Hitaus, pop up, ja varoitus viestejä

volvo240 · Apr 6, 2007

Terve!

Ongelma on tämä

Explorer avaa itsestään uusia välilehtiä ilmeisesti jonkun virustorjuntaohjelmiston sivuille, kone on muutenkin hidas ja välillä tulee jotakin windows varoituksia koneen saastmisesta.loki

Kiitos jo etukäteen vastauksista
Tässä lokkitiedosto:

volvo240 · Apr 6, 2007

Siis tässä loki.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 23:14:23, on 6.4.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HiJackThis_v2.0.0.0.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\qfdcwjeh.dll (file missing)
O2 - BHO: (no name) - {65459489-72D2-4B52-AA3E-1BA88D646D7B} - C:\WINDOWS\System32\sstqn.dll
O2 - BHO: (no name) - {A5673137-EFE9-447E-9246-47B88F6732B0} - C:\WINDOWS\system32\oesbrrvp.dll (file missing)
O4 - HKLM\..\Run: [Enables Windows user mode drivers] WinEUM.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\uxjiyumr.dll",setvm
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\RunServices: [Enables Windows user mode drivers] WinEUM.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Enables Windows user mode drivers] WinEUM.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175698532440
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175707988603
O20 - Winlogon Notify: sstqn - C:\WINDOWS\System32\sstqn.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 6645 bytes

Auttaja · Apr 6, 2007

Lataa VundoFix.exe työpöydällesi.
*Tupla-klikkaa VundoFix.exe ajaaksesi sen.
*Klikkaa Scan for Vundo valintaa.
*Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
*Sinulta kysytään haluatko poistaa filut - klikkaa YES.
*Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
*Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
*Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

*******

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

volvo240 · Apr 6, 2007

Kiitos nopeasta vastauksesta.

Tässä VundoFix loki:

VundoFix V6.3.19

Checking Java version...

Sun Java not detected
Scan started at 0:30:51 7.4.2007

Listing files found while scanning....

C:\WINDOWS\System32\nqtss.bak1
C:\WINDOWS\System32\nqtss.bak2
C:\WINDOWS\System32\nqtss.ini
C:\WINDOWS\System32\nqtss.ini2
C:\WINDOWS\System32\nqtss.tmp
C:\WINDOWS\system32\qfdcwjeh.dll
C:\WINDOWS\System32\sstqn.dll

Beginning removal...

Attempting to delete C:\WINDOWS\System32\nqtss.bak1
C:\WINDOWS\System32\nqtss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\nqtss.bak2
C:\WINDOWS\System32\nqtss.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\nqtss.ini
C:\WINDOWS\System32\nqtss.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\nqtss.ini2
C:\WINDOWS\System32\nqtss.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\nqtss.tmp
C:\WINDOWS\System32\nqtss.tmp Has been deleted!

Attempting to delete C:\WINDOWS\System32\sstqn.dll
C:\WINDOWS\System32\sstqn.dll Has been deleted!

Performing Repairs to the registry.
Done!

Ja tässä tuore HJT loki:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:24:05, on 7.4.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HiJackThis_v2.0.0.0.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {65459489-72D2-4B52-AA3E-1BA88D646D7B} - C:\WINDOWS\System32\sstqn.dll (file missing)
O2 - BHO: (no name) - {A5673137-EFE9-447E-9246-47B88F6732B0} - C:\WINDOWS\system32\oesbrrvp.dll (file missing)
O4 - HKLM\..\Run: [Enables Windows user mode drivers] WinEUM.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\uxjiyumr.dll",setvm
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\RunServices: [Enables Windows user mode drivers] WinEUM.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Enables Windows user mode drivers] WinEUM.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175698532440
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175707988603
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 6485 bytes

volvo240 · Apr 6, 2007

ComboFix loki:

"koti" - 07-04-07 7:36:59 Service Pack 2
ComboFix 07-04-05 - Running from: "C:\Documents and Settings\koti\Ty”p”yt„"

((((((((((((((((((((((((((((((( Files Created from 2007-03-07 to 2007-04-07 ))))))))))))))))))))))))))))))))))

