" = VLC media player 0.9.8a
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Carenado's C172N Skyhawk II FS2004" = Carenado's C172N Skyhawk II FS2004
"RNZAF NH-90 tth Helicopter for FS2004" = RNZAF NH-90 tth Helicopter for FS2004
"uTorrent" = µTorrent
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
[ Application Events ]
Error - 25.6.2009 13:27:38 | Computer Name = Koti-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.6.2009 13:29:53 | Computer Name = Koti-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.6.2009 18:25:23 | Computer Name = Koti-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.6.2009 18:25:23 | Computer Name = Koti-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 26.6.2009 5:07:57 | Computer Name = Koti-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 26.6.2009 5:07:59 | Computer Name = Koti-PC | Source = WinMgmt | ID = 10
Description =
Error - 26.6.2009 11:37:46 | Computer Name = Koti-PC | Source = WinMgmt | ID = 10
Description =
Error - 26.6.2009 11:37:52 | Computer Name = Koti-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 26.6.2009 13:29:40 | Computer Name = Koti-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 26.6.2009 13:29:49 | Computer Name = Koti-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 9.2.2009 1:58:49 | Computer Name = Koti-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 9.2.2009 8:54:42 | Computer Name = Koti-PC | Source = HTTP | ID = 15016
Description =
Error - 9.2.2009 8:56:25 | Computer Name = Koti-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 9.2.2009 11:32:45 | Computer Name = Koti-PC | Source = HTTP | ID = 15016
Description =
Error - 9.2.2009 11:34:26 | Computer Name = Koti-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 9.2.2009 13:48:33 | Computer Name = Koti-PC | Source = HTTP | ID = 15016
Description =
Error - 9.2.2009 13:50:14 | Computer Name = Koti-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 10.2.2009 12:05:04 | Computer Name = Koti-PC | Source = HTTP | ID = 15016
Description =
Error - 10.2.2009 12:06:46 | Computer Name = Koti-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 11.2.2009 9:00:37 | Computer Name = Koti-PC | Source = HTTP | ID = 15016
Description =
< End of report >
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 16. heinäkuuta 2009 @ 13:53
|
|
Tooumas
Junior Member
|
29. kesäkuuta 2009 @ 14:09 |
Linkki tähän viestiin
|
|
Tuli jostain syystä kahdesti.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 29. kesäkuuta 2009 @ 14:23
|
|
Tooumas
Junior Member
|
3. heinäkuuta 2009 @ 13:01 |
Linkki tähän viestiin
|
|
Löytyykö tuolta enää mitään haitallista?
|
|
Tooumas
Junior Member
|
16. heinäkuuta 2009 @ 13:58 |
Linkki tähän viestiin
|
No onko siellä mitään? Tässä vielä HJT logi.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:41:32, on 29.6.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\PC Protection\Common\FSM32.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\*käyttäjän nimi*\Program Files\DNA\btdna.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\PC Protection\FSGUI\fsguidll.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kainuu.com/Main.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PC Protection\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PC Protection\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\*käyttäjän nimi*\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onl.../fshc/fscax.cab
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PC Protection\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\PC Protection\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PC Protection\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\PC Protection\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\PC Protection\ORSP Client\fsorsp.exe
O23 - Service: Google Update Service (gupdate1c98d215460089e) (gupdate1c98d215460089e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 9996 bytes
|
|
warwas
Suspended permanently
|
17. heinäkuuta 2009 @ 14:16 |
Linkki tähän viestiin
|
Sori ku kestänyt.
Ei tuolla enään mitään näy, toimiiko kunnolla? Jos toimii niin tee vielä seuraavat.
Javan päivitys ja välimuistin tyhjennys:
1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
(Windows Vista: Käynnistä -> [kirjoita hakukenttään] Ohjelmat ja toiminnot ja Enter)
2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä: 
3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..
http://java.sun.com/javase/downloads/index.jsp
Rullaa alas kohteeseen JRE 6 Update 14
Paina Download
Valitse Platform -kohtaan käyttöjärjestelmäsi Windows.
Ruksaa I agree to theJava SE Runtime Environment 6 with JavaFX License Agreement.
Paina Continue.
Paina Windows Offline Installation:in alapuolelta jre-6u14-windows-i586-p.exe.
Tallenna tiedosto vaikka työpöydälle ja asenna se.
5. Käynnistä kone uudelleen asennuksen jälkeen.
6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).
7. General-välilehdellä klikkaa Settings. Vedä liukusäädintä (Disk Space) pienemmälle.
(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).
8. Klikkaa Delete Files -nappia. Varmista että kaikki kaksi valintaa ovat rastitettuja:
[list][*]Applications and Applets
[*]Trace and Log Files[/list]
Ja paina OK -nappia
Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA.
9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.
10. Välilehti Update: ota ruksi pois kohdasta Check for Updates automatically
Valitse Never check
11. Klikkaa Apply ja OK jättääksesi Java asetusikkunasi.
-------------------------------------------------------------------
Poistetaas sitten käytetyt työkalut
Tuplaklikkaa OTL.exeä käynnistääksesi OTListIt:n.
Klikkaa Oikeassa yläkulmassa olevaa CleanUp namiskaa.
Klikkaa YES/KYLLÄ kun pyytää uudelleenkäynnistystä.
|
|
Tooumas
Junior Member
|
17. heinäkuuta 2009 @ 18:43 |
Linkki tähän viestiin
|
|
Kiitos. Ihan normaalisti kone toiminut ja hyvä ettei enää mitään löydy. btw, kun poistin OTL:n ja käynnistin poiston aikana koneen uudestaan, työpöydälle oli ilmestynyt desktop.ini tiedosto. Mikähän se on? Voiko sen poistaa?
Edit. Sisältä löytyy täämöinen teksti:
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 17. heinäkuuta 2009 @ 18:44
|
|
Tooumas
Junior Member
|
23. heinäkuuta 2009 @ 21:25 |
Linkki tähän viestiin
|
|
Äsken kun tein pikatarkistuksen Malwarebytesillä niin scannauksen aika F-Secure huomasi jonkin troijalaisen ja poistin sen, mutta Malwarebytes ei löytänyt mitään. Outoa. Ja sen olen huomannut että en pääse kiakkiin tiedostoihin kuten Documents kansiossa oleviin Omat kuvateidostot, Omat videotiedostot ja omat musiikkitiedostot. Enkä myöskään C:/ Documnts and Settings kansioon. Ja on muitakin kansioita joihin en pääse. Sanoo että C:/ Documents And Settings ei ole käytettävissä. Käyttö estetty. Joku virusko blokkaa noiden tiedostoiden käytön? Olen tietokoneen järjestelmänvalvoja. Siellä C asemalla on myös kansio System Volume Information.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 24. heinäkuuta 2009 @ 14:00
|
|
warwas
Suspended permanently
|
24. heinäkuuta 2009 @ 16:41 |
Linkki tähän viestiin
|
Desktop.Ini on laillinen filu ja näkyy koska sulla on "Suojatut käyttöjärjestelmätiedot" näkyvillä, ÄLÄ poista sitä.
Otetaas uus loki ja skannaus.
Lataa GMER ja tallenna se työpöydällesi:[list]
[*]Pura se työpöydälle ja tuplaklikkaa tiedostoa GMER.exe
[*]Klikkaa rootkit-välilehteä ja sitten klikkaa scan.
[*]Älä rastita "Show All" boksia skannauksen aikana!
[*]Kun skannaus on valmis, klikkaa Copy.
[*]Tämä kopioi lokin leikepöydälle (voit tallentaa lokin varmuuden vuoksi tekstitiedostoon).
[*]Liitä loki sitten viestiketjuusi.
[/list]
[list=1][*] Lataa OTListIt by OldTimer ja tallenna se työpöydälle.
[*] Sulje kaikki päälläolevat ikkunat ja sovellukset.
[*] Tuplaklikkaa OTL.exeä käynnistääksesi OTListIt:n.
[*] Valitse sininen "Scan All Users"-valintaruutu (laita siihen rasti).
[*] Klikkaa sinistä Run Scan-nappulaa.
[*] OTListIt aloittaa tarkistuksen.
[*] Kun tarkistus on valmis, OTListIt luo kaksi tekstitiedostoa työpöydälle, OTListIt.Txt <- tämä avautuu Muistioon ja Extras.txt
[*] Kopioi (Ctrl+A , Ctrl+C) ja liitä (Ctrl+V) OTListIt.Txt ja Extras.txt-tiedostojen sisältö seuravaan viestiisi[/list]
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 24. heinäkuuta 2009 @ 16:42
|
|
Tooumas
Junior Member
|
24. heinäkuuta 2009 @ 19:16 |
Linkki tähän viestiin
|
Eli siis koska minulla on Suojatut käyttöjärjestelmätiedot en pääse kaikkiin kansioihin? En muista kyllä tuollaista asetusta muuttaneeni. Miten tuon saisi takaisin, että pääsisin taas normaalisti esim. omat kuvatiedostot kansioon?
Tässä nämä lokit.
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-24 18:29:07
Windows 6.0.6002 Service Pack 2
OTL ei luonut extras.txt tiedostoa :o
---- System - GMER 1.0.15 ----
SSDT \??\C:\Program Files\PC Protection\HIPS\drivers\fshs.sys ZwCreateThread [0x92718E02]
SSDT \??\C:\Program Files\PC Protection\HIPS\drivers\fshs.sys ZwLoadDriver [0x9271912A]
SSDT \??\C:\Program Files\PC Protection\HIPS\drivers\fshs.sys ZwMapViewOfSection [0x92718B4E]
SSDT \??\C:\Program Files\PC Protection\HIPS\drivers\fshs.sys ZwOpenSection [0x9271955C]
SSDT \??\C:\Program Files\PC Protection\HIPS\drivers\fshs.sys ZwRenameKey [0x9271A7FA]
SSDT \??\C:\Program Files\PC Protection\HIPS\drivers\fshs.sys ZwSetSystemInformation [0x927193AC]
SSDT \??\C:\Program Files\PC Protection\HIPS\drivers\fshs.sys ZwSuspendProcess [0x927189D4]
SSDT \??\C:\Program Files\PC Protection\HIPS\drivers\fshs.sys ZwSuspendThread [0x92718E36]
SSDT \??\C:\Program Files\PC Protection\HIPS\drivers\fshs.sys ZwSystemDebugControl [0x92718FB0]
SSDT \??\C:\Program Files\PC Protection\HIPS\drivers\fshs.sys ZwTerminateProcess [0x92718934]
SSDT \??\C:\Program Files\PC Protection\HIPS\drivers\fshs.sys ZwTerminateThread [0x92718A8A]
SSDT \??\C:\Program Files\PC Protection\HIPS\drivers\fshs.sys ZwWriteVirtualMemory [0x92718EFA]
SSDT \??\C:\Program Files\PC Protection\HIPS\drivers\fshs.sys ZwCreateThreadEx [0x92718E1C]
INT 0x61 ? 85C00BF8
INT 0x62 ? 870FDBF8
INT 0x71 ? 85C00BF8
INT 0x72 ? 870FDBF8
INT 0x72 ? 870FDBF8
INT 0x72 ? 870FDBF8
INT 0x81 ? 85C00BF8
INT 0xA1 ? 870FDBF8
INT 0xA1 ? 870FDBF8
INT 0xA1 ? 870FDBF8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 221 826B8964 4 Bytes [02, 8E, 71, 92]
.text ntkrnlpa.exe!KeSetEvent + 37D 826B8AC0 4 Bytes [2A, 91, 71, 92]
.text ntkrnlpa.exe!KeSetEvent + 3AD 826B8AF0 4 Bytes [4E, 8B, 71, 92] {DEC ESI; MOV ESI, [ECX-0x6e]}
.text ntkrnlpa.exe!KeSetEvent + 3FD 826B8B40 4 Bytes [5C, 95, 71, 92] {POP ESP; XCHG EBP, EAX; JNO 0xffffffffffffff96}
.text ntkrnlpa.exe!KeSetEvent + 515 826B8C58 4 Bytes [FA, A7, 71, 92] {CLI ; CMPSD ; JNO 0xffffffffffffff96}
.text ...
