hjt-loki

http://keskustelu.afterdawn.com/thread_view.cfm/593420

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:17:27, on 29.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\PF2\AVAST\aswUpdSv.exe
D:\PF2\AVAST\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
D:\PF2\AVAST\ashDisp.exe
D:\PF2\ctusbms.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\system32\spoolsv.exe
D:\PF2\CTFaMicetra.exe
C:\WINDOWS\system32\CTsvcCDA.exe
D:\PF2\VITUN KERIO\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\oodag.exe
D:\PF2\VITUN KERIO\Personal Firewall 4\kpf4gui.exe
D:\PF2\AVAST\ashMaiSv.exe
D:\PF2\AVAST\ashWebSv.exe
D:\PF2\VITUN KERIO\Personal Firewall 4\kpf4gui.exe
D:\PF2\FIREFOX\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files 3\adobe reader 6\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [avast!] D:\PF2\AVAST\ashDisp.exe
O4 - HKLM\..\Run: [CreativeMS2020] D:\PF2\ctusbms.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\PF2\AVAST\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\PF2\AVAST\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\PF2\AVAST\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\PF2\AVAST\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\PF2\VITUN KERIO\Personal Firewall 4\kpf4ss.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Windowhelp - Unknown owner - C:\RECYCLER\SVCHOST.EXE (file missing)

--
End of file - 5017 bytes

 

moi

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix.exe
combofix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.+ uusi hjt-loki
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

ComboFix logi

ComboFix 07-11-19.4C - Mikko 2007-12-01 13:37:18.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.682 [GMT 2:00]
Running from: C:\Documents and Settings\Mikko\Työpöytä\ComboFix.exe
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2007-11-01 to 2007-12-01 )))))))))))))))))
.