2007-04-07 00:30 <KANSIO> d-------- C:\VundoFix Backups
2007-04-06 22:15 <KANSIO> d-------- C:\HJT
2007-04-06 20:52 <KANSIO> d-------- C:\Program Files\MegaSquirt
2007-04-06 19:15 <KANSIO> d-------- C:\WINDOWS\pss
2007-04-06 07:21 <KANSIO> d-------- C:\WINDOWS\system32\fi-fi
2007-04-06 07:15 <KANSIO> d-------- C:\WINDOWS\network diagnostic
2007-04-06 00:35 <KANSIO> d--h----- C:\WINDOWS\PIF
2007-04-06 00:11 <KANSIO> d-------- C:\Program Files\Norton AntiVirus
2007-04-06 00:08 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-04-06 00:08 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-04-06 00:06 <KANSIO> d-------- C:\Program Files\Symantec
2007-04-06 00:06 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-04-06 00:00 <KANSIO> d-------- C:\Program Files\Common Files\Symantec Shared
2007-04-05 23:52 5,248 --a------ C:\WINDOWS\system32\drivers\Vax347s.sys
2007-04-05 23:52 159,616 --a------ C:\WINDOWS\system32\drivers\Vax347b.sys
2007-04-05 23:52 <KANSIO> d-------- C:\Program Files\Alcohol Soft
2007-04-05 22:55 <KANSIO> d-------- C:\Program Files\uTorrent
2007-04-05 22:55 <KANSIO> d-------- C:\DOCUME~1\koti\APPLIC~1\uTorrent
2007-04-04 22:54 <KANSIO> d--hs---- C:\RECYCLER
2007-04-04 22:43 262,144 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-04-04 22:12 6,550 --a------ C:\WINDOWS\jautoexp.dat
2007-04-04 22:12 46,352 --a------ C:\WINDOWS\setdebug.exe
2007-04-04 22:12 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2007-04-04 22:12 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-04-04 22:12 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-04-04 21:37 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-04-04 21:36 <KANSIO> d-------- C:\WINDOWS\Prefetch
2007-04-04 21:09 <KANSIO> d-------- C:\WINDOWS\provisioning
2007-04-04 21:09 <KANSIO> d-------- C:\WINDOWS\peernet
2007-04-04 21:06 <KANSIO> d-------- C:\WINDOWS\ServicePackFiles
2007-04-04 21:01 <KANSIO> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-04-04 20:57 <KANSIO> d-------- C:\WINDOWS\EHome
2007-04-04 20:51 4,569 --------- C:\WINDOWS\system32\secupd.dat
2007-04-04 20:51 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2007-04-04 20:34 <KANSIO> d-------- C:\WINDOWS\system32\CatRoot2
2007-04-04 20:26 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2007-04-04 20:26 40,960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-04-04 20:26 330,752 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-04-04 20:26 2,921,984 --------- C:\WINDOWS\system32\xpsp2res.dll
2007-04-04 19:33 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-04-04 19:27 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-04-04 19:27 <KANSIO> d--h----- C:\WINDOWS\$hf_mig$
2007-04-04 19:27 <KANSIO> d-------- C:\WINDOWS\system32\PreInstall
2007-04-04 19:17 <KANSIO> d-------- C:\WINDOWS\system32\bits
2007-04-04 19:01 <KANSIO> d-------- C:\Program Files\Lavasoft
2007-04-04 19:01 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-04 19:01 <KANSIO> d-------- C:\DOCUME~1\koti\APPLIC~1\Lavasoft
2007-04-04 18:43 29,648 --a------ C:\WINDOWS\system32\cirm.exe
2007-04-04 18:32 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-04-04 18:32 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-04-04 18:32 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2007-04-04 18:32 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-04-04 18:25 29,648 --a------ C:\WINDOWS\system32\ekqw.exe
2007-04-04 18:23 581,120 --a------ C:\WINDOWS\system32\rpcrt4.dll
2007-04-04 18:23 397,824 --a------ C:\WINDOWS\system32\rpcss.dll
2007-04-04 18:23 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2007-04-04 18:23 1,284,608 --a------ C:\WINDOWS\system32\ole32.dll
2007-04-04 17:58 29,648 --a------ C:\WINDOWS\system32\mdmdfqh.exe
2007-04-04 17:56 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-04-04 17:56 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-04-04 17:56 194,840 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-04-04 17:56 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2007-04-04 17:56 173,848 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-04-04 17:56 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-04-04 17:55 <KANSIO> d--hs---- C:\DOCUME~1\koti\UserData
2007-04-04 17:55 <KANSIO> d-------- C:\WINDOWS\SoftwareDistribution
2007-04-04 01:53 <KANSIO> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-04-04 01:53 <KANSIO> dr--s---- C:\WINDOWS\Fonts
2007-04-04 01:53 <KANSIO> dr------- C:\WINDOWS\Web
2007-04-04 01:53 <KANSIO> d--h----- C:\WINDOWS\inf
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\WinSxS
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\twain_32
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\system32\wins
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\system32\wbem
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\system32\usmt
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\system32\spool
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\system32\ShellExt
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\system32\Setup
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\system32\ras
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\system32\oobe
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\system32\npp
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\system32\mui
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\system32\inetsrv
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\system32\IME
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\system32\icsxml
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\system32\ias
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\system32\export
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\system32\drivers\etc
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\system32\drivers\disdn
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\system32\drivers
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\system32\dhcp
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\system32\config
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\system32\3com_dmi
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\system32\3076
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\system32\2052
