konejumittaa prosessorin käyttö 100%

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by mikrosiru, Nov 22, 2006.

Thread Status:
Not open for further replies.
Page 1 of 2
  1. mikrosiru

    mikrosiru Member

    Joined:
    Sep 11, 2006
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    16
    juu eli kone heittää aivan juntturaan ja valittelee aina sillon tällön jostain rekisteriin liittyvistä jutuista. mitä pitäs tehä? ja miten muuten ton sp2 päivityksen saa tai mistä?

    Logfile of HijackThis v1.99.1
    Scan saved at 0:19:55, on 23.11.2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\MSMSGS.EXE
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
    C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    C:\Program Files\F-Secure\Common\FIH32.EXE
    C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\hijack\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0B0175ED-CDE6-4426-9CBC-5815EB465C0A} - C:\WINDOWS\System32\pmkhh.dll
    O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
    O2 - BHO: (no name) - {9A36CEDC-2619-43F0-8108-50A321AD3057} - C:\WINDOWS\System32\opnnkjk.dll
    O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: opnnkjk - C:\WINDOWS\SYSTEM32\opnnkjk.dll
    O20 - Winlogon Notify: pmkhh - C:\WINDOWS\System32\pmkhh.dll
    O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
     
    mikrosiru, Nov 22, 2006
    #1
  2. mikrosiru

    mikrosiru Member

    Joined:
    Sep 11, 2006
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    16
    ja heittää aina välistä winantivirus selaimen auki kun on netissä...
     
    mikrosiru, Nov 22, 2006
    #2
  3. Hujo

    Hujo Guest

    1.Lataa combofix.exe http://download.bleepingcomputer.com/sUBs/combofix.exe
    tiedosto työpöydällesi.
    2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
    3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.


    Lataa SmitfraudFix (c) S!Ri http://siri.urz.free.fr/Fix/SmitfraudFix.zip
    Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:

    Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
    Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
    Postita tämän tekstitiedoston sisältö viestiketjuusi.

    Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää.

    lähetä:
    compofix loki
    smitfraudfix loki
    Hjt loki
     
    Hujo, Nov 22, 2006
    #3
  4. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Aja combofix tarkalleen näin niin lähtee vundo samalla:

    käynnistä -> suorita

    kirjoita

    "%userprofile%/työpöytä/combofix.exe" /v opnnkjk pmkhh (jos enkkuwinukka, korvaa työpöytä -> desktop)

    Ja klikkaa ok

    Kun valmis, käynnistä kone uudelleen.
     
    Last edited: Nov 22, 2006
    -kemisti-, Nov 22, 2006
    #4
  5. mikrosiru

    mikrosiru Member

    Joined:
    Sep 11, 2006
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    16
    combofix logi




    Mikko - 06-11-23 11:45:32,31 Service Pack 2
    ComboFix 06.11.22 - Running from: "C:\Documents and Settings\Mikko\Ty”p”yt„"

    ((((((((((((((((((((((((((((((( Files Created from 2006-10-23 to 2006-11-23 ))))))))))))))))))))))))))))))))))