2007-11-29 20:50 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\ArcSoft
2007-11-29 20:05 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\Canon
2007-11-29 20:04 116,736 --a------ C:\WINDOWS\system32\CNMLM6f.DLL
2007-11-29 20:04 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2007-11-29 20:04 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-11-29 20:04 7,680 --a------ C:\WINDOWS\system32\CNMVS6f.DLL
2007-11-29 20:00 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\ScanSoft
2007-11-29 20:00 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\SSScanWizard
2007-11-29 20:00 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
2007-11-29 19:59 <KANSIO> d-------- C:\Program Files\ScanSoft
2007-11-29 19:59 <KANSIO> d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-11-29 19:58 <KANSIO> d-------- C:\Program Files\ArcSoft
2007-11-29 19:58 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-11-29 19:57 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-11-29 19:56 <KANSIO> d-------- C:\WINDOWS\StartHtmico
2007-11-29 19:56 <KANSIO> d-------- C:\WINDOWS\MP130,110
2007-11-29 19:56 557,056 --a------ C:\WINDOWS\system32\CNCC110.DLL
2007-11-29 19:56 389,180 --a------ C:\WINDOWS\system32\UCS32P.DLL
2007-11-29 19:56 94,208 --a------ C:\WINDOWS\system32\CNCL110.DLL
2007-11-29 19:56 90,112 --a------ C:\WINDOWS\system32\CNCI110.DLL
2007-11-29 19:56 49,152 --a------ C:\WINDOWS\system32\cncisco.dll
2007-11-29 19:55 <KANSIO> d-------- C:\Program Files\Canon
2007-11-29 14:16 <KANSIO> d-------- C:\Program Files\Trend Micro
2007-11-29 13:31 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-29 00:32 <KANSIO> d-------- C:\Program Files\Yahoo!
2007-11-28 20:26 <KANSIO> d-------- C:\Program Files\ExplorerXP
2007-11-28 17:57 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\AdobeUM
2007-11-28 17:55 <KANSIO> d-------- C:\WINDOWS\Cache
2007-11-27 01:13 22 --a------ C:\WINDOWS\system32\ati64hlp.stb
2007-11-24 22:02 63,547 --a--c--- C:\WINDOWS\system32\dllcache\sla30nd5.sys
2007-11-24 22:01 27,904 --a--c--- C:\WINDOWS\system32\dllcache\perm2.sys
2007-11-24 21:59 56,832 --a--c--- C:\WINDOWS\system32\dllcache\msdvbnp.ax
2007-11-24 21:59 51,328 --a--c--- C:\WINDOWS\system32\dllcache\msdv.sys
2007-11-24 21:59 35,200 --a--c--- C:\WINDOWS\system32\dllcache\msgame.sys
2007-11-24 21:59 22,016 --a--c--- C:\WINDOWS\system32\dllcache\msircomm.sys
2007-11-24 21:59 18,688 --a--c--- C:\WINDOWS\system32\dllcache\irsir.sys
2007-11-24 21:59 17,280 --a--c--- C:\WINDOWS\system32\dllcache\mraid35x.sys
2007-11-24 21:59 15,360 --a--c--- C:\WINDOWS\system32\dllcache\mpe.sys
2007-11-24 21:59 6,016 --a--c--- C:\WINDOWS\system32\dllcache\msfsio.sys
2007-11-24 21:58 907,584 --a--c--- C:\WINDOWS\system32\dllcache\hcf_msft.sys
2007-11-24 21:57 20,192 --a--c--- C:\WINDOWS\system32\dllcache\dpti2o.sys
2007-11-24 21:56 314,752 --a--c--- C:\WINDOWS\system32\dllcache\camdro21.sys
2007-11-24 21:56 66,082 --a--c--- C:\WINDOWS\system32\dllcache\c_21027.nls
2007-11-24 21:55 162,850 --a--c--- C:\WINDOWS\system32\dllcache\c_10001.nls
2007-11-24 21:55 84,480 --a--c--- C:\WINDOWS\system32\dllcache\ac97via.sys
2007-11-24 21:54 2,150,912 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2007-11-24 21:54 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2007-11-24 21:27 188,928 --a------ C:\WINDOWS\system32\vbuzip10.DLL
2007-11-24 21:27 167,683 --a------ C:\WINDOWS\system32\COMCT232.OCX
2007-11-24 21:27 159,744 --a------ C:\WINDOWS\system32\wt_menu.dll
2007-11-24 20:27 <KANSIO> d-------- C:\WINDOWS\SxsCaPendDel
2007-11-24 20:19 <KANSIO> d-------- C:\WINDOWS\system32\oodag
2007-11-20 16:01 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2007-11-20 16:01 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2007-11-20 16:01 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2007-11-20 16:01 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2007-11-20 16:01 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2007-11-20 16:01 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2007-11-20 16:01 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2007-11-20 16:01 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2007-11-20 16:01 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2007-11-20 16:01 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2007-11-20 16:01 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2007-11-20 16:01 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2007-11-17 18:35 <KANSIO> d-------- C:\Program Files\MSN Messenger
2007-11-09 16:32 <KANSIO> d-------- C:\Program Files\Microsoft IntelliType Pro
2007-11-06 18:12 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-11-02 10:43 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-11-02 10:43 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-01 10:59 --------- d-----w C:\Documents and Settings\Mikko\Application Data\foobar2000
2007-11-30 19:52 --------- d-----w C:\Documents and Settings\Mikko\Application Data\Skype
2007-11-29 17:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-28 15:57 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-28 15:47 --------- d-----w C:\Documents and Settings\Mikko\Application Data\OpenOffice.org2
2007-11-25 21:11 --------- d-----w C:\Program Files\Image-Line
2007-11-25 18:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-24 18:29 --------- d-----w C:\Program Files\Java
2007-11-23 18:00 --------- d-----w C:\Documents and Settings\Mikko\Application Data\Azureus
2007-11-20 14:03 334 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-11-06 18:19 --------- d-----w C:\Program Files\Creative
2007-11-02 08:49 --------- d-----w C:\Program Files\Symantec
2007-11-02 08:49 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-25 17:05 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-25 16:24 815,480 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-10-23 16:55 --------- d-----w C:\Program Files\VstPlugins
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 09:06]
"TransparentTaskBar"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-03 20:10]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 19:51]
"avast!"="D:\PF2\AVAST\ashDisp.exe" [2007-10-25 18:20]
"CreativeMS2020"="D:\PF2\ctusbms.exe" [2006-05-09 13:58]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 17:08]
"OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2007-05-11 02:08]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00]
"OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 10:29]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-14 15:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R3 ctms2020;Creative HID USB Filter Driver1;C:\WINDOWS\system32\DRIVERS\ctms2020.Sys
S2 Windowhelp;Windowhelp;C:\RECYCLER\SVCHOST.EXE