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\system32\1054
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\system32\1042
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\system32\1041
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\system32\1037
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\system32\1035
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\system32\1033
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\system32\1031
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\system32\1028
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\system32\1025
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\system32
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\system
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\security
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\Resources
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\repair
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\mui
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\msapps
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\msagent
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\Media
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\java
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\ime
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\Help
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\Driver Cache
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\Debug
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\Cursors
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\Connection Wizard
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\Config
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\AppPatch
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS\addins
2007-04-04 01:53 <KANSIO> d-------- C:\WINDOWS
2007-04-04 00:03 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-04-04 00:03 7,552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2007-04-04 00:03 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-04-04 00:03 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-04-04 00:03 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-04-04 00:03 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2007-04-04 00:03 5,376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2007-04-04 00:03 4,992 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2007-04-04 00:03 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-04-04 00:03 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-04-04 00:03 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-04-04 00:03 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-04-04 00:02 75,392 --a------ C:\WINDOWS\system32\drivers\s3savmxm.sys
2007-04-04 00:02 57,216 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-04-04 00:02 36,224 --a------ C:\WINDOWS\system32\drivers\an983.sys
2007-04-04 00:02 245,632 --a------ C:\WINDOWS\system32\s3savmx.dll
2007-04-04 00:02 169,984 --a------ C:\WINDOWS\system32\drivers\pcx500.sys
2007-04-04 00:01 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
2007-04-04 00:01 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-04-04 00:01 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-04-04 00:01 595,711 --a------ C:\WINDOWS\system32\drivers\es56cvmp.sys
2007-04-04 00:01 42,368 --a------ C:\WINDOWS\system32\drivers\agp440.sys
2007-04-04 00:01 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-04-04 00:01 174,464 --a------ C:\WINDOWS\system32\drivers\es198x.sys
2007-04-04 00:01 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-04-04 00:01 14,080 --a------ C:\WINDOWS\system32\drivers\cmbatt.sys
2007-04-04 00:01 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys
2007-04-03 23:59 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-04-03 23:59 9,008 --a------ C:\WINDOWS\system\VER.DLL
2007-04-03 23:59 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-04-03 23:59 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-04-03 23:59 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-04-03 23:59 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-04-03 23:59 74,240 --a------ C:\WINDOWS\system32\storprop.dll
2007-04-03 23:59 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-04-03 23:59 69,856 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-04-03 23:59 69,632 --a------ C:\WINDOWS\notepad.exe
2007-04-03 23:59 68,768 --a------ C:\WINDOWS\system\mmsystem.dll
2007-04-03 23:59 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-04-03 23:59 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-04-03 23:59 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-04-03 23:59 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-04-03 23:59 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-04-03 23:59 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-04-03 23:59 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-04-03 23:59 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-04-03 23:59 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-04-03 23:59 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-04-03 23:59 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-04-03 23:59 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-04-03 23:59 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-04-03 23:59 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-04-03 23:59 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-04-03 23:59 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-04-03 23:59 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-04-03 23:59 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-04-03 23:59 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-04-03 23:59 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-04-03 23:59 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-04-03 23:59 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-04-03 23:59 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-04-03 23:59 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-04-03 23:59 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-04-03 23:59 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-04-03 23:59 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-04-03 23:59 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-04-03 23:59 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-04-03 23:59 33,120 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-04-03 23:59 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-04-03 23:59 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-04-03 23:59 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-04-03 23:59 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-04-03 23:59 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-04-03 23:59 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-04-03 23:59 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-04-03 23:59 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-04-03 23:59 109,504 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-04-03 23:59 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-04-03 23:59 <KANSIO> d-------- C:\Program Files\Common Files\SpeechEngines