    2006-11-23 07:41 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
    2006-11-23 07:35 <KANSIO> d-------- C:\WINDOWS\Prefetch
    2006-11-23 03:29 <KANSIO> d-------- C:\WINDOWS\LastGood.Tmp
    2006-11-23 03:15 <KANSIO> d-------- C:\WINDOWS\provisioning
    2006-11-23 03:15 <KANSIO> d-------- C:\WINDOWS\peernet
    2006-11-23 03:07 <KANSIO> d-------- C:\WINDOWS\ServicePackFiles
    2006-11-23 02:53 <KANSIO> d-------- C:\WINDOWS\system32\ReinstallBackups
    2006-11-23 02:44 <KANSIO> d-------- C:\WINDOWS\EHome
    2006-11-23 02:06 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
    2006-11-23 00:16 <KANSIO> d-------- C:\hijack
    2006-11-21 19:52 <KANSIO> d--h----- C:\WINDOWS\PIF
    2006-11-21 14:29 <KANSIO> d-------- C:\Program Files\Ahead
    2006-11-21 14:01 <KANSIO> d-------- C:\WINDOWS\RegisteredPackages
    2006-11-21 13:58 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    2006-11-21 08:44 624,632 ---hs---- C:\WINDOWS\system32\hhkmp.ini2
    2006-11-20 16:36 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\Real
    2006-11-19 23:21 1,432 --a------ C:\WINDOWS\system32\tmp.reg
    2006-11-19 23:08 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
    2006-11-19 23:07 <KANSIO> d-------- C:\Program Files\WinZip
    2006-11-19 21:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
    2006-11-19 21:17 <KANSIO> d-------- C:\Program Files\Microsoft.NET
    2006-11-19 21:15 <KANSIO> d-------- C:\Program Files\Microsoft Works
    2006-11-19 21:15 <KANSIO> d-------- C:\Program Files\Common Files\DESIGNER
    2006-11-19 21:14 <KANSIO> d-------- C:\Program Files\Microsoft Visual Studio
    2006-11-19 21:13 <KANSIO> d-------- C:\WINDOWS\SHELLNEW
    2006-11-19 21:12 <KANSIO> d-------- C:\Program Files\Microsoft Office
    2006-11-19 20:54 <KANSIO> d-------- C:\WINDOWS\Downloaded Installations
    2006-11-19 00:37 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\SearchToolbarCorp
    2006-11-18 22:36 619,649 ---hs---- C:\WINDOWS\system32\hhkmp.bak2
    2006-11-18 22:36 110,612 --a------ C:\WINDOWS\system32\vdlgrndp.exe
    2006-11-18 22:36 <KANSIO> d-------- C:\Program Files\VSAdd-in
    2006-11-18 11:41 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
    2006-11-18 11:41 330,752 --a------ C:\WINDOWS\system32\ipnathlp.dll
    2006-11-18 11:41 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
    2006-11-18 11:25 947,472 --a------ C:\WINDOWS\system32\msjava.dll
    2006-11-18 11:25 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
    2006-11-18 11:25 49,424 --a------ C:\WINDOWS\system32\clspack.exe
    2006-11-18 11:25 46,352 --a------ C:\WINDOWS\setdebug.exe
    2006-11-18 11:25 404,752 --a------ C:\WINDOWS\system32\javart.dll
    2006-11-18 11:25 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
    2006-11-18 11:25 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
    2006-11-18 11:25 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
    2006-11-18 11:25 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
    2006-11-18 11:25 172,304 --a------ C:\WINDOWS\system32\jview.exe
    2006-11-18 11:25 171,792 --a------ C:\WINDOWS\system32\wjview.exe
    2006-11-18 11:25 171,280 --a------ C:\WINDOWS\system32\jit.dll
    2006-11-18 11:25 154,384 --a------ C:\WINDOWS\system32\msawt.dll
    2006-11-18 11:25 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
    2006-11-18 11:25 139,536 --a------ C:\WINDOWS\system32\javaee.dll
    2006-11-18 11:25 113 --a------ C:\WINDOWS\system32\zonedon.reg
    2006-11-18 11:25 113 --a------ C:\WINDOWS\system32\zonedoff.reg
    2006-11-18 11:02 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Adobe
    2006-11-18 04:21 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\Macromedia
    2006-11-18 01:10 <KANSIO> d-------- C:\Program Files\Adobe
    2006-11-18 00:45 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\Adobe
    2006-11-18 00:44 <KANSIO> d-------- C:\Program Files\Common Files\Adobe