*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2007-11-10 00:38:06 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job"
- C:\Program Files\Microsoft IntelliType Pro\itype.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-01 13:42:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-01 13:44:41
.
--- E O F ---

 

Hjt-logi


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:51:08, on 1.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\PF2\AVAST\aswUpdSv.exe
D:\PF2\AVAST\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
D:\PF2\AVAST\ashDisp.exe
D:\PF2\ctusbms.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
D:\PF2\VITUN KERIO\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\oodag.exe
D:\PF2\VITUN KERIO\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
D:\PF2\AVAST\ashMaiSv.exe
D:\PF2\AVAST\ashWebSv.exe
D:\PF2\VITUN KERIO\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files 3\adobe reader 6\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [avast!] D:\PF2\AVAST\ashDisp.exe
O4 - HKLM\..\Run: [CreativeMS2020] D:\PF2\ctusbms.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\PF2\AVAST\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\PF2\AVAST\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\PF2\AVAST\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\PF2\AVAST\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\PF2\VITUN KERIO\Personal Firewall 4\kpf4ss.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Windowhelp - Unknown owner - C:\RECYCLER\SVCHOST.EXE (file missing)

--
End of file - 5866 bytes

 

ja sitten....

Paina Käynnistä ---> Suorita -->kirjoita(tai kopioi ja liitä) sc stop Windowhelp (pamauta enteriä )
Paina Käynnistä ---> Suorita -->kirjoita(tai kopioi ja liitä) sc delete Windowhelp (pamauta enteriä )


Lataa Atribunen ATF Cleaner

Ohjeet;

Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.
Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.

Jos käytät FireFoxia selaimenasiKlikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.

Jos käytät Operaa selaimenasi
Klikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)


ja....

Skannaa koneesi Kaspersky Online Skannerilla
Käytä Internet Explorer
Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.

• Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
• Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
• Klikkaa nyt asetuksia, Scan Settings
• Tarkista asetuksista, että seuraavat ovat valittuina:
  
  o Scan using the following Anti-Virus database:
  
  + Extended (Jos valittavissa, muuten valitse Standard)
  
  o Scan Options:
  
  + Scan Archives
  + Scan Mail Bases
  
• Klikkaa OK
• Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
• Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
• Klikkaa nyt Save as Text-painiketta.
• Tallenna tiedosto työpöydällesi.
• Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi.+ uusi hjt-loki

 

KASPERSKY logi.Tää ohjelma löysi 5 virusta ja 15 saastunutta tiedostoa.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, December 01, 2007 3:42:43 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 1/12/2007
Kaspersky Anti-Virus database records: 469757
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
G:\

Scan Statistics:
Total number of scanned objects: 95865
Number of viruses found: 5
Number of infected objects: 15
Number of suspicious objects: 0
Duration of the scan process: 01:10:43