2007-04-03 23:59 <KANSIO> d-------- C:\Program Files\Common Files\ODBC
2007-04-03 23:59 <KANSIO> d-------- C:\Program Files
2007-04-03 23:58 <KANSIO> dr------- C:\DOCUME~1\DEFAUL~1\K„ynnist„-valikko
2007-04-03 23:58 <KANSIO> dr------- C:\DOCUME~1\ALLUSE~1\Tiedostot
2007-04-03 23:58 <KANSIO> d--h----- C:\DOCUME~1\DEFAUL~1\Verkkoymp„rist”
2007-04-03 23:58 <KANSIO> d--h----- C:\DOCUME~1\DEFAUL~1\Tulostinymp„rist”
2007-04-03 23:58 <KANSIO> d--h----- C:\DOCUME~1\DEFAUL~1\Mallit
2007-04-03 23:58 <KANSIO> d--h----- C:\DOCUME~1\ALLUSE~1\Mallit
2007-04-03 23:58 <KANSIO> d-------- C:\WINDOWS\system32\CatRoot
2007-04-03 23:58 <KANSIO> d-------- C:\Documents and Settings
2007-04-03 23:58 <KANSIO> d-------- C:\DOCUME~1\DEFAUL~1\Ty”p”yt„
2007-04-03 23:58 <KANSIO> d-------- C:\DOCUME~1\DEFAUL~1\Suosikit
2007-04-03 23:58 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\Ty”p”yt„
2007-04-03 23:58 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\Suosikit
2007-04-03 23:58 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\K„ynnist„-valikko
2007-04-03 23:24 <KANSIO> d--hs---- C:\WINDOWS\Installer
2007-04-03 23:23 1,048,576 --ah----- C:\DOCUME~1\koti\NTUSER.DAT
2007-04-03 23:23 <KANSIO> dr------- C:\DOCUME~1\koti\Suosikit
2007-04-03 23:23 <KANSIO> dr------- C:\DOCUME~1\koti\Omat tiedostot
2007-04-03 23:23 <KANSIO> d--h----- C:\DOCUME~1\koti\Verkkoymp„rist”
2007-04-03 23:23 <KANSIO> d--h----- C:\DOCUME~1\koti\Tulostinymp„rist”
2007-04-03 23:23 <KANSIO> d--h----- C:\DOCUME~1\koti\Mallit
2007-04-03 23:23 <KANSIO> d-------- C:\DOCUME~1\koti\Ty”p”yt„
2007-04-03 23:23 <KANSIO> d-------- C:\DOCUME~1\koti\K„ynnist„-valikko
2007-04-03 23:18 233,472 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-04-03 23:18 233,472 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-04-03 23:18 <KANSIO> d--hs---- C:\System Volume Information
2007-04-03 23:13 233,472 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-04-03 23:13 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-04-03 23:13 0 -rahs---- C:\MSDOS.SYS
2007-04-03 23:13 0 -rahs---- C:\IO.SYS
2007-04-03 23:13 0 --a------ C:\CONFIG.SYS
2007-04-03 23:13 0 --a------ C:\AUTOEXEC.BAT
2007-04-03 23:13 <KANSIO> d-------- C:\WINDOWS\system32\xircom
2007-04-03 23:13 <KANSIO> d-------- C:\Program Files\microsoft frontpage
2007-04-03 23:11 <KANSIO> dr------- C:\WINDOWS\Offline Web Pages
2007-04-03 23:11 <KANSIO> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-04-03 23:11 <KANSIO> d---s---- C:\WINDOWS\Downloaded Program Files
2007-04-03 23:10 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-04-03 23:10 48,640 --a------ C:\WINDOWS\system32\inetres.dll
2007-04-03 23:10 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-04-03 23:10 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-04-03 23:10 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-04-03 23:10 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-04-03 23:10 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-04-03 23:10 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-04-03 23:10 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-04-03 23:10 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-04-03 23:10 <KANSIO> d-------- C:\WINDOWS\system32\DirectX
2007-04-03 23:09 86,016 --a------ C:\WINDOWS\system32\isign32.dll
2007-04-03 23:09 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-04-03 23:09 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-04-03 23:09 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-04-03 23:09 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-04-03 23:09 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-04-03 23:09 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-04-03 23:09 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-04-03 23:09 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-04-03 23:09 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-04-03 23:09 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-04-03 23:09 278,528 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-04-03 23:09 276,480 --a------ C:\WINDOWS\system32\mstask.dll
2007-04-03 23:09 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-04-03 23:09 240,640 --a------ C:\WINDOWS\system32\srrstr.dll
2007-04-03 23:09 21,672 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-03 23:09 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-04-03 23:09 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-04-03 23:09 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-04-03 23:09 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-04-03 23:09 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-04-03 23:09 <KANSIO> d---s---- C:\WINDOWS\Tasks
2007-04-03 23:09 <KANSIO> d-------- C:\WINDOWS\system32\Restore
2007-04-03 23:09 <KANSIO> d-------- C:\WINDOWS\system32\Macromed
2007-04-03 23:09 <KANSIO> d-------- C:\WINDOWS\srchasst
2007-04-03 23:09 <KANSIO> d-------- C:\WINDOWS\PCHealth
2007-04-03 23:09 <KANSIO> d-------- C:\Program Files\Movie Maker
2007-04-03 23:09 <KANSIO> d-------- C:\Program Files\Common Files\MSSoap
2007-04-03 23:08 <KANSIO> d-------- C:\WINDOWS\Registration
2007-04-03 23:07 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-04-03 23:07 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-04-03 23:07 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-04-03 23:07 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-04-03 23:07 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-04-03 23:07 80,896 --a------ C:\WINDOWS\system32\charmap.exe