    2006-11-18 00:29 <KANSIO> d-------- C:\Documents and Settings\Mikko\Contacts
    2006-11-18 00:27 <KANSIO> d-------- C:\WINDOWS\system32\DRVSTORE
    2006-11-18 00:27 <KANSIO> d-------- C:\Program Files\MSN Messenger
    2006-11-18 00:19 <KANSIO> d--h----- C:\Program Files\InstallShield Installation Information
    2006-11-18 00:18 <KANSIO> d-------- C:\Program Files\Common Files\InstallShield
    2006-11-18 00:01 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
    2006-11-17 22:41 <KANSIO> d---s---- C:\Documents and Settings\Mikko\UserData
    2006-11-17 22:36 110,612 --a------ C:\WINDOWS\system32\fmcixqks.exe
    2006-11-17 22:35 615,177 ---hs---- C:\WINDOWS\system32\hhkmp.bak1
    2006-11-17 22:19 <KANSIO> d-------- C:\mikko
    2006-11-17 22:13 <KANSIO> d-------- C:\WINDOWS\system32\bits
    2006-11-17 22:11 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
    2006-11-17 22:11 <KANSIO> d--h----- C:\WINDOWS\$hf_mig$
    2006-11-17 22:11 <KANSIO> d-------- C:\WINDOWS\system32\PreInstall
    2006-11-17 21:59 40,973 ---hs---- C:\WINDOWS\system32\opnnkjk.dll
    2006-11-17 21:48 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
    2006-11-17 21:48 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
    2006-11-17 21:48 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
    2006-11-17 21:48 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
    2006-11-17 21:45 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\Mozilla
    2006-11-17 21:44 <KANSIO> d-------- C:\Program Files\Mozilla Firefox
    2006-11-17 21:41 <KANSIO> d-------- C:\WINDOWS\system32\SoftwareDistribution
    2006-11-17 21:41 <KANSIO> d-------- C:\mozilla
    2006-11-17 21:39 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
    2006-11-17 21:39 41,240 --a------ C:\WINDOWS\system32\wups.dll
    2006-11-17 21:39 194,840 --a------ C:\WINDOWS\system32\wuaueng1.dll
    2006-11-17 21:39 173,848 --a------ C:\WINDOWS\system32\wuauclt1.exe
    2006-11-17 21:39 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
    2006-11-17 21:39 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
    2006-11-17 21:39 <KANSIO> d-------- C:\WINDOWS\SoftwareDistribution
    2006-11-17 21:35 692,276 ---hs---- C:\WINDOWS\system32\pmkhh.dll
    2006-11-17 21:18 68,752 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
    2006-11-17 21:18 26,928 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
    2006-11-17 21:17 118,784 -r------- C:\WINDOWS\bwUnin-6.3.2.62-7681197L.exe
    2006-11-17 21:14 <KANSIO> d-------- C:\Program Files\F-Secure
    2006-11-17 18:20 40,973 ---hs---- C:\WINDOWS\system32\awtqnkh.dll
    2006-11-17 15:52 <KANSIO> d--hs---- C:\Recycled
    2006-11-17 15:46 66,591 --a------ C:\WINDOWS\system32\drivers\el90xbc5.sys
    2006-11-17 02:37 <KANSIO> d---s---- C:\WINDOWS\system32\Microsoft
    2006-11-17 02:29 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
    2006-11-17 02:28 75,264 --a------ C:\WINDOWS\system32\MACDec.dll
    2006-11-17 02:28 679,936 --a------ C:\WINDOWS\system32\xvidcore.dll
    2006-11-17 02:28 45,568 --a------ C:\WINDOWS\system32\huffyuv.dll
    2006-11-17 02:28 446,464 --a------ C:\WINDOWS\system32\vp31vfw.dll
    2006-11-17 02:28 438,272 --a------ C:\WINDOWS\system32\vp6vfw.dll
    2006-11-17 02:28 421,888 --a------ C:\WINDOWS\system32\OpenQuicktimeLib.dll
    2006-11-17 02:28 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
    2006-11-17 02:28 413,760 --a------ C:\WINDOWS\system32\DivXc32f.dll
    2006-11-17 02:28 413,760 --a------ C:\WINDOWS\system32\DivXc32.dll
    2006-11-17 02:28 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
    2006-11-17 02:28 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
    2006-11-17 02:28 338,432 --a------ C:\WINDOWS\system32\ir41_qcx.dll
    2006-11-17 02:28 286,720 --a------ C:\WINDOWS\system32\3ivxVfWCodec.dll
    2006-11-17 02:28 245,408 --a------ C:\WINDOWS\system32\unicows.dll