? System32\Drivers\spxq.sys Määritettyä polkua ei löydy. !
.text USBPORT.SYS!DllUnload 8A98C41B 5 Bytes JMP 870FD1D8
.text avyfhscw.SYS 8A9C4000 22 Bytes [82, C3, 9C, 82, 6C, C2, 9C, ...]
.text avyfhscw.SYS 8A9C4017 45 Bytes [00, 32, 47, 71, 80, 3D, 45, ...]
.text avyfhscw.SYS 8A9C4045 135 Bytes [2A, 6B, 82, FD, A9, 64, 82, ...]
.text avyfhscw.SYS 8A9C40CE 10 Bytes [00, 00, 00, 00, 00, 00, 02, ...]
.text avyfhscw.SYS 8A9C40DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...]
.text ...
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8060A6D6] \SystemRoot\System32\Drivers\spxq.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8060A042] \SystemRoot\System32\Drivers\spxq.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8060A800] \SystemRoot\System32\Drivers\spxq.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8060A0C0] \SystemRoot\System32\Drivers\spxq.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8060A13E] \SystemRoot\System32\Drivers\spxq.sys
IAT \SystemRoot\System32\Drivers\avyfhscw.SYS[ataport.SYS!AtaPortNotification] CC358B04
IAT \SystemRoot\System32\Drivers\avyfhscw.SYS[ataport.SYS!AtaPortWritePortUchar] 838A9E9F
IAT \SystemRoot\System32\Drivers\avyfhscw.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6
IAT \SystemRoot\System32\Drivers\avyfhscw.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514
IAT \SystemRoot\System32\Drivers\avyfhscw.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 100D8BA5
IAT \SystemRoot\System32\Drivers\avyfhscw.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F8A9E70
IAT \SystemRoot\System32\Drivers\avyfhscw.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889
IAT \SystemRoot\System32\Drivers\avyfhscw.SYS[ataport.SYS!AtaPortStallExecution] 54771129
IAT \SystemRoot\System32\Drivers\avyfhscw.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E
IAT \SystemRoot\System32\Drivers\avyfhscw.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00
IAT \SystemRoot\System32\Drivers\avyfhscw.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC
IAT \SystemRoot\System32\Drivers\avyfhscw.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B
IAT \SystemRoot\System32\Drivers\avyfhscw.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000
IAT \SystemRoot\System32\Drivers\avyfhscw.SYS[ataport.SYS!AtaPortMoveMemory] 8B108910
IAT \SystemRoot\System32\Drivers\avyfhscw.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491
IAT \SystemRoot\System32\Drivers\avyfhscw.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900
IAT \SystemRoot\System32\Drivers\avyfhscw.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980
IAT \SystemRoot\System32\Drivers\avyfhscw.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B
IAT \SystemRoot\System32\Drivers\avyfhscw.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557
IAT \SystemRoot\System32\Drivers\avyfhscw.SYS[ataport.SYS!AtaPortInitialize] B18D0502
IAT \SystemRoot\System32\Drivers\avyfhscw.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8
IAT \SystemRoot\System32\Drivers\avyfhscw.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[3780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74517817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7456A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7451BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7450F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [745175E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7450E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74548395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7451DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7450FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7450FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [745071CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7459CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7453C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7450D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74506853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7450687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74512AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3780] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [10002300] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[3780] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001B30] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[3780] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002690] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[3780] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [10001290] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[4072] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [01F02690] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[4072] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [01F01290] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[4072] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [01F02300] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[4072] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [01F01B30] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 85C051F8
Device \FileSystem\udfs \UdfsCdRom 86F201F8
Device \FileSystem\udfs \UdfsDisk 86F201F8
Device \Driver\sptd \Device\128893237 spxq.sys
Device \Driver\volmgr \Device\VolMgrControl 85C021F8
Device \Driver\usbohci \Device\USBPDO-0 870421F8
Device \Driver\usbohci \Device\USBPDO-1 870421F8
Device \Driver\usbehci \Device\USBPDO-2 8709C1F8
Device \Driver\usbohci \Device\USBPDO-3 870421F8
Device \Driver\usbohci \Device\USBPDO-4 870421F8
Device \Driver\usbehci \Device\USBPDO-5 8709C1F8
Device \Driver\PCI_PNP7221 \Device\00000056 spxq.sys
Device \Driver\usbohci \Device\USBPDO-6 870421F8
Device \Driver\volmgr \Device\HarddiskVolume1 85C021F8
Device \Driver\volmgr \Device\HarddiskVolume2 85C021F8
Device \Driver\cdrom \Device\CdRom0 86EF9500
Device \Driver\volmgr \Device\HarddiskVolume3 85C021F8
Device \Driver\cdrom \Device\CdRom1 86EF9500
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85C041F8
Device \Driver\atapi \Device\Ide\IdePort0 85C041F8
Device \Driver\atapi \Device\Ide\IdePort1 85C041F8
Device \Driver\atapi \Device\Ide\IdePort2 85C041F8
Device \Driver\atapi \Device\Ide\IdePort3 85C041F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 85C041F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-2 85C041F8
Device \Driver\volmgr \Device\HarddiskVolume4 85C021F8
Device \Driver\USBSTOR \Device\00000080 8761A1F8
Device \Driver\volmgr \Device\HarddiskVolume5 85C021F8
Device \Driver\USBSTOR \Device\00000081 8761A1F8
Device \Driver\volmgr \Device\HarddiskVolume6 85C021F8
Device \Driver\volmgr \Device\HarddiskVolume7 85C021F8
Device \Driver\netbt \Device\NetBt_Wins_Export 875DB1F8
Device \Driver\volmgr \Device\HarddiskVolume8 85C021F8
Device \Driver\Smb \Device\NetbiosSmb 87579500
Device \Driver\USBSTOR \Device\00000079 8761A1F8
Device \Driver\iScsiPrt \Device\RaidPort0 870B61F8
Device \Driver\usbohci \Device\USBFDO-0 870421F8
Device \Driver\usbohci \Device\USBFDO-1 870421F8
Device \Driver\usbehci \Device\USBFDO-2 8709C1F8
Device \Driver\usbohci \Device\USBFDO-3 870421F8
Device \Driver\usbohci \Device\USBFDO-4 870421F8
Device \Driver\USBSTOR \Device\0000007e 8761A1F8
Device \Driver\usbehci \Device\USBFDO-5 8709C1F8
Device \Driver\USBSTOR \Device\0000007f 8761A1F8
Device \Driver\usbohci \Device\USBFDO-6 870421F8
Device \Driver\netbt \Device\NetBT_Tcpip_{D3BCD70C-BAA6-4B6D-A3F7-AE7A9778840B} 875DB1F8
Device \Driver\avyfhscw \Device\Scsi\avyfhscw1Port5Path0Target0Lun0 870A91F8
Device \Driver\avyfhscw \Device\Scsi\avyfhscw1 870A91F8
Device \FileSystem\cdfs \Cdfs 86F5F1F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x38 0xB0 0x34 0xD4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3C 0x91 0x31 0xF6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x18 0xE1 0x03 0xAB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x38 0xB0 0x34 0xD4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3C 0x91 0x31 0xF6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x18 0xE1 0x03 0xAB ...
---- EOF - GMER 1.0.15 ----
Sitten vielä se toinen.