2007-04-03 23:07 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-04-03 23:07 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-04-03 23:07 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-04-03 23:07 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2007-04-03 23:07 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-04-03 23:07 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-04-03 23:07 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-04-03 23:07 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-04-03 23:07 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-04-03 23:07 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-04-03 23:07 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-04-03 23:07 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-04-03 23:07 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-04-03 23:07 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-04-03 23:07 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-04-03 23:07 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-04-03 23:07 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-04-03 23:07 350,208 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-04-03 23:07 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-04-03 23:07 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-04-03 23:07 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-04-03 23:07 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-04-03 23:07 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-04-03 23:07 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-04-03 23:07 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-04-03 23:07 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-04-03 23:07 21,504 --a------ C:\WINDOWS\system32\msg.exe
2007-04-03 23:07 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-04-03 23:07 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-04-03 23:07 186,368 --a------ C:\WINDOWS\system32\accwiz.exe
2007-04-03 23:07 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-04-03 23:07 17,408 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-04-03 23:07 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-04-03 23:07 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-04-03 23:07 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-04-03 23:07 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-04-03 23:07 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-04-03 23:07 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-04-03 23:07 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-04-03 23:07 15,360 --a------ C:\WINDOWS\system32\tscon.exe
2007-04-03 23:07 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2007-04-03 23:07 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-04-03 23:07 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-04-03 23:07 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2007-04-03 23:07 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-04-03 23:07 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-04-03 23:07 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-04-03 23:07 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-04-03 23:07 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-04-03 23:07 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-04-03 23:07 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-04-03 23:07 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-04-03 23:07 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-04-03 23:07 <KANSIO> d--h----- C:\Program Files\WindowsUpdate
2007-04-03 23:07 <KANSIO> d-------- C:\Program Files\Online Services
2007-04-03 23:07 <KANSIO> d-------- C:\Program Files\MSN Gaming Zone
2007-04-03 23:07 <KANSIO> d-------- C:\Program Files\Messenger
2007-04-03 23:06 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-04-03 23:06 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-04-03 23:06 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-04-03 23:06 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-04-03 23:06 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-04-03 23:06 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-04-03 23:06 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-04-03 23:06 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-04-03 23:06 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-04-03 23:06 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-04-03 23:06 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-04-03 23:06 404,992 --a------ C:\WINDOWS\system32\mstsc.exe
2007-04-03 23:06 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-04-03 23:06 39,424 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-04-03 23:06 344,064 --a------ C:\WINDOWS\system32\mspaint.exe
2007-04-03 23:06 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-04-03 23:06 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-04-03 23:06 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-04-03 23:06 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-04-03 23:06 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-04-03 23:06 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-04-03 23:06 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-04-03 23:06 124,696 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-04-03 23:06 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-04-03 23:06 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-04-03 23:06 102,400 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-04-03 23:06 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-04-03 23:06 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-04-03 23:06 <KANSIO> d-------- C:\WINDOWS\system32\MsDtc
2007-04-03 23:06 <KANSIO> d-------- C:\WINDOWS\system32\Com
2007-04-03 23:06 <KANSIO> d-------- C:\Program Files\Windows NT
2007-03-27 17:11 276,792 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
2007-03-27 17:11 25,400 --a------ C:\WINDOWS\system32\drivers\srtspx.sys
2007-03-27 17:11 247,608 --a------ C:\WINDOWS\system32\drivers\srtsp.sys