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Sivuhistoria\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Mikko\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Mikko\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Mikko\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Mikko\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mikko\Local Settings\Temp\~DF5CCB.tmp Object is locked skipped
C:\Documents and Settings\Mikko\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mikko\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Mikko\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{04BCA563-791E-4BD4-8C50-C96CEC0C0F4A}\RP74\A0086418.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\System Volume Information\_restore{04BCA563-791E-4BD4-8C50-C96CEC0C0F4A}\RP85\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_690.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\PF2\AVAST\DATA\aswResp.dat Object is locked skipped
D:\PF2\AVAST\DATA\Avast4.db Object is locked skipped
D:\PF2\AVAST\DATA\integ\avast.int Object is locked skipped
D:\PF2\AVAST\DATA\log\AshWebSv.ws Object is locked skipped
D:\PF2\AVAST\DATA\log\aswMaiSv.log Object is locked skipped
D:\PF2\AVAST\DATA\log\nshield.log Object is locked skipped
D:\PF2\AVAST\DATA\report\Resident protection.txt Object is locked skipped
D:\PF2\VITUN KERIO\Personal Firewall 4\logs\debug.log Object is locked skipped
D:\PF2\VITUN KERIO\Personal Firewall 4\logs\debug.log.idx Object is locked skipped
D:\PF2\VITUN KERIO\Personal Firewall 4\logs\error.log Object is locked skipped
D:\PF2\VITUN KERIO\Personal Firewall 4\logs\error.log.idx Object is locked skipped
D:\PF2\VITUN KERIO\Personal Firewall 4\logs\hips.log Object is locked skipped
D:\PF2\VITUN KERIO\Personal Firewall 4\logs\hips.log.idx Object is locked skipped
D:\PF2\VITUN KERIO\Personal Firewall 4\logs\ids.log Object is locked skipped
D:\PF2\VITUN KERIO\Personal Firewall 4\logs\ids.log.idx Object is locked skipped
D:\PF2\VITUN KERIO\Personal Firewall 4\logs\network.log Object is locked skipped
D:\PF2\VITUN KERIO\Personal Firewall 4\logs\network.log.idx Object is locked skipped
D:\PF2\VITUN KERIO\Personal Firewall 4\logs\system.log Object is locked skipped
D:\PF2\VITUN KERIO\Personal Firewall 4\logs\system.log.idx Object is locked skipped
D:\PF2\VITUN KERIO\Personal Firewall 4\logs\warning.log Object is locked skipped
D:\PF2\VITUN KERIO\Personal Firewall 4\logs\warning.log.idx Object is locked skipped
D:\PF2\VITUN KERIO\Personal Firewall 4\logs\web.log Object is locked skipped
D:\PF2\VITUN KERIO\Personal Firewall 4\logs\web.log.idx Object is locked skipped
D:\Program Files3\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{04BCA563-791E-4BD4-8C50-C96CEC0C0F4A}\RP74\A0086420.exe Infected: Trojan.Win32.Chifrax.a skipped
D:\System Volume Information\_restore{04BCA563-791E-4BD4-8C50-C96CEC0C0F4A}\RP74\A0087122.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.617 skipped
D:\System Volume Information\_restore{04BCA563-791E-4BD4-8C50-C96CEC0C0F4A}\RP74\A0087122.exe mIRC: infected - 1 skipped
D:\System Volume Information\_restore{04BCA563-791E-4BD4-8C50-C96CEC0C0F4A}\RP74\A0087123.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.612 skipped
D:\System Volume Information\_restore{04BCA563-791E-4BD4-8C50-C96CEC0C0F4A}\RP74\A0087123.exe mIRC: infected - 1 skipped
D:\System Volume Information\_restore{04BCA563-791E-4BD4-8C50-C96CEC0C0F4A}\RP85\change.log Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004765.inf Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004766.ver Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004767.msi Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004768.inf Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004769.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004770.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004771.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004772.CAT Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004773.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004774.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004775.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004776.inf Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004777.ini Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004778.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004779.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004780.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004781.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004782.inf Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004783.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004784.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004785.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004786.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004787.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004788.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004789.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004790.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004791.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004792.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004793.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004794.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004795.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004796.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004797.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004798.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004799.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004800.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004801.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004802.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004803.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004804.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004805.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004806.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004807.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004808.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004809.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004810.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004811.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004812.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004813.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004814.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004815.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004816.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004817.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004818.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004819.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004820.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004821.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004822.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004823.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004824.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004825.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004826.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004827.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004828.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004829.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004830.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004831.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004832.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004833.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004834.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004835.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004836.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004837.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004838.tlb Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004839.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004840.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004841.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004842.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004843.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004844.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004845.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004846.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004847.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004848.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004849.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004850.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004851.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004852.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004853.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004854.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004855.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004856.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004857.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004858.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004859.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004860.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004861.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004862.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004863.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004864.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004865.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004866.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004867.sys Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004868.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004869.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004870.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004871.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004872.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004873.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004874.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004875.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004876.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004877.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004878.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004879.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004880.cat Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004881.sys Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004882.