OTL logfile created on: 24.7.2009 18:31:25 - Run 2
OTL by OldTimer - Version 3.0.10.2 Folder = C:\Users\*käyttäjä nimi*\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 0000040B | Country: Suomi | Language: FIN | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 86,19% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,63 Gb Total Space | 98,73 Gb Free Space | 42,44% Space Free | Partition Type: NTFS
Drive D: | 596,17 Gb Total Space | 545,35 Gb Free Space | 91,48% Space Free | Partition Type: NTFS
Drive E: | 348,89 Gb Total Space | 346,35 Gb Free Space | 99,27% Space Free | Partition Type: NTFS
Drive F: | 1,93 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: KOTI-PC
Current User Name: *käyttäjä nimi*
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2009.05.16 06:23:56 | 00,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.05.16 06:24:25 | 00,335,872 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2008.01.25 18:49:04 | 00,269,448 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2008.02.25 18:57:22 | 00,021,752 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
PRC - [2008.01.27 01:27:18 | 00,509,488 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.02.14 15:19:18 | 00,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2009.03.04 14:41:10 | 00,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\Anti-Virus\fsgk32st.exe
PRC - [2008.12.04 17:02:40 | 00,117,400 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\Common\FSMA32.EXE
PRC - [2009.07.07 15:50:07 | 00,466,048 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\Anti-Virus\FSGK32.EXE
PRC - [2008.12.04 17:02:40 | 00,232,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\Common\FSMB32.EXE
PRC - [2007.01.17 11:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008.02.25 02:02:54 | 00,049,152 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
PRC - [2008.02.25 18:53:16 | 00,131,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2009.04.12 14:19:49 | 00,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
PRC - [2006.07.19 21:36:58 | 00,262,247 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2009.03.30 16:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2008.01.21 05:24:59 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008.12.04 17:02:38 | 00,125,592 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\Common\FCH32.EXE
PRC - [2008.12.04 16:57:06 | 00,043,680 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\Anti-Virus\fsqh.exe
PRC - [2008.12.04 17:02:38 | 00,404,064 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\Common\FAMEH32.EXE
PRC - [2009.07.07 15:50:07 | 00,586,880 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\Anti-Virus\fssm32.exe
PRC - [2008.12.04 17:03:02 | 00,707,168 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\FSPC\fspc.exe
PRC - [2008.12.04 16:55:26 | 00,490,080 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\FSAUA\program\fsaua.exe
PRC - [2008.12.04 17:04:02 | 00,055,904 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\ORSP Client\fsorsp.exe
PRC - [2008.12.04 16:57:54 | 00,510,560 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\FWES\Program\fsdfwd.exe
PRC - [2008.12.22 18:01:30 | 00,174,688 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\FSAUA\program\fsus.exe
PRC - [2009.03.30 16:28:36 | 00,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
PRC - [2009.04.11 09:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2008.01.21 05:23:32 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008.05.20 13:06:00 | 06,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.02.14 15:20:06 | 00,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
PRC - [2008.02.14 15:19:54 | 00,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
PRC - [2008.01.27 01:27:12 | 00,523,312 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008.02.25 18:57:48 | 00,034,040 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
PRC - [2008.12.04 17:02:40 | 00,182,936 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\Common\FSM32.EXE
PRC - [2009.04.11 09:27:28 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2007.03.06 18:48:46 | 00,488,984 | ---- | M] (Labtec Inc,) -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2009.07.17 18:29:45 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008.01.21 05:25:11 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2008.01.21 05:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2009.05.15 16:28:12 | 00,321,344 | ---- | M] (BitTorrent, Inc.) -- C:\Users\*käyttäjä nimi*\Program Files\DNA\btdna.exe
PRC - [2008.01.21 05:25:11 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2009.07.15 20:43:58 | 00,092,672 | ---- | M] () -- C:\Users\*käyttäjä nimi*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinCE3.exe
PRC - [2008.01.21 05:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2007.03.06 18:51:26 | 00,252,704 | ---- | M] (Labtec Inc.) -- C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
PRC - [2008.12.04 16:59:14 | 00,604,768 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\FSGUI\fsguidll.exe
PRC - [2008.12.18 14:32:52 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2009.04.11 09:28:08 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009.04.11 09:28:15 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2008.12.18 13:19:44 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2009.03.04 14:41:10 | 00,347,744 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\Anti-Virus\fsav32.exe
PRC - [2009.07.24 18:30:30 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\*käyttäjä nimi*\Desktop\OTL.exe
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - [2008.01.25 18:49:04 | 00,269,448 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service [Auto | Running])
SRV - [2009.05.16 06:23:56 | 00,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility [Auto | Running])
SRV - [2008.02.25 18:57:22 | 00,021,752 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc [Auto | Running])
SRV - [2009.03.30 07:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008.01.27 01:27:18 | 00,509,488 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service [Auto | Running])
SRV - [2008.01.21 05:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006.11.02 15:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006.11.02 15:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008.02.14 15:19:18 | 00,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService [Auto | Running])
SRV - [2009.04.11 09:28:25 | 01,017,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2009.03.04 14:41:10 | 00,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter [Auto | Running])
SRV - [2009.04.04 22:38:56 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2009.02.18 21:39:20 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008.12.04 16:55:26 | 00,490,080 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\FSAUA\program\fsaua.exe -- (FSAUA [On_Demand | Running])
SRV - [2008.12.04 16:57:54 | 00,510,560 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\FWES\Program\fsdfwd.exe -- (FSDFWD [On_Demand | Running])
SRV - [2008.12.04 17:02:40 | 00,117,400 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\Common\FSMA32.EXE -- (FSMA [Auto | Running])
SRV - [2008.12.04 17:04:02 | 00,055,904 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\ORSP Client\fsorsp.exe -- (FSORSPClient [On_Demand | Running])
SRV - [2009.02.12 17:50:47 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c98d215460089e [Auto | Stopped])
SRV - [2009.03.24 17:13:34 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2009.02.18 21:38:42 | 00,879,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2007.01.17 11:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2007.03.06 18:55:24 | 00,105,248 | ---- | M] (Labtec Inc.) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher [Auto | Stopped])
SRV - [2009.02.18 21:38:43 | 00,129,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008.02.25 02:02:54 | 00,049,152 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc [Auto | Running])
SRV - [2008.02.25 18:53:16 | 00,131,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc [Auto | Running])
SRV - [2008.11.04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006.10.26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009.04.12 14:19:49 | 00,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
SRV - [2006.07.19 21:36:58 | 00,262,247 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2008.01.21 05:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2009.03.30 16:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc [Auto | Running])
SRV - [2008.01.21 05:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - [2008.08.14 07:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\drivers\adfs.sys -- (adfs [Auto | Running])
DRV - [2008.01.21 05:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2008.01.21 05:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2008.01.21 05:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2008.01.21 05:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2007.12.19 09:45:00 | 00,170,000 | ---- | M] (AMD Technologies Inc.) -- C:\Windows\system32\drivers\ahcix86s.sys -- (ahcix86s [Boot | Running])
DRV - [2006.11.02 12:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2008.01.21 05:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2008.01.21 05:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2008.01.21 05:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2009.02.20 08:17:50 | 00,095,760 | ---- | M] (ATI Research Inc.) -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService [On_Demand | Running])
DRV - [2009.05.16 07:01:23 | 04,933,632 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\DRIVERS\atikmdag.sys -- (atikmdag [On_Demand | Running])
DRV - [2006.10.30 06:23:12 | 00,007,680 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie [Boot | Running])
DRV - [2006.11.10 16:08:50 | 00,024,064 | ---- | M] () -- C:\Windows\System32\DRIVERS\ATITool.sys -- (ATITool [System | Stopped])
DRV - [2006.11.02 11:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006.11.02 11:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006.11.02 11:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006.11.02 11:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006.11.02 11:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006.11.02 11:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2008.01.21 05:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2008.01.21 05:23:24 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2008.01.21 05:23:22 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2008.12.04 16:57:10 | 00,039,776 | ---- | M] () -- C:\Program Files\PC Protection\Anti-Virus\Win2K\FSfilter.sys -- (F-Secure Filter [Disabled | Stopped])
DRV - [2009.07.07 16:12:05 | 00,099,960 | ---- | M] () -- C:\Program Files\PC Protection\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper [On_Demand | Running])
DRV - [2008.12.04 17:02:20 | 00,067,808 | ---- | M] (F-Secure Corporation) -- C:\Program Files\PC Protection\HIPS\drivers\fshs.sys -- (F-Secure HIPS [System | Running])
DRV - [2008.12.04 16:57:10 | 00,025,184 | ---- | M] () -- C:\Program Files\PC Protection\Anti-Virus\Win2K\FSrec.sys -- (F-Secure Recognizer [Disabled | Stopped])
DRV - [2009.07.08 21:03:13 | 00,033,920 | ---- | M] () -- C:\Windows\system32\Drivers\fsbts.sys -- (fsbts [Boot | Running])
DRV - [2008.12.04 16:57:36 | 00,035,552 | ---- | M] (F-Secure Corporation) -- C:\Windows\System32\drivers\fses.sys -- (FSES [System | Running])
DRV - [2008.12.04 16:57:54 | 00,070,944 | ---- | M] (F-Secure Corporation) -- C:\Windows\System32\drivers\fsdfw.sys -- (FSFW [System | Running])
DRV - [2008.12.04 16:57:08 | 00,012,384 | ---- | M] () -- C:\Program Files\PC Protection\Anti-Virus\minifilter\fsvista.sys -- (fsvista [System | Running])
DRV - [2008.01.21 05:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2008.01.21 05:23:23 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2006.11.02 12:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2008.02.14 15:16:12 | 00,015,392 | ---- | M] (Acer, Inc.) -- C:\Windows\System32\drivers\int15.sys -- (int15 [Auto | Running])
DRV - [2008.05.20 13:01:00 | 02,143,136 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2006.11.02 12:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006.11.02 12:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2008.01.21 05:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2008.01.21 05:23:25 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2008.01.21 05:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2007.03.06 18:50:30 | 01,669,664 | ---- | M] () -- C:\Windows\System32\DRIVERS\LVcKap.sys -- (LVcKap [On_Demand | Stopped])
DRV - [2007.03.06 18:52:46 | 02,261,792 | ---- | M] (Labtec Inc.) -- C:\Windows\System32\DRIVERS\LVMVDrv.sys -- (LVMVDrv [On_Demand | Stopped])
DRV - [2007.03.06 18:54:40 | 00,041,376 | ---- | M] (Labtec Inc.) -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Running])
DRV - [2008.01.21 05:23:27 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2008.01.21 05:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR [Disabled | Stopped])
DRV - [2006.11.02 12:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2006.11.02 12:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2008.01.30 12:52:06 | 00,014,848 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Windows\System32\DRIVERS\NTIDrvr.sys -- (NTIDrvr [On_Demand | Running])
DRV - [2006.11.02 10:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2008.01.21 05:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2008.01.21 05:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - [2007.03.06 18:48:46 | 00,014,240 | ---- | M] (Labtec Inc.) -- C:\Windows\System32\DRIVERS\lv302af.sys -- (pepifilter [On_Demand | Running])
DRV - [2007.03.06 18:48:46 | 01,273,504 | ---- | M] (Labtec Inc.) -- C:\Windows\System32\DRIVERS\LV302V32.SYS -- (PID_PEPI [On_Demand | Running])
DRV - [2008.01.27 01:27:26 | 00,018,480 | ---- | M] (Egis Incorporated) -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter [Boot | Running])
DRV - [2008.01.27 01:27:28 | 00,016,432 | ---- | M] (Egis Incorporated) -- C:\Windows\System32\DRIVERS\PSDNServ.sys -- (PSDNServ [Auto | Running])
DRV - [2008.01.27 01:27:28 | 00,059,952 | ---- | M] (Egis Incorporated) -- C:\Windows\System32\DRIVERS\PSDVdisk.sys -- (psdvdisk [Auto | Running])
DRV - [2008.01.21 05:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006.11.02 12:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2005.11.03 21:39:02 | 00,245,504 | ---- | M] (Ralink Technology, Corp.) -- C:\Windows\System32\DRIVERS\Dr71WU.sys -- (RT73 [On_Demand | Stopped])
DRV - [2006.11.02 09:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2008.01.21 05:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2009.05.12 22:09:56 | 00,721,904 | ---- | M] () -- C:\Windows\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2006.11.02 12:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006.11.02 12:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006.11.02 12:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2007.09.28 15:29:12 | 00,014,544 | ---- | M] (EnTech Taiwan) -- C:\Windows\System32\drivers\tvicport.sys -- (tvicport [Auto | Running])
DRV - [2008.01.30 12:51:50 | 00,013,824 | ---- | M] (NewTech Infosystems Corporation) -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper [Boot | Running])
DRV - [2008.01.21 05:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006.11.02 12:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2008.01.21 05:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2009.04.11 07:42:54 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
DRV - [2008.01.21 05:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2008.01.21 05:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
DRV - [2007.12.28 05:51:00 | 00,298,496 | ---- | M] (Marvell) -- C:\Windows\System32\DRIVERS\yk60x86.sys -- (yukonwlh [On_Demand | Running])
DRV - [2007.09.28 15:29:12 | 00,006,080 | ---- | M] (Zeal SoftStudio) -- C:\Windows\System32\drivers\zntport.sys -- (zntport [Auto | Running])