    2006-11-17 02:28 200,192 --a------ C:\WINDOWS\system32\Ir50_qc.dll
    2006-11-17 02:28 19,968 --a------ C:\WINDOWS\system32\cpuinf32.dll
    2006-11-17 02:28 183,808 --a------ C:\WINDOWS\system32\Ir50_qcx.dll
    2006-11-17 02:28 155,648 --a------ C:\WINDOWS\system32\xvidvfw.dll
    2006-11-17 02:28 120,320 --a------ C:\WINDOWS\system32\ir41_qc.dll
    2006-11-17 02:28 1,824,768 --a------ C:\WINDOWS\system32\divx.dll
    2006-11-17 02:28 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll
    2006-11-17 02:28 1,024,000 --a------ C:\WINDOWS\system32\3ivx.dll
    2006-11-17 02:28 <KANSIO> d-------- C:\WINDOWS\system32\QuickTime
    2006-11-17 02:26 <KANSIO> d-------- C:\klm codec
    2006-11-17 02:18 <KANSIO> d--hs---- C:\WINDOWS\Installer
    2006-11-17 02:17 <KANSIO> dr-h----- C:\Documents and Settings\Mikko\SendTo
    2006-11-17 02:17 <KANSIO> dr-h----- C:\Documents and Settings\Mikko\Recent
    2006-11-17 02:17 <KANSIO> dr-h----- C:\Documents and Settings\Mikko\Application Data\.
    2006-11-17 02:17 <KANSIO> dr-h----- C:\Documents and Settings\Mikko\Application Data
    2006-11-17 02:17 <KANSIO> dr------- C:\Documents and Settings\Mikko\Suosikit
    2006-11-17 02:17 <KANSIO> dr------- C:\Documents and Settings\Mikko\Omat tiedostot
    2006-11-17 02:17 <KANSIO> dr------- C:\Documents and Settings\Mikko\K„ynnist„-valikko
    2006-11-17 02:17 <KANSIO> d--h----- C:\Program Files\Uninstall Information
    2006-11-17 02:17 <KANSIO> d--h----- C:\Documents and Settings\Mikko\Verkkoymp„rist”
    2006-11-17 02:17 <KANSIO> d--h----- C:\Documents and Settings\Mikko\Tulostinymp„rist”
    2006-11-17 02:17 <KANSIO> d--h----- C:\Documents and Settings\Mikko\Mallit
    2006-11-17 02:17 <KANSIO> d--h----- C:\Documents and Settings\Mikko\Local Settings
    2006-11-17 02:17 <KANSIO> d---s---- C:\Documents and Settings\Mikko\Cookies
    2006-11-17 02:17 <KANSIO> d---s---- C:\Documents and Settings\Mikko\Application Data\Microsoft
    2006-11-17 02:17 <KANSIO> d-------- C:\Documents and Settings\Mikko\Ty”p”yt„
    2006-11-17 02:17 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\Identities
    2006-11-17 02:17 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\..
    2006-11-17 02:17 <KANSIO> d-------- C:\Documents and Settings\Mikko\..
    2006-11-17 02:17 <KANSIO> d-------- C:\Documents and Settings\Mikko\.
    2006-11-17 02:15 <KANSIO> d--hs---- C:\System Volume Information
    2006-11-17 02:10 0 -rahs---- C:\MSDOS.SYS
    2006-11-17 02:10 0 -rahs---- C:\IO.SYS
    2006-11-17 02:10 0 --a------ C:\CONFIG.SYS
    2006-11-17 02:10 0 --a------ C:\AUTOEXEC.BAT
    2006-11-17 02:10 <KANSIO> d-------- C:\WINDOWS\system32\xircom
    2006-11-17 02:10 <KANSIO> d-------- C:\Program Files\xerox
    2006-11-17 02:10 <KANSIO> d-------- C:\Program Files\microsoft frontpage
    2006-11-17 02:09 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
    2006-11-17 02:08 <KANSIO> dr------- C:\WINDOWS\Offline Web Pages
    2006-11-17 02:08 <KANSIO> d--hs---- C:\Documents and Settings\All Users\DRM
    2006-11-17 02:08 <KANSIO> d---s---- C:\WINDOWS\Downloaded Program Files
    2006-11-17 02:07 <KANSIO> d-------- C:\WINDOWS\system32\DirectX
    2006-11-17 02:06 86,016 --a------ C:\WINDOWS\system32\isign32.dll
    2006-11-17 02:06 81,920 --a------ C:\WINDOWS\system32\ils.dll
    2006-11-17 02:06 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
    2006-11-17 02:06 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
    2006-11-17 02:06 69,632 --a------ C:\WINDOWS\system32\msconf.dll
    2006-11-17 02:06 67,584 --a------ C:\WINDOWS\system32\srclient.dll
    2006-11-17 02:06 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
    2006-11-17 02:06 64,512 --a------ C:\WINDOWS\system32\acctres.dll
    2006-11-17 02:06 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
    2006-11-17 02:06 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
    2006-11-17 02:06 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