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004883.com Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004884.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004885.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004886.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004887.ocx Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004888.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004889.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004890.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004891.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004892.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004893.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004894.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004895.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004896.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004897.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004898.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004899.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004900.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004901.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004902.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004903.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004904.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004905.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004906.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004907.tlb Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004908.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004909.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004910.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004911.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004912.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004913.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004914.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004915.msc Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004916.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004917.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004918.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004919.cmd Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004920.mof Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004921.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004922.sys Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004923.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004924.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004925.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004926.msi Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004927.inf Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004928.inf Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004929.inf Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004930.sif Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004931.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004932.inf Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004933.inf Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004934.inf Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004935.inf Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004936.inf Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004937.inf Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004938.inf Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004939.inf Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004940.inf Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004941.inf Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004942.inf Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004943.inf Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004944.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004945.cat Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004946.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004947.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004948.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004949.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004950.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004951.msi Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004952.inf Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004953.inf Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004954.inf Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004955.sif Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004956.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004957.inf Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004958.inf Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004959.inf Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004960.inf Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004961.inf Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004962.inf Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004963.inf Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004964.inf Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004965.inf Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004966.inf Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004967.inf Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004968.inf Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004969.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004970.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004971.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004972.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004973.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004974.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004975.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004976.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004977.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004978.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004979.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004980.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004981.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004982.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004983.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004984.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004985.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004986.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004987.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004988.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004989.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004990.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004991.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004992.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004993.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004994.sdb Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004995.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004996.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004997.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004998.ini Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0004999.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0005000.inf Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0005001.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0005002.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0005003.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0005004.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0005005.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0005006.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0005007.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0005008.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0005009.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0005010.ini Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0005011.ini Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0005012.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0005013.cat Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0005014.cat Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0005015.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0005016.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0005017.cat Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0005018.cat Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0005019.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0005020.cat Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0005021.cat Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0005022.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0005023.cat Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0005024.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0005025.cat Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0005026.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0005027.cat Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0005028.cat Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0005029.cat Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0005030.cat Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0005031.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0005032.cat Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0005033.exe Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0005034.dll Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0005035.wa_ Object is locked skipped
D:\System Volume Information\_restore{E844C0F5-C6F7-44DE-B029-212A1F778DE8}\RP8\A0005036.wa_ Object is locked skipped
G:\asennus paketteja\Cdvd.exe/stream/data0013 Infected: not-a-virus:AdWare.Win32.MyWay.j skipped
G:\asennus paketteja\Cdvd.exe/stream/data0014 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
G:\asennus paketteja\Cdvd.exe/stream Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
G:\asennus paketteja\Cdvd.exe NSIS: infected - 3 skipped
G:\asennus paketteja\Mikkoxor\bsplayer212.941_music.exe/data0012 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
G:\asennus paketteja\Mikkoxor\bsplayer212.941_music.exe NSIS: infected - 1 skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\_restore{04BCA563-791E-4BD4-8C50-C96CEC0C0F4A}\RP85\change.log Object is locked skipped
G:\System Volume Information\_restore{FA827651-C2B1-473A-9909-5D87ABC2D91B}\RP97\A0014814.exe/data0011 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
G:\System Volume Information\_restore{FA827651-C2B1-473A-9909-5D87ABC2D91B}\RP97\A0014814.exe NSIS: infected - 1 skipped