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-04-04 22:37 48858 --a------ C:\WINDOWS\system32\perfc00b.dat
2007-04-04 22:37 283594 --a------ C:\WINDOWS\system32\perfh00b.dat
2007-04-03 23:58 62 --ahs---- C:\DOCUME~1\koti\APPLIC~1\desktop.ini
2007-03-08 18:38 578048 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 18:37 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 18:34 1843840 --a------ C:\WINDOWS\system32\win32k.sys
2007-01-08 19:01 17408 --a------ C:\WINDOWS\system32\corpol.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Enables Windows user mode drivers"="WinEUM.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Enables Windows user mode drivers"="WinEUM.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton AntiVirus\\osCheck.exe\""
"Symantec PIF AlertEng"="\"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Enables Windows user mode drivers"="WinEUM.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Enables Windows user mode drivers"="WinEUM.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - koti.job

********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-07 7:40:00
C:\ComboFix-quarantined-files.txt ... 07-04-07 07:40

Auttaja · Apr 7, 2007

Avaa hijackthis merkkaa seuraavat rivi(t) ja paina fix checked, sulje muut ohjelmat siksi aikaa

O2 - BHO: (no name) - {65459489-72D2-4B52-AA3E-1BA88D646D7B} - C:\WINDOWS\System32\sstqn.dll (file missing)
O2 - BHO: (no name) - {A5673137-EFE9-447E-9246-47B88F6732B0} - C:\WINDOWS\system32\oesbrrvp.dll (file missing)
Unknown
O4 - HKLM\..\Run: [Enables Windows user mode drivers] WinEUM.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\uxjiyumr.dll",setvm
O4 - HKLM\..\RunServices: [Enables Windows user mode drivers] WinEUM.exe
O4 - HKCU\..\Run: [Enables Windows user mode drivers] WinEUM.exe

Lataa AVG Anti-Spyware 7.5 ja tallenna ohjelma työpöydällesi.

[*]Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
[*]Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
[*]Käynnistä AVG Anti-Spyware.
[*]Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.
[*]Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.
[*]Paina hetken kuluttua uudestaan "Start Update" , jos päivitykset eivät heti onnistu
[*]Jos automaattipäivitys ei jostain syystä toimi, niin tunnisteet voi ladata manuaalisesti http://www.ewido.net/en/download/updates/ -linkin takaa.
[*]Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
[*]Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
[*]Sitten "Reports" valikon alta:
[*]Laita täppi kohtaan "Automatically generate report after every scan"
[*]Ota täppi pois kohdasta"Only if threats were found"
[*]Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
[*]"Resident shield is", muuta tila active:sta inactive:ksi
[*]Sulje ohjelma, ÄLÄ skannaa vielä.