    2006-11-17 02:06 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
    2006-11-17 02:06 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
    2006-11-17 02:06 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
    2006-11-17 02:06 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
    2006-11-17 02:06 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
    2006-11-17 02:06 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
    2006-11-17 02:06 278,528 --a------ C:\WINDOWS\system32\inetcfg.dll
    2006-11-17 02:06 276,480 --a------ C:\WINDOWS\system32\mstask.dll
    2006-11-17 02:06 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
    2006-11-17 02:06 240,640 --a------ C:\WINDOWS\system32\srrstr.dll
    2006-11-17 02:06 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
    2006-11-17 02:06 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
    2006-11-17 02:06 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
    2006-11-17 02:06 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
    2006-11-17 02:06 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
    2006-11-17 02:06 11,264 --a------ C:\WINDOWS\system32\atrace.dll
    2006-11-17 02:06 <KANSIO> d---s---- C:\WINDOWS\Tasks
    2006-11-17 02:06 <KANSIO> d-------- C:\WINDOWS\system32\Restore
    2006-11-17 02:06 <KANSIO> d-------- C:\WINDOWS\system32\Macromed
    2006-11-17 02:06 <KANSIO> d-------- C:\WINDOWS\srchasst
    2006-11-17 02:06 <KANSIO> d-------- C:\WINDOWS\PCHealth
    2006-11-17 02:06 <KANSIO> d-------- C:\Program Files\Outlook Express
    2006-11-17 02:06 <KANSIO> d-------- C:\Program Files\NetMeeting
    2006-11-17 02:06 <KANSIO> d-------- C:\Program Files\Movie Maker
    2006-11-17 02:06 <KANSIO> d-------- C:\Program Files\Internet Explorer
    2006-11-17 02:06 <KANSIO> d-------- C:\Program Files\Common Files\System
    2006-11-17 02:06 <KANSIO> d-------- C:\Program Files\Common Files\Services
    2006-11-17 02:06 <KANSIO> d-------- C:\Program Files\Common Files\MSSoap
    2006-11-17 02:05 <KANSIO> d-------- C:\WINDOWS\Registration
    2006-11-17 02:05 <KANSIO> d-------- C:\Program Files\ComPlus Applications
    2006-11-17 02:04 73,216 --a------ C:\WINDOWS\system32\avwav.dll
    2006-11-17 02:04 605,696 --a------ C:\WINDOWS\system32\getuname.dll
    2006-11-17 02:04 5,632 --a------ C:\WINDOWS\system32\write.exe
    2006-11-17 02:04 44,544 --a------ C:\WINDOWS\system32\hticons.dll
    2006-11-17 02:04 35,328 --a------ C:\WINDOWS\system32\winchat.exe
    2006-11-17 02:04 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
    2006-11-17 02:04 186,368 --a------ C:\WINDOWS\system32\accwiz.exe
    2006-11-17 02:04 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
    2006-11-17 02:04 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
    2006-11-17 02:04 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
    2006-11-17 02:04 <KANSIO> d--h----- C:\Program Files\WindowsUpdate
    2006-11-17 02:04 <KANSIO> d-------- C:\Program Files\Windows Media Player
    2006-11-17 02:04 <KANSIO> d-------- C:\Program Files\Online Services
    2006-11-17 02:04 <KANSIO> d-------- C:\Program Files\MSN Gaming Zone
    2006-11-17 02:04 <KANSIO> d-------- C:\Program Files\Messenger
    2006-11-17 02:03 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
    2006-11-17 02:03 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
    2006-11-17 02:03 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
    2006-11-17 02:03 9,728 --a------ C:\WINDOWS\system32\reset.exe
    2006-11-17 02:03 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
    2006-11-17 02:03 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
    2006-11-17 02:03 80,896 --a------ C:\WINDOWS\system32\charmap.exe
    2006-11-17 02:03 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
    2006-11-17 02:03 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