Scan process completed.

 

Ja hjt-loki

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:52:56, on 1.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\PF2\AVAST\aswUpdSv.exe
D:\PF2\AVAST\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
D:\PF2\AVAST\ashDisp.exe
D:\PF2\ctusbms.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
D:\PF2\VITUN KERIO\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\oodag.exe
D:\PF2\VITUN KERIO\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
D:\PF2\AVAST\ashMaiSv.exe
D:\PF2\AVAST\ashWebSv.exe
D:\PF2\VITUN KERIO\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\explorer.exe
D:\PF2\Firefox\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files 3\adobe reader 6\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [avast!] D:\PF2\AVAST\ashDisp.exe
O4 - HKLM\..\Run: [CreativeMS2020] D:\PF2\ctusbms.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\PF2\AVAST\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\PF2\AVAST\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\PF2\AVAST\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\PF2\AVAST\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\PF2\VITUN KERIO\Personal Firewall 4\kpf4ss.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

--
End of file - 5960 bytes

 

jep
suurin osa niistä on järjestelmä palautuksessa

poista kansiot/tiedostot:
G:\asennus paketteja\Cdvd.exe
G:\asennus paketteja\Mikkoxor\bsplayer212.941_music.exe

Tyhjennä roskakori

Putsaa järjestelmän palautus:
1. Klikkaa oikealla käynnistävalikon My Computer- tai oma tietokone-kuvaketta
2. Valitse Properties/ominaisuudet
3. Valitse System Restore/järjestelmän palauttaminen välilehti
4. Valitse "Turn off System Restore"/poista järjestelmän palauttaminen kaikissa asemissa
5. Paina Apply/käytä
6. Paina OK
7. Käynnistä kone uudelleen
8. Palauta asetukset takaisin


vielä ongelmia??

 

Tarkoitatko asetuksien palauttamisella, että painan omatietokone->ominaisuudet-järjästelmän palauttaminen ja sieltä otan pois "ruksin" kohdasta järjästelmän palauttaminen käytössä kaikissa asemissa ja OK?

 

Putsaa järjestelmän palautus:

1. Klikkaa oikealla oma tietokone-kuvaketta (hiiren oikealla napilla)
2. Valitse ominaisuudet (alin vaihtoehto)
3. Valitse järjestelmän palauttaminen välilehti
4. Valitse poista järjestelmän palauttaminen käytöstä (laita ruksi)
5. Paina käytä
6. Paina OK
7. Käynnistä kone uudelleen
8. Palauta asetukset takaisin(ota ruksi pois)

 

Joo tuota tarkoitin.

Kone sammui 5minuutissa äsken.Onko se normaali sammumis aika?

 

ei nyt ihan normia ole,jos se oli silloin ku putsasit järjestelmän palautus nii sit oli suht normia

 

Kokeilen sammuttamista 1h päästä.Nyt sammui nopeaa, mutta on ennenkin sammunut nopeaa, jos kone on ollut päällä vähemmän ku 10min.

Eli nyt koneella ei ainakaan pitäisi olla mitään haittaohjelmia?

Kiitos paljon avusta.

 

jep,puhas on
ole hyvä

 

Nyt meni sen tunnin päälläolon jälkee vajaa 4min toivotaan, että se pysyy tässä, eikä sammumis aika kasva samassasuhteessa päälläolo ajan kanssa.No pääasia, että kone on puhdas.

Kiitos vielä kerran

 

säädä kone nekon ohjeitten mukaisesti
http://neko.1g.fi/ohje/hidastelua.html
jos auttais

 

Joo olen oikeastaan kokeillut kaikkea mitä tuolla on neuvottu.
Eheytän C aseman uudestaan toivottavasti se auttaa.


C aseman eheytyksen jälkeen kone sammuu alle 3min muutaman tunnin päälläolon jälkeen.Ihan siedettävä aika minusta.