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-912600381-1854815515-268499315-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-912600381-1854815515-268499315-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-912600381-1854815515-268499315-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.kainuu.com/Main.aspx
IE - HKU\S-1-5-21-912600381-1854815515-268499315-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-912600381-1854815515-268499315-1000\S-1-5-21-912600381-1854815515-268499315-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.07.01 22:02:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.07.24 12:34:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.07.24 12:34:38 | 00,000,000 | ---D | M]
[2009.07.17 18:29:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009.07.24 12:34:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.02.07 22:50:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009.07.17 18:29:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009.07.24 12:34:33 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009.07.24 12:34:33 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007.04.10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009.01.16 20:17:04 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2008.09.04 03:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2009.07.17 18:29:46 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009.07.24 12:34:34 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008.10.14 21:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009.06.27 11:13:14 | 00,002,062 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bookplus-fi.xml
[2009.06.27 11:13:14 | 00,001,069 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons-fi.xml
[2009.06.27 11:13:14 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009.06.27 11:13:14 | 00,002,677 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\huuto-fi.xml
[2009.06.27 11:13:14 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fi.xml
[2009.06.27 11:13:14 | 00,000,796 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-fi.xml
O1 HOSTS File: (1243 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (Adobe PDF Reader -linkkiavustaja) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Windows Live ID -kirjautumisapuohjelma) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe (Egis Incorporated)
O4 - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Lau File not found
O4 - HKLM..\Run: [F-Secure Manager] File not found
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\PC Protection\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Labtec Inc,)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Labtec\WebCam10\WebCam10.exe ()
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\Skytel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-21-912600381-1854815515-268499315-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-912600381-1854815515-268499315-1000..\Run: [BitTorrent DNA] C:\Users\*käyttäjä nimi*\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-912600381-1854815515-268499315-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-912600381-1854815515-268499315-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-912600381-1854815515-268499315-1000..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-912600381-1854815515-268499315-1000..\Run: [Orb] C:\Program Files\Winamp Remote\bin\OrbTray.exe File not found
O4 - HKU\S-1-5-21-912600381-1854815515-268499315-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Users\All Users\Adobe [2009.05.17 18:12:32 | 00,000,000 | ---D | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\All Users\ATI [2009.04.29 16:06:34 | 00,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\CyberLink [2008.04.23 00:39:49 | 00,000,000 | ---D | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\All Users\Desktop [2006.11.02 16:02:03 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Documents [2006.11.02 16:02:03 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\eSobi [2008.04.23 01:08:52 | 00,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\f-secure [2009.02.02 12:26:51 | 00,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Favorites [2006.11.02 16:02:03 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\FLEXnet [2009.04.04 22:50:06 | 00,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\FloodLightGames [2008.04.23 00:42:19 | 00,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\fssg [2009.02.02 12:25:43 | 00,000,000 | ---D | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\All Users\Käynnistä-valikko [2009.02.02 11:58:14 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Mallit [2009.02.02 11:58:14 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Malwarebytes [2009.06.21 19:03:19 | 00,000,000 | ---D | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\All Users\Microsoft [2009.04.16 17:57:58 | 00,000,000 | --SD | M]
O4 - Startup: C:\Users\All Users\Microsoft [2009.04.16 17:57:58 | 00,000,000 | --SD | M]
O4 - Startup: C:\Users\All Users\OrbNetworks [2009.02.18 21:33:31 | 00,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Sony [2009.03.08 21:08:34 | 00,000,000 | ---D | M]
O4 - Startup: File not found
O4 - Startup: File not found
O4 - Startup: C:\Users\All Users\Suosikit [2009.02.02 11:58:14 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\TEMP [2009.07.19 18:51:15 | 00,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Templates [2006.11.02 16:02:04 | 00,000,000 | -HSD | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\All Users\Tiedostot [2009.02.02 11:58:14 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Työpöytä [2009.02.02 11:58:14 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Ubisoft [2009.04.08 20:37:11 | 00,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{174892B1-CBE7-44F5-86FF-AB555EFD73A3} [2008.04.23 00:59:16 | 00,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\AppData [2006.11.02 14:18:34 | 00,000,000 | -H-D | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\Default\Cookies [2006.11.02 16:02:03 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Desktop [2006.11.02 13:23:35 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Documents [2009.02.02 11:58:14 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Downloads [2006.11.02 13:23:35 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Favorites [2008.04.23 00:41:29 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Käynnistä-valikko [2009.02.02 11:58:14 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Links [2006.11.02 13:23:35 | 00,000,000 | R--D | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\Default\Mallit [2009.02.02 11:58:14 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Music [2006.11.02 13:23:35 | 00,000,000 | R--D | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\Default\NetHood [2006.11.02 16:02:03 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()
O4 - Startup: C:\Users\Default\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Default\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: File not found
O4 - Startup: C:\Users\Default\Pictures [2006.11.02 13:23:35 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\PrintHood [2006.11.02 16:02:03 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Recent [2006.11.02 16:02:03 | 00,000,000 | -HSD | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\Default\SendTo [2006.11.02 16:02:03 | 00,000,000 | -HSD | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\Default\Templates [2006.11.02 16:02:03 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Tulostinympäristö [2009.02.02 11:58:14 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Verkkoympäristö [2009.02.02 11:58:14 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Videos [2006.11.02 13:23:35 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Muu perhe\AppData [2009.02.03 14:57:48 | 00,000,000 | -H-D | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\Muu perhe\Contacts [2009.02.03 14:57:37 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Muu perhe\Cookies [2009.02.03 14:57:31 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\Muu perhe\Desktop [2009.07.23 14:51:40 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Muu perhe\Documents [2009.06.25 15:27:26 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Muu perhe\Downloads [2009.02.03 14:57:48 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Muu perhe\Favorites [2009.07.16 17:20:17 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Muu perhe\Käynnistä-valikko [2009.02.03 14:57:31 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\Muu perhe\Links [2009.02.03 14:57:49 | 00,000,000 | R--D | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\Muu perhe\Mallit [2009.02.03 14:57:31 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\Muu perhe\Music [2009.02.03 14:57:48 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Muu perhe\NTUSER.DAT ()
O4 - Startup: C:\Users\Muu perhe\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Muu perhe\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Muu perhe\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\Muu perhe\NTUSER.DAT ()
O4 - Startup: C:\Users\Muu perhe\NTUSER.DAT ()
O4 - Startup: C:\Users\Muu perhe\ntuser.ini ()
O4 - Startup: File not found
O4 - Startup: C:\Users\Muu perhe\Pictures [2009.03.10 17:59:39 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Muu perhe\Recent [2009.02.03 14:57:31 | 00,000,000 | -HSD | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\Muu perhe\Searches [2009.02.03 14:57:49 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Muu perhe\SendTo [2009.02.03 14:57:31 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\Muu perhe\Tracing [2009.07.16 17:20:53 | 00,000,000 | ---D | M]
O4 - Startup: C:\Users\Muu perhe\Tulostinympäristö [2009.02.03 14:57:31 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\Muu perhe\Verkkoympäristö [2009.02.03 14:57:31 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\Muu perhe\Videos [2009.03.10 17:59:39 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Desktop [2009.07.16 17:20:52 | 00,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Documents [2009.04.04 22:45:33 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Downloads [2006.11.02 15:50:50 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Favorites [2006.11.02 13:23:35 | 00,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Music [2006.11.02 15:50:50 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\NTUSER.DAT ()
O4 - Startup: C:\Users\Public\NTUSER.DAT.LOG1 ()
O4 - Startup: C:\Users\Public\NTUSER.DAT.LOG2 ()
O4 - Startup: C:\Users\Public\NTUSER.DAT{594efddb-f108-11dd-bbb9-001fe25a0517}.TM.blf ()
O4 - Startup: C:\Users\Public\NTUSER.DAT ()
O4 - Startup: C:\Users\Public\NTUSER.DAT ()
O4 - Startup: C:\Users\Public\NTUSER.DAT{894836eb-f78c-11dd-b6b6-0022b00c898e}.TM.blf ()
O4 - Startup: C:\Users\Public\NTUSER.DAT ()
O4 - Startup: C:\Users\Public\NTUSER.DAT ()
O4 - Startup: C:\Users\Public\Pictures [2006.11.02 15:50:50 | 00,000,000 | R--D | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\Public\Videos [2006.11.02 15:50:50 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\*käyttäjä nimi*\AppData [2009.02.02 12:03:58 | 00,000,000 | -H-D | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\*käyttäjä nimi*\Contacts [2009.07.01 23:24:44 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\*käyttäjä nimi*\Cookies [2009.02.02 12:01:46 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\*käyttäjä nimi*\Desktop [2009.07.24 18:30:29 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\*käyttäjä nimi*\Documents [2009.07.23 15:11:21 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\*käyttäjä nimi*\Downloads [2009.07.23 14:43:18 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\*käyttäjä nimi*\Favorites [2009.07.01 22:09:37 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\*käyttäjä nimi*\Games [2009.04.13 19:24:01 | 00,000,000 | ---D | M]
O4 - Startup: C:\Users\*käyttäjä nimi*\Käynnistä-valikko [2009.02.02 12:01:46 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\*käyttäjä nimi*\Links [2006.11.02 13:23:35 | 00,000,000 | R--D | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\*käyttäjä nimi*\Mallit [2009.02.02 12:01:46 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\*käyttäjä nimi*\Music [2009.05.15 23:38:19 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\*käyttäjä nimi*\NTUSER.DAT ()
O4 - Startup: C:\Users\*käyttäjä nimi*\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\*käyttäjä nimi*\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\*käyttäjä nimi*\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\*käyttäjä nimi*\NTUSER.DAT ()
O4 - Startup: C:\Users\*käyttäjä nimi*\NTUSER.DAT ()
O4 - Startup: C:\Users\*käyttäjä nimi*\ntuser.ini ()
O4 - Startup: File not found
O4 - Startup: C:\Users\*käyttäjä nimi*\Option [2009.06.09 00:10:05 | 00,000,000 | ---D | M]
O4 - Startup: C:\Users\*käyttäjä nimi*\Pictures [2009.05.15 23:38:19 | 00,000,000 | R--D | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\*käyttäjä nimi*\Recent [2009.02.02 12:01:46 | 00,000,000 | -HSD | M]
O4 - Startup: File not found
O4 - Startup: C:\Users\*käyttäjä nimi*\Searches [2009.04.06 15:37:51 | 00,000,000 | R--D | M]
O4 - Startup: C:\Users\*käyttäjä nimi*\SendTo [2009.02.02 12:01:46 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\*käyttäjä nimi*\Tracing [2009.07.24 18:12:51 | 00,000,000 | ---D | M]
O4 - Startup: C:\Users\*käyttäjä nimi*\Tulostinympäristö [2009.02.02 12:01:46 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\*käyttäjä nimi*\Verkkoympäristö [2009.02.02 12:01:46 | 00,000,000 | -HSD | M]
O4 - Startup: C:\Users\*käyttäjä nimi*\Videos [2009.05.15 23:38:19 | 00,000,000 | R--D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: V&ie Microsoft Exceliin - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll (F-Secure Corporation)
O9 - Extra 'Tools' menuitem : Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll (F-Secure Corporation)
O9 - Extra Button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\PC Protection\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\PC Protection\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\PC Protection\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\PC Protection\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\PC Protection\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\PC Protection\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\PC Protection\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab (Symantec Configuration Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstal...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} http://support.f-secure.com/enu/home/onl.../fshc/fscax.cab (F-Secure Health Check 1.1)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstal...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstal...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.19 00:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.11.01 13:59:48 | 01,187,840 | R--- | M] () - F:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2005.11.01 13:59:48 | 01,187,840 | R--- | M] () - F:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2005.11.01 13:59:47 | 00,000,043 | R--- | M] () - F:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2009.07.23 14:48:00 | 00,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2009.07.17 18:45:37 | 00,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2009.07.17 18:45:37 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2009.07.17 18:45:37 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2009.07.17 18:45:36 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll
[2009.07.17 18:45:36 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2009.07.17 18:29:53 | 00,148,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009.07.17 18:29:53 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009.07.17 18:29:53 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009.07.17 18:29:41 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009.07.15 20:51:39 | 00,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2009.07.15 20:51:37 | 00,000,210 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009.07.15 20:44:25 | 00,000,000 | ---D | C] -- C:\Program Files\VentriloMIX
[2009.07.15 20:43:58 | 00,129,536 | ---- | C] () -- C:\Windows\inout2.dll
[2009.07.12 00:00:12 | 00,000,000 | ---D | C] -- C:\Program Files\Konami