Käynnistä tietokone vikasietotilaan:
1. Käynnistä tietokone uudelleen.
2. Kun tietokone käynnistyy, paina F8-näppäintä.
3. Näyttöön tulee erilaisia käynnistysvaihtoehtoja.
4. Valitse näppäimistön nuolinäppäinten avulla Vikasietotila.
5. Paina ENTER-näppäintä.

HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.
[*]Kun vikasietotilassa, käynnistä AVG Anti-Spyware.
[*]Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
[*]AVG aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.
Kun skannaus on valmis:
TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
[*]Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
[*]Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"

[*]Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
[*]Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
[*]Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestiketjuusi.

Laita uusi hijackthis logi

volvo240 · Apr 9, 2007

Kiitoksia taas kovasti avusta!

Tässä on tuo AWG loki:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 20:24:16 9.4.2007

+ Scan result:

C:\Documents and Settings\koti\Cookies\koti@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\koti\Cookies\koti@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\koti\Cookies\koti@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\koti\Cookies\koti@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\koti\Cookies\koti@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\koti\Cookies\koti@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\koti\Cookies\koti@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\koti\Cookies\koti@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\koti\Cookies\koti@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\koti\Cookies\koti@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned.
C:\Documents and Settings\koti\Cookies\koti@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\koti\Cookies\koti@web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned.

::Report end

Tässä tuore HJT loki:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:35:59, on 9.4.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\HJT\HiJackThis_v2.0.0.0.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175698532440
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175707988603
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 6322 bytes

Auttaja · Apr 9, 2007

kunnossa on!

Ninn · Apr 9, 2007

Samantapaisia ongelmia täälläkin, kone on todella hidas ja jotain stop messenger pop ups -ikkunoita hyppelee silmille minuutin välein.
Jos joku viitsisi vielä minulle neuvoa tämän.

HT loki:

Logfile of HijackThis v1.98.2
Scan saved at 10:08:12, on 10.4.2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ELISAT~1\4119343\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\PROGRA~1\ELISAT~1\4119343\Program\BACKWE~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\VPNPlus\Program\fsvpnd.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\mapiicon.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\MSN Messenger\usnsvc.exe
D:\donloads2\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {20929603-21DB-477C-BA6F-0B8E70B3C8A0} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [ADSL_A2] A2Installed
O4 - HKLM\..\Run: [Windows Compliant] winole.exe
O4 - HKLM\..\Run: [Win Update Microsoft] winmode.exe
O4 - HKLM\..\Run: [Services] C:\WINDOWS\system32\windns.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [vSeYbSd5n] C:\WINDOWS\kmjbl.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\RunServices: [Windows Compliant] winole.exe
O4 - HKLM\..\RunServices: [Win Update Microsoft] winmode.exe
O4 - HKCU\..\Run: [Win Update Microsoft] winmode.exe
O4 - HKCU\..\Run: [Windows Compliant] winole.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: ADSL Diagnostic Tools.LNK = C:\WINDOWS\system32\mapiicon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1107272603037
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

Auttaja · Apr 9, 2007

Terve, avaa kokonaan uusi ketju tuolle lokillesi niin neuvon, on sinulla siellä aika paljon korjattavaa. Ensimmäisenä lataa koneelle service pack 1 windows updaten kautta, muuten sen korjaaminen on yhtä tyhjän kanssa

-Auttaja

Log in or Sign up

Hitaus, pop up, ja varoitus viestejä

volvo240 Member

volvo240 Member

Auttaja Guest

volvo240 Member

volvo240 Member

Auttaja Guest

volvo240 Member

Auttaja Guest

Ninn Member

Auttaja Guest

Share This Page

Log in or Sign up

Hitaus, pop up, ja varoitus viestejä

volvo240 Member

volvo240 Member

Auttaja Guest

volvo240 Member

volvo240 Member

Auttaja Guest

volvo240 Member

Auttaja Guest

Ninn Member

Auttaja Guest

Share This Page

Useful Searches