[2009.07.01 23:16:47 | 00,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2009.07.01 23:16:47 | 00,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2009.07.01 23:16:45 | 00,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2009.07.01 22:52:48 | 00,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2009.07.01 22:49:59 | 12,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2009.07.01 22:49:58 | 01,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll
[2009.07.01 22:49:57 | 03,408,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2009.07.01 22:49:56 | 02,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll
[2009.07.01 22:49:56 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe
[2009.07.01 22:49:55 | 02,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2009.07.01 22:49:53 | 01,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2009.07.01 22:49:52 | 00,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys
[2009.07.01 22:49:51 | 01,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2009.07.01 22:49:51 | 00,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009.07.01 22:49:50 | 01,257,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009.07.01 22:49:50 | 00,928,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavenge.dll
[2009.07.01 22:49:50 | 00,561,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys
[2009.07.01 22:49:50 | 00,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2009.07.01 22:49:50 | 00,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2009.07.01 22:49:49 | 02,241,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
[2009.07.01 22:49:48 | 02,499,629 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2009.07.01 22:49:48 | 00,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2009.07.01 22:49:48 | 00,476,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2009.07.01 22:49:48 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll
[2009.07.01 22:49:47 | 00,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll
[2009.07.01 22:49:47 | 00,558,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmain.dll
[2009.07.01 22:49:46 | 02,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2009.07.01 22:49:46 | 00,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009.07.01 22:49:46 | 00,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009.07.01 22:49:45 | 01,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2009.07.01 22:49:45 | 00,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
[2009.07.01 22:49:45 | 00,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2009.07.01 22:49:44 | 00,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll
[2009.07.01 22:49:44 | 00,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2009.07.01 22:49:43 | 00,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2009.07.01 22:49:43 | 00,438,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2009.07.01 22:49:43 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2009.07.01 22:49:42 | 11,584,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
[2009.07.01 22:49:42 | 00,644,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\p2psvc.dll
[2009.07.01 22:49:41 | 00,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2009.07.01 22:49:41 | 00,441,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2009.07.01 22:49:41 | 00,278,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009.07.01 22:49:40 | 00,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2VDEC.DLL
[2009.07.01 22:49:40 | 00,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2009.07.01 22:49:40 | 00,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2009.07.01 22:49:40 | 00,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2009.07.01 22:49:39 | 03,601,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009.07.01 22:49:39 | 01,459,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2009.07.01 22:49:39 | 00,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
[2009.07.01 22:49:39 | 00,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009.07.01 22:49:38 | 00,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll
[2009.07.01 22:49:38 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2009.07.01 22:49:38 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sperror.dll
[2009.07.01 22:49:37 | 10,624,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009.07.01 22:49:37 | 01,017,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll
[2009.07.01 22:49:37 | 00,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2009.07.01 22:49:37 | 00,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2009.07.01 22:49:37 | 00,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
[2009.07.01 22:49:37 | 00,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2009.07.01 22:49:37 | 00,041,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009.07.01 22:49:36 | 02,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2009.07.01 22:49:36 | 01,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll
[2009.07.01 22:49:36 | 00,407,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MPSSVC.dll
[2009.07.01 22:49:35 | 03,549,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009.07.01 22:49:35 | 01,381,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Query.dll
[2009.07.01 22:49:35 | 01,336,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll
[2009.07.01 22:49:35 | 00,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2009.07.01 22:49:35 | 00,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qmgr.dll
[2009.07.01 22:49:34 | 01,316,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll
[2009.07.01 22:49:34 | 01,078,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2009.07.01 22:49:34 | 00,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe
[2009.07.01 22:49:34 | 00,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexch40.dll
[2009.07.01 22:49:34 | 00,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll
[2009.07.01 22:49:33 | 01,202,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll
[2009.07.01 22:49:33 | 01,183,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll
[2009.07.01 22:49:33 | 00,986,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2009.07.01 22:49:33 | 00,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2009.07.01 22:49:33 | 00,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2009.07.01 22:49:33 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009.07.01 22:49:32 | 02,092,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfsr.exe
[2009.07.01 22:49:32 | 01,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2009.07.01 22:49:32 | 00,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2009.07.01 22:49:32 | 00,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll
[2009.07.01 22:49:32 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009.07.01 22:49:32 | 00,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll
[2009.07.01 22:49:32 | 00,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2009.07.01 22:49:32 | 00,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll
[2009.07.01 22:49:31 | 00,897,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2009.07.01 22:49:31 | 00,891,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2009.07.01 22:49:31 | 00,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2009.07.01 22:49:31 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe
[2009.07.01 22:49:30 | 02,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
[2009.07.01 22:49:30 | 01,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2009.07.01 22:49:30 | 00,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2009.07.01 22:49:30 | 00,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schedsvc.dll
[2009.07.01 22:49:30 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchProtocolHost.exe
[2009.07.01 22:49:30 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolss.dll
[2009.07.01 22:49:30 | 00,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2009.07.01 22:49:30 | 00,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2009.07.01 22:49:29 | 00,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll
[2009.07.01 22:49:29 | 00,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp60.dll
[2009.07.01 22:49:29 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll
[2009.07.01 22:49:29 | 00,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayDriverLib.dll
[2009.07.01 22:49:29 | 00,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009.07.01 22:49:28 | 03,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2009.07.01 22:49:28 | 00,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\es.dll
[2009.07.01 22:49:28 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe
[2009.07.01 22:49:27 | 01,083,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ntfs.sys
[2009.07.01 22:49:27 | 00,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll
[2009.07.01 22:49:27 | 00,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2009.07.01 22:49:27 | 00,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll
[2009.07.01 22:49:27 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2009.07.01 22:49:26 | 01,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll
[2009.07.01 22:49:26 | 01,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsvcs.dll
[2009.07.01 22:49:26 | 00,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll
[2009.07.01 22:49:26 | 00,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll
[2009.07.01 22:49:26 | 00,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2009.07.01 22:49:26 | 00,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WebClnt.dll
[2009.07.01 22:49:26 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2009.07.01 22:49:25 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstscax.dll
[2009.07.01 22:49:25 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2009.07.01 22:49:25 | 01,086,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NetProjW.dll
[2009.07.01 22:49:25 | 01,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll
[2009.07.01 22:49:24 | 00,978,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\crypt32.dll
[2009.07.01 22:49:24 | 00,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
[2009.07.01 22:49:24 | 00,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll
[2009.07.01 22:49:24 | 00,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2009.07.01 22:49:24 | 00,576,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll
[2009.07.01 22:49:24 | 00,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
[2009.07.01 22:49:24 | 00,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2009.07.01 22:49:24 | 00,323,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009.07.01 22:49:24 | 00,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2009.07.01 22:49:24 | 00,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009.07.01 22:49:24 | 00,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009.07.01 22:49:23 | 02,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009.07.01 22:49:23 | 01,591,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
[2009.07.01 22:49:23 | 00,550,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll
[2009.07.01 22:49:23 | 00,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll
[2009.07.01 22:49:22 | 01,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2009.07.01 22:49:22 | 01,135,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2009.07.01 22:49:22 | 00,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll
[2009.07.01 22:49:22 | 00,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.07.01 22:49:22 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2009.07.01 22:49:21 | 01,324,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browseui.dll
[2009.07.01 22:49:21 | 01,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2009.07.01 22:49:21 | 00,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2009.07.01 22:49:21 | 00,353,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll
[2009.07.01 22:49:21 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll
[2009.07.01 22:49:21 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\photowiz.dll
[2009.07.01 22:49:21 | 00,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
[2009.07.01 22:49:21 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.07.01 22:49:21 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll
[2009.07.01 22:49:20 | 03,662,128 | ---- | C] () -- C:\Windows\System32\locale.nls
[2009.07.01 22:49:20 | 00,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
[2009.07.01 22:49:20 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2009.07.01 22:49:19 | 01,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2009.07.01 22:49:19 | 00,614,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2009.07.01 22:49:19 | 00,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2009.07.01 22:49:19 | 00,563,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
[2009.07.01 22:49:19 | 00,483,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samsrv.dll
[2009.07.01 22:49:19 | 00,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2009.07.01 22:49:19 | 00,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2009.07.01 22:49:19 | 00,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll
[2009.07.01 22:49:18 | 03,174,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netshell.dll
[2009.07.01 22:49:18 | 01,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll
[2009.07.01 22:49:18 | 00,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009.07.01 22:49:18 | 00,497,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kerberos.dll
[2009.07.01 22:49:18 | 00,438,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IKEEXT.DLL
[2009.07.01 22:49:18 | 00,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
[2009.07.01 22:49:18 | 00,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdbss.sys
[2009.07.01 22:49:18 | 00,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009.07.01 22:49:18 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compcln.exe
[2009.07.01 22:49:17 | 00,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll
[2009.07.01 22:49:17 | 00,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\emdmgmt.dll
[2009.07.01 22:49:17 | 00,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiosrv.dll
[2009.07.01 22:49:17 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2009.07.01 22:49:16 | 01,055,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VSSVC.exe
[2009.07.01 22:49:16 | 00,807,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll
[2009.07.01 22:49:16 | 00,679,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll
[2009.07.01 22:49:16 | 00,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QAGENTRT.DLL
[2009.07.01 22:49:16 | 00,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
[2009.07.01 22:49:16 | 00,223,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2009.07.01 22:49:16 | 00,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iphlpsvc.dll
[2009.07.01 22:49:16 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxdav.sys
[2009.07.01 22:49:15 | 01,160,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2009.07.01 22:49:15 | 00,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2009.07.01 22:49:15 | 00,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2009.07.01 22:49:15 | 00,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2009.07.01 22:49:15 | 00,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x40.dll
[2009.07.01 22:49:15 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2009.07.01 22:49:14 | 00,926,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2009.07.01 22:49:14 | 00,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2009.07.01 22:49:14 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2009.07.01 22:49:14 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBSTOR.SYS
[2009.07.01 22:49:13 | 01,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2009.07.01 22:49:13 | 01,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
[2009.07.01 22:49:13 | 00,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbhub.sys
[2009.07.01 22:49:12 | 00,747,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmSvc.dll
[2009.07.01 22:49:12 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2009.07.01 22:49:12 | 00,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2009.07.01 22:49:11 | 02,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2009.07.01 22:49:11 | 00,502,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll
[2009.07.01 22:49:11 | 00,311,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\swprv.dll
[2009.07.01 22:49:10 | 00,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll
[2009.07.01 22:49:10 | 00,385,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vds.exe
[2009.07.01 22:49:10 | 00,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll
[2009.07.01 22:49:10 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BFE.DLL
[2009.07.01 22:49:10 | 00,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldpc.dll
[2009.07.01 22:49:10 | 00,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2009.07.01 22:49:10 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfp.dll
[2009.07.01 22:49:10 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll
[2009.07.01 22:49:10 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2009.07.01 22:49:10 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll
[2009.07.01 22:49:09 | 01,533,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz.dll
[2009.07.01 22:49:09 | 01,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2009.07.01 22:49:09 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009.07.01 22:49:09 | 00,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2009.07.01 22:49:09 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009.07.01 22:49:09 | 00,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2009.07.01 22:49:09 | 00,287,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll
[2009.07.01 22:49:09 | 00,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009.07.01 22:49:08 | 01,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2009.07.01 22:49:08 | 00,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2009.07.01 22:49:08 | 00,450,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll
[2009.07.01 22:49:08 | 00,279,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe
[2009.07.01 22:49:08 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime
[2009.07.01 22:49:08 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime
[2009.07.01 22:49:08 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime
[2009.07.01 22:49:08 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime
[2009.07.01 22:49:08 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime
[2009.07.01 22:49:08 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2009.07.01 22:49:07 | 00,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswdat10.dll
[2009.07.01 22:49:07 | 00,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2009.07.01 22:49:07 | 00,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcncsvc.dll
[2009.07.01 22:49:07 | 00,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2009.07.01 22:49:07 | 00,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2009.07.01 22:49:07 | 00,323,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll
[2009.07.01 22:49:07 | 00,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009.07.01 22:49:07 | 00,180,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys
[2009.07.01 22:49:07 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2009.07.01 22:49:07 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2009.07.01 22:49:07 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter40.dll
[2009.07.01 22:49:07 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2009.07.01 22:49:06 | 00,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2009.07.01 22:49:06 | 00,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2009.07.01 22:49:06 | 00,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2009.07.01 22:49:06 | 00,364,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPSECSVC.DLL
[2009.07.01 22:49:06 | 00,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009.07.01 22:49:06 | 00,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w32time.dll
[2009.07.01 22:49:06 | 00,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2009.07.01 22:49:06 | 00,222,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umpnpmgr.dll
[2009.07.01 22:49:06 | 00,168,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsapi.dll
[2009.07.01 22:49:05 | 00,527,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndis.sys
[2009.07.01 22:49:05 | 00,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2009.07.01 22:49:05 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2009.07.01 22:49:05 | 00,241,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
[2009.07.01 22:49:05 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2009.07.01 22:49:05 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2009.07.01 22:49:05 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthserv.dll
[2009.07.01 22:49:05 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2009.07.01 22:49:04 | 00,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcomm.dll
[2009.07.01 22:49:04 | 00,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
[2009.07.01 22:49:04 | 00,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxclu.dll
[2009.07.01 22:49:04 | 00,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetpp.dll
[2009.07.01 22:49:04 | 00,093,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009.07.01 22:49:04 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2009.07.01 22:49:04 | 00,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2009.07.01 22:49:03 | 00,449,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\termsrv.dll
[2009.07.01 22:49:03 | 00,343,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2009.07.01 22:49:03 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\profsvc.dll
[2009.07.01 22:49:03 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
[2009.07.01 22:49:03 | 00,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2009.07.01 22:49:03 | 00,129,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptsvc.dll
[2009.07.01 22:49:03 | 00,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009.07.01 22:49:03 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hidserv.dll
[2009.07.01 22:49:02 | 01,696,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2009.07.01 22:49:02 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll
[2009.07.01 22:49:01 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2009.07.01 22:49:01 | 01,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2009.07.01 22:49:01 | 00,247,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsvcs.dll
[2009.07.01 22:49:01 | 00,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2009.07.01 22:49:01 | 00,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2009.07.01 22:49:01 | 00,149,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pci.sys
[2009.07.01 22:49:01 | 00,125,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
[2009.07.01 22:49:01 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2009.07.01 22:49:01 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msiexec.exe
[2009.07.01 22:49:00 | 01,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2009.07.01 22:49:00 | 00,262,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmans.dll
[2009.07.01 22:49:00 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll
[2009.07.01 22:49:00 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe
[2009.07.01 22:49:00 | 00,053,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\termdd.sys
[2009.07.01 22:49:00 | 00,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009.07.01 22:48:59 | 00,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2009.07.01 22:48:59 | 00,439,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys
[2009.07.01 22:48:59 | 00,265,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\acpi.sys
[2009.07.01 22:48:59 | 00,245,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2009.07.01 22:48:59 | 00,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdh.dll
[2009.07.01 22:48:59 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrrun.dll
[2009.07.01 22:48:59 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2009.07.01 22:48:59 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wersvc.dll
[2009.07.01 22:48:59 | 00,122,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys
[2009.07.01 22:48:59 | 00,109,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2009.07.01 22:48:59 | 00,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2009.07.01 22:48:59 | 00,050,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL
[2009.07.01 22:48:59 | 00,035,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
[2009.07.01 22:48:58 | 01,122,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appwiz.cpl
[2009.07.01 22:48:58 | 01,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll
[2009.07.01 22:48:58 | 00,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2009.07.01 22:48:58 | 00,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll
[2009.07.01 22:48:58 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2009.07.01 22:48:58 | 00,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
[2009.07.01 22:48:58 | 00,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc.dll
[2009.07.01 22:48:58 | 00,054,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\partmgr.sys
[2009.07.01 22:48:57 | 02,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2009.07.01 22:48:57 | 00,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2009.07.01 22:48:57 | 00,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
[2009.07.01 22:48:57 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUINotify.dll
[2009.07.01 22:48:57 | 00,048,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mup.sys
[2009.07.01 22:48:56 | 01,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2009.07.01 22:48:56 | 00,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2009.07.01 22:48:56 | 00,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll
[2009.07.01 22:48:56 | 00,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009.07.01 22:48:56 | 00,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2009.07.01 22:48:56 | 00,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2009.07.01 22:48:56 | 00,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll
[2009.07.01 22:48:56 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2009.07.01 22:48:56 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spp.dll
[2009.07.01 22:48:56 | 00,053,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\disk.sys
[2009.07.01 22:48:56 | 00,017,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2009.07.01 22:48:55 | 00,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autochk.exe
[2009.07.01 22:48:55 | 00,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2009.07.01 22:48:55 | 00,292,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys
[2009.07.01 22:48:55 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2009.07.01 22:48:55 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
[2009.07.01 22:48:55 | 00,099,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2009.07.01 22:48:55 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2009.07.01 22:48:55 | 00,043,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2009.07.01 22:48:55 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2009.07.01 22:48:54 | 00,869,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printui.dll
[2009.07.01 22:48:54 | 00,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2009.07.01 22:48:54 | 00,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2009.07.01 22:48:54 | 00,226,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\volsnap.sys
[2009.07.01 22:48:54 | 00,190,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fltMgr.sys
[2009.07.01 22:48:54 | 00,161,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys
[2009.07.01 22:48:54 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll
[2009.07.01 22:48:54 | 00,141,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys
[2009.07.01 22:48:54 | 00,014,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciide.sys
[2009.07.01 22:48:53 | 01,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onex.dll
[2009.07.01 22:48:53 | 00,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll
[2009.07.01 22:48:53 | 00,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2009.07.01 22:48:53 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2009.07.01 22:48:53 | 00,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2009.07.01 22:48:53 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll
[2009.07.01 22:48:53 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2009.07.01 22:48:53 | 00,027,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
[2009.07.01 22:48:53 | 00,017,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll
[2009.07.01 22:48:52 | 00,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswsock.dll
[2009.07.01 22:48:52 | 00,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll
[2009.07.01 22:48:52 | 00,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\atapi.sys
[2009.07.01 22:48:51 | 00,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2009.07.01 22:48:51 | 00,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2009.07.01 22:48:51 | 00,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2009.07.01 22:48:51 | 00,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll
[2009.07.01 22:48:51 | 00,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winmm.dll
[2009.07.01 22:48:51 | 00,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netbt.sys
[2009.07.01 22:48:51 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll
[2009.07.01 22:48:51 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spcmsg.dll
[2009.07.01 22:48:50 | 00,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2009.07.01 22:48:50 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2009.07.01 22:48:50 | 00,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2009.07.01 22:48:50 | 00,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2009.07.01 22:48:50 | 00,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2009.07.01 22:48:50 | 00,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsrslvr.dll
[2009.07.01 22:48:49 | 00,852,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2009.07.01 22:48:49 | 00,586,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\stobject.dll
[2009.07.01 22:48:49 | 00,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll
[2009.07.01 22:48:49 | 00,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2009.07.01 22:48:49 | 00,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2009.07.01 22:48:49 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2009.07.01 22:48:49 | 00,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2009.07.01 22:48:49 | 00,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2009.07.01 22:48:49 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll
[2009.07.01 22:48:49 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2009.07.01 22:48:49 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2009.07.01 22:48:49 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll
[2009.07.01 22:48:49 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2009.07.01 22:48:48 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaservc.dll
[2009.07.01 22:48:48 | 00,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
[2009.07.01 22:48:48 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\http.sys
[2009.07.01 22:48:48 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscript.exe
[2009.07.01 22:48:48 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2009.07.01 22:48:48 | 00,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll
[2009.07.01 22:48:48 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
[2009.07.01 22:48:48 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009.07.01 22:48:48 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009.07.01 22:48:47 | 01,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcpl.dll
[2009.07.01 22:48:47 | 00,971,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptui.dll
[2009.07.01 22:48:47 | 00,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll
[2009.07.01 22:48:47 | 00,514,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansvc.dll
[2009.07.01 22:48:47 | 00,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2009.07.01 22:48:47 | 00,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll
[2009.07.01 22:48:47 | 00,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll
[2009.07.01 22:48:47 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
[2009.07.01 22:48:47 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastapi.dll
[2009.07.01 22:48:47 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
[2009.07.01 22:48:46 | 01,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL
[2009.07.01 22:48:46 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll
[2009.07.01 22:48:46 | 00,286,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll
[2009.07.01 22:48:46 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2009.07.01 22:48:46 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2009.07.01 22:48:46 | 00,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2009.07.01 22:48:46 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2009.07.01 22:48:46 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
[2009.07.01 22:48:46 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll
[2009.07.01 22:48:46 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscsvc.dll
[2009.07.01 22:48:46 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2009.07.01 22:48:45 | 01,580,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2009.07.01 22:48:45 | 00,342,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\zipfldr.dll
[2009.07.01 22:48:45 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2009.07.01 22:48:45 | 00,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2009.07.01 22:48:45 | 00,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009.07.01 22:48:45 | 00,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2009.07.01 22:48:45 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regsvc.dll
[2009.07.01 22:48:45 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshext.dll
[2009.07.01 22:48:45 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2009.07.01 22:48:44 | 02,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2009.07.01 22:48:44 | 00,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2009.07.01 22:48:44 | 00,825,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdlg.dll
[2009.07.01 22:48:44 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll
[2009.07.01 22:48:44 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2009.07.01 22:48:44 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbehci.sys
[2009.07.01 22:48:43 | 01,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2009.07.01 22:48:43 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2009.07.01 22:48:42 | 00,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll
[2009.07.01 22:48:42 | 00,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2009.07.01 22:48:42 | 00,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
[2009.07.01 22:48:42 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2009.07.01 22:48:42 | 00,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srvsvc.dll
[2009.07.01 22:48:42 | 00,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll
[2009.07.01 22:48:42 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstlsapi.dll
[2009.07.01 22:48:42 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009.07.01 22:48:42 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2009.07.01 22:48:42 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uxsms.dll
[2009.07.01 22:48:42 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsbyuv.dll
[2009.07.01 22:48:41 | 03,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2009.07.01 22:48:41 | 01,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2009.07.01 22:48:41 | 00,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2009.07.01 22:48:41 | 00,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstsc.exe
[2009.07.01 22:48:41 | 00,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2009.07.01 22:48:41 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
[2009.07.01 22:48:41 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authz.dll
[2009.07.01 22:48:41 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2009.07.01 22:48:40 | 01,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2009.07.01 22:48:40 | 01,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2009.07.01 22:48:40 | 00,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2009.07.01 22:48:40 | 00,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll
[2009.07.01 22:48:40 | 00,175,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3svc.dll
[2009.07.01 22:48:40 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2009.07.01 22:48:40 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2009.07.01 22:48:40 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys
[2009.07.01 22:48:39 | 02,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2009.07.01 22:48:39 | 01,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2009.07.01 22:48:39 | 00,615,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themeui.dll
[2009.07.01 22:48:39 | 00,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2009.07.01 22:48:39 | 00,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2009.07.01 22:48:39 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll
[2009.07.01 22:48:39 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmci.dll
[2009.07.01 22:48:38 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2009.07.01 22:48:38 | 00,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcao.dll
[2009.07.01 22:48:38 | 00,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2009.07.01 22:48:38 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2009.07.01 22:48:38 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime
[2009.07.01 22:48:38 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regapi.dll
[2009.07.01 22:48:37 | 00,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll
[2009.07.01 22:48:37 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009.07.01 22:48:37 | 00,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tapisrv.dll
[2009.07.01 22:48:37 | 00,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll
[2009.07.01 22:48:37 | 00,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\exfat.sys
[2009.07.01 22:48:37 | 00,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2009.07.01 22:48:37 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2009.07.01 22:48:37 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll
[2009.07.01 22:48:37 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll
[2009.07.01 22:48:37 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll
[2009.07.01 22:48:36 | 01,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl
[2009.07.01 22:48:36 | 01,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2009.07.01 22:48:36 | 01,102,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmsys.cpl
[2009.07.01 22:48:36 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2009.07.01 22:48:36 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2009.07.01 22:48:36 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll
[2009.07.01 22:48:36 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2009.07.01 22:48:36 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe
[2009.07.01 22:48:36 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll
[2009.07.01 22:48:36 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2009.07.01 22:48:36 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscisvif.dll
[2009.07.01 22:48:35 | 00,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll
[2009.07.01 22:48:35 | 00,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2009.07.01 22:48:35 | 00,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll
[2009.07.01 22:48:35 | 00,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2009.07.01 22:48:35 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2009.07.01 22:48:35 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2009.07.01 22:48:35 | 00,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll
[2009.07.01 22:48:35 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2009.07.01 22:48:35 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBAUDIO.sys
[2009.07.01 22:48:35 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfdisk.dll
[2009.07.01 22:48:34 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll
[2009.07.01 22:48:34 | 00,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2009.07.01 22:48:34 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2009.07.01 22:48:34 | 00,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2009.07.01 22:48:34 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll
[2009.07.01 22:48:34 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2009.07.01 22:48:34 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2009.07.01 22:48:34 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2009.07.01 22:48:34 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwinsat.dll
[2009.07.01 22:48:33 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll
[2009.07.01 22:48:33 | 00,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2009.07.01 22:48:33 | 00,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2009.07.01 22:48:33 | 00,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe
[2009.07.01 22:48:33 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdmaud.drv
[2009.07.01 22:48:33 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpmon.dll
[2009.07.01 22:48:33 | 00,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll
[2009.07.01 22:48:33 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2009.07.01 22:48:33 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll
[2009.07.01 22:48:33 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys
[2009.07.01 22:48:33 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2009.07.01 22:48:33 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2009.07.01 22:48:32 | 01,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSVidCtl.dll
[2009.07.01 22:48:32 | 00,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL
[2009.07.01 22:48:32 | 00,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll
[2009.07.01 22:48:32 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdm.tsp
[2009.07.01 22:48:32 | 00,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\afd.sys
[2009.07.01 22:48:32 | 00,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasppp.dll
[2009.07.01 22:48:32 | 00,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2009.07.01 22:48:32 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontext.dll
[2009.07.01 22:48:32 | 00,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll
[2009.07.01 22:48:32 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\npfs.sys
[2009.07.01 22:48:32 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2009.07.01 22:48:31 | 02,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oobefldr.dll
[2009.07.01 22:48:31 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2009.07.01 22:48:31 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2009.07.01 22:48:31 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys
[2009.07.01 22:48:31 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys
[2009.07.01 22:48:31 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2009.07.01 22:48:30 | 06,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2009.07.01 22:48:30 | 00,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll
[2009.07.01 22:48:30 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll
[2009.07.01 22:48:30 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll
[2009.07.01 22:48:30 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2009.07.01 22:48:29 | 00,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2009.07.01 22:48:29 | 00,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2009.07.01 22:48:29 | 00,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\credui.dll
[2009.07.01 22:48:29 | 00,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fastfat.sys
[2009.07.01 22:48:29 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2009.07.01 22:48:29 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll
[2009.07.01 22:48:29 | 00,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
[2009.07.01 22:48:29 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2009.07.01 22:48:28 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2009.07.01 22:48:28 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netplwiz.dll
[2009.07.01 22:48:28 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll
[2009.07.01 22:48:28 | 00,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2009.07.01 22:48:28 | 00,062,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ohci1394.sys
[2009.07.01 22:48:28 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certprop.dll
[2009.07.01 22:48:27 | 02,226,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll
[2009.07.01 22:48:27 | 00,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2009.07.01 22:48:27 | 00,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
[2009.07.01 22:48:27 | 00,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcsvc.dll
[2009.07.01 22:48:27 | 00,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2009.07.01 22:48:27 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2009.07.01 22:48:27 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2009.07.01 22:48:27 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2009.07.01 22:48:27 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
[2009.07.01 22:48:27 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll
[2009.07.01 22:48:26 | 00,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2009.07.01 22:48:26 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2009.07.01 22:48:26 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll
[2009.07.01 22:48:26 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll
[2009.07.01 22:48:26 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sendmail.dll
[2009.07.01 22:48:26 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys
[2009.07.01 22:48:26 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys
[2009.07.01 22:48:25 | 00,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2009.07.01 22:48:25 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\udfs.sys
[2009.07.01 22:48:25 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009.07.01 22:48:25 | 00,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll
[2009.07.01 22:48:25 | 00,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmsynth.dll
[2009.07.01 22:48:25 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll
[2009.07.01 22:48:25 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009.07.01 22:48:25 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidusb.sys
[2009.07.01 22:48:24 | 00,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2009.07.01 22:48:24 | 00,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2009.07.01 22:48:24 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll
[2009.07.01 22:48:24 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2009.07.01 22:48:24 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshbth.dll
[2009.07.01 22:48:24 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2009.07.01 22:48:24 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\version.dll
[2009.07.01 22:48:24 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2009.07.01 22:48:24 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll
[2009.07.01 22:48:23 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpwd.sys
[2009.07.01 22:48:23 | 00,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndiswan.sys
[2009.07.01 22:48:23 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmusic.dll
[2009.07.01 22:48:23 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009.07.01 22:48:23 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll
[2009.07.01 22:48:23 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
[2009.07.01 22:48:22 | 00,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2009.07.01 22:48:22 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime
[2009.07.01 22:48:22 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2009.07.01 22:48:22 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2009.07.01 22:48:22 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll
[2009.07.01 22:48:22 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2009.07.01 22:48:22 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
[2009.07.01 22:48:22 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009.07.01 22:48:22 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll
[2009.07.01 22:48:22 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscdll.dll
[2009.07.01 22:48:21 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2009.07.01 22:48:21 | 00,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll
[2009.07.01 22:48:21 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll
[2009.07.01 22:48:21 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll
[2009.07.01 22:48:21 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2009.07.01 22:48:21 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2009.07.01 22:48:21 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll
[2009.07.01 22:48:21 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2009.07.01 22:48:21 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2009.07.01 22:48:21 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2009.07.01 22:48:20 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2009.07.01 22:48:20 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll
[2009.07.01 22:48:20 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2009.07.01 22:48:20 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2009.07.01 22:48:20 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rassstp.sys
[2009.07.01 22:48:20 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2009.07.01 22:48:20 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2009.07.01 22:48:20 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll
[2009.07.01 22:48:20 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2009.07.01 22:48:20 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CHxReadingStringIME.dll
[2009.07.01 22:48:19 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2009.07.01 22:48:19 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2009.07.01 22:48:19 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2009.07.01 22:48:19 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2009.07.01 22:48:19 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2009.07.01 22:48:19 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2009.07.01 22:48:18 | 00,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys
[2009.07.01 22:48:18 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys
[2009.07.01 22:48:18 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll
[2009.07.01 22:48:18 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cdrom.sys
[2009.07.01 22:48:18 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2009.07.01 22:48:18 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2009.07.01 22:48:18 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msacm32.drv
[2009.07.01 22:48:18 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcico.dll
[2009.07.01 22:48:17 | 00,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2009.07.01 22:48:17 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2009.07.01 22:48:17 | 00,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2009.07.01 22:48:17 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2009.07.01 22:48:16 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll
[2009.07.01 22:48:16 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll
[2009.07.01 22:48:16 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll
[2009.07.01 22:48:15 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys
[2009.07.01 22:48:15 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2009.07.01 22:48:15 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrnr.dll
[2009.07.01 22:48:15 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2009.07.01 22:48:15 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll
[2009.07.01 22:48:15 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetppui.dll
[2009.07.01 22:48:15 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2009.07.01 22:48:14 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\midimap.dll
[2009.07.01 22:48:14 | 00,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2009.07.01 22:48:13 | 00,052,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys
[2009.07.01 22:48:13 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2009.07.01 22:48:12 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\bridge.sys
[2009.07.01 22:48:12 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\raspppoe.sys
[2009.07.01 22:48:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbohci.sys
[2009.07.01 22:48:12 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2009.07.01 22:48:12 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009.07.01 22:48:12 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009.07.01 22:48:12 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009.07.01 22:48:11 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009.07.01 22:48:11 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2009.07.01 22:48:11 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
[2009.07.01 22:48:11 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2009.07.01 22:48:08 | 00,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2009.07.01 22:47:42 | 00,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2009.07.01 22:47:33 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2009.07.01 22:47:32 | 00,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2009.07.01 22:47:04 | 00,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2009.07.01 21:43:14 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2009.07.01 21:41:51 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009.07.01 21:41:50 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009.07.01 21:41:49 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009.07.01 21:41:49 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009.07.01 21:41:49 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009.07.01 21:41:48 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009.07.01 21:41:48 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009.07.01 21:41:47 | 01,207,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009.07.01 21:41:47 | 00,385,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009.07.01 21:41:47 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009.07.01 21:41:46 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009.07.01 21:41:45 | 11,064,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009.07.01 21:41:45 | 05,936,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009.07.01 21:40:10 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009.07.01 21:40:09 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2009.07.01 21:40:09 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009.07.01 21:40:09 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009.07.01 21:40:09 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009.07.01 21:40:08 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009.07.01 21:40:08 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009.07.01 21:40:08 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2009.07.01 21:40:08 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdc.ocx
[2009.07.01 21:40:08 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2009.07.01 21:40:08 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2009.07.01 21:40:07 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009.07.01 21:40:07 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009.07.01 21:40:07 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009.07.01 21:40:07 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2009.07.01 21:40:07 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009.07.01 21:40:07 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2009.07.01 21:40:06 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009.07.01 21:40:06 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2009.07.01 21:40:06 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2009.07.01 21:40:06 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009.07.01 21:40:06 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009.07.01 21:40:06 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2009.07.01 21:40:06 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009.07.01 21:40:05 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009.07.01 21:40:05 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009.07.01 21:40:05 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009.07.01 21:40:05 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009.07.01 21:40:04 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009.07.01 21:40:04 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009.07.01 21:40:04 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2009.07.01 21:40:04 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009.07.01 21:40:01 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2009.07.01 21:40:01 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009.07.01 21:40:01 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2009.07.01 21:40:01 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2009.07.01 21:40:01 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009.07.01 21:40:01 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2009.07.01 21:40:01 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2009.07.01 21:40:01 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2009.07.01 21:40:01 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshta.exe
[2009.07.01 21:40:00 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009.06.30 22:04:58 | 00,000,996 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009.06.30 22:04:57 | 00,000,992 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009.06.26 00:21:41 | 00,001,728 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009.05.15 23:09:14 | 00,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2009.05.14 19:08:21 | 00,000,340 | ---- | C] () -- C:\Windows\wininit.ini
[2009.04.02 18:59:32 | 00,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.03.16 23:26:02 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.02.18 22:08:46 | 00,051,370 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009.02.18 19:14:30 | 00,139,072 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.02.02 12:26:55 | 00,033,920 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys
[2008.07.22 11:01:25 | 00,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2008.04.23 01:07:38 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.04.23 01:07:38 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.04.23 00:26:27 | 00,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.04.23 00:23:17 | 00,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2007.05.15 19:06:58 | 00,071,208 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll
[2007.04.14 15:57:06 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007.04.14 15:57:06 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007.04.14 15:57:06 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007.04.14 15:57:04 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007.04.14 15:57:04 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007.04.14 15:57:04 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007.04.14 15:57:04 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007.04.14 15:57:04 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007.04.14 15:57:04 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.03.06 18:50:30 | 01,669,664 | ---- | C] () -- C:\Windows\System32\drivers\Lvckap.sys
[2006.11.10 16:08:50 | 00,024,064 | ---- | C] () -- C:\Windows\System32\drivers\ATITool.sys
[2006.11.02 15:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 13:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006.11.02 13:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006.11.02 10:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.02.25 02:59:49 | 00,318,014 | ---- | C] () -- C:\Windows\System32\flt1chk4.dll
[2004.10.28 17:38:10 | 00,315,728 | ---- | C] () -- C:\Windows\System32\flt1chk3.dll
[2002.03.14 01:46:46 | 00,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2001.12.26 16:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2009.07.24 18:09:43 | 01,216,208 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009.07.24 18:09:43 | 00,594,108 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009.07.24 18:09:43 | 00,442,516 | ---- | M] () -- C:\Windows\System32\perfh00B.dat
[2009.07.24 18:09:43 | 00,104,296 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009.07.24 18:09:43 | 00,083,758 | ---- | M] () -- C:\Windows\System32\perfc00B.dat
[2009.07.24 18:09:05 | 00,000,996 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009.07.24 18:07:06 | 00,000,900 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009.07.24 18:05:00 | 00,000,992 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009.07.24 18:04:57 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009.07.24 18:04:56 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009.07.24 18:04:53 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009.07.24 18:04:52 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009.07.24 18:04:47 | 32,203,65312 | -HS- | M] () -- C:\hiberfil.sys
[2009.07.24 16:28:51 | 00,139,072 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.07.24 16:28:42 | 00,189,672 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2009.07.24 16:28:42 | 00,189,672 | ---- | M] () -- C:\Windows\System32\PnkBstrB.exe
[2009.07.24 12:33:59 | 00,000,532 | ---- | M] () -- C:\Windows\tasks\Scheduled scanning task.job
[2009.07.23 15:02:24 | 00,002,048 | ---- | M] () -- C:\Windows\lvld67.lic
[2009.07.23 14:57:51 | 00,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2009.07.17 18:48:55 | 02,230,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.17 18:29:44 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009.07.17 18:29:44 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009.07.17 18:29:44 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009.07.17 18:29:44 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009.07.16 17:21:11 | 00,071,736 | ---- | M] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT
[2009.07.16 00:36:35 | 00,131,072 | ---- | M] (Concept Software, Inc.) -- C:\Windows\System32\SKCA32.dll
[2009.07.16 00:36:34 | 00,127,488 | ---- | M] (Concept Software, Inc.) -- C:\Windows\System32\KEYLIB32.dll
[2009.07.15 20:51:41 | 00,000,210 | ---- | M] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009.07.15 20:43:58 | 00,129,536 | ---- | M] () -- C:\Windows\inout2.dll
[2009.07.12 21:06:39 | 32,059,3023 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009.07.08 21:03:13 | 00,033,920 | ---- | M] () -- C:\Windows\System32\drivers\fsbts.sys
[2009.07.07 18:10:56 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009.06.26 00:21:41 | 00,001,728 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 512 bytes -> C:\Users\All Users\TEMP:05EE1EEF
@Alternate Data Stream - 512 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 110 bytes -> C:\Users\All Users\TEMP:888AFB86
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86
@Alternate Data Stream - 105 bytes -> C:\Users\All Users\TEMP:C95B63DA
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:C95B63DA
|
|
Mainos
|
|
|
|
warwas
Suspended permanently
|
24. heinäkuuta 2009 @ 19:39 |
Linkki tähän viestiin
|
Sulla kyl on kräkätty Adoben ohjelmisto, näin sen jo viimeksi.
Napsauta Windows Vista -tietokoneessa Käynnistä-painiketta
Kirjoita Aloita haku -ruutuun Kansion asetukset ja valitse sitten Ohjelmat-luettelossa Kansion asetukset.
Jos sinua kehotetaan antamaan järjestelmänvalvojan salasana tai vahvistamaan toiminto, kirjoita salasana tai valitse Jatka.
Valitse Kansion asetukset -valintaikkunassa Näytä-välilehti.
RUKSI Piilota suojatut käyttöjärjestelmätiedostot (suositus) -valintaruudun valinta.
Vahvista käyttöjärjestelmätiedostojen "muuttaminen"? valitsemalla Kyllä ja valitse sitten OK.
http://support.microsoft.com/kb/948253/fi
Varmistu ensin, että piilotiedostot on näkyvillä.
Piilotiedostot näkyviin
Mene --> tänne
Kun sivu on latautunut, klikkaa Selaa-nappulaa ja etsi seuraava tiedosto ja paina Submit.
C:\Windows\System32\Drivers\spxq.sys
C:\Users\*käyttäjä nimi*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinCE3.exe
Oma käyttäjänimsei tuohon
Lähetä skannin tulokset seuraavassa viestissäsi.
Jos et löydä tiedostoa, niin kopio/liitä tiedostonimi polkuineen kenttään ja paina Submit.
Jos Jotti on ruuhkainen, yritä samaa Virustotalissa: http://www.virustotal.com/flash/index_en.html
lähetä Jotin tulokset.
|
|