    2006-11-17 02:03 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
    2006-11-17 02:03 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
    2006-11-17 02:03 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
    2006-11-17 02:03 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
    2006-11-17 02:03 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
    2006-11-17 02:03 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
    2006-11-17 02:03 56,832 --a------ C:\WINDOWS\system32\sol.exe
    2006-11-17 02:03 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
    2006-11-17 02:03 55,296 --a------ C:\WINDOWS\system32\freecell.exe
    2006-11-17 02:03 540,160 --a------ C:\WINDOWS\system32\comuid.dll
    2006-11-17 02:03 54,272 --a------ C:\WINDOWS\system32\stclient.dll
    2006-11-17 02:03 538,624 --a------ C:\WINDOWS\system32\spider.exe
    2006-11-17 02:03 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
    2006-11-17 02:03 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
    2006-11-17 02:03 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
    2006-11-17 02:03 404,992 --a------ C:\WINDOWS\system32\mstsc.exe
    2006-11-17 02:03 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
    2006-11-17 02:03 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
    2006-11-17 02:03 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
    2006-11-17 02:03 39,424 --a------ C:\WINDOWS\system32\cfgbkend.dll
    2006-11-17 02:03 344,064 --a------ C:\WINDOWS\system32\mspaint.exe
    2006-11-17 02:03 33,792 --a------ C:\WINDOWS\system32\regini.exe
    2006-11-17 02:03 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
    2006-11-17 02:03 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
    2006-11-17 02:03 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
    2006-11-17 02:03 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
    2006-11-17 02:03 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
    2006-11-17 02:03 21,504 --a------ C:\WINDOWS\system32\msg.exe
    2006-11-17 02:03 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
    2006-11-17 02:03 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
    2006-11-17 02:03 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
    2006-11-17 02:03 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
    2006-11-17 02:03 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
    2006-11-17 02:03 17,408 --a------ C:\WINDOWS\system32\tsshutdn.exe
    2006-11-17 02:03 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
    2006-11-17 02:03 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
    2006-11-17 02:03 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
    2006-11-17 02:03 16,384 --a------ C:\WINDOWS\system32\tskill.exe
    2006-11-17 02:03 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
    2006-11-17 02:03 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
    2006-11-17 02:03 15,360 --a------ C:\WINDOWS\system32\tscon.exe
    2006-11-17 02:03 15,360 --a------ C:\WINDOWS\system32\logoff.exe
    2006-11-17 02:03 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
    2006-11-17 02:03 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
    2006-11-17 02:03 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
    2006-11-17 02:03 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
    2006-11-17 02:03 14,848 --a------ C:\WINDOWS\system32\shadow.exe
    2006-11-17 02:03 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
    2006-11-17 02:03 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
    2006-11-17 02:03 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
    2006-11-17 02:03 124,696 --a------ C:\WINDOWS\system32\wuauclt.exe
    2006-11-17 02:03 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
    2006-11-17 02:03 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
    2006-11-17 02:03 119,808 --a------ C:\WINDOWS\system32\winmine.exe
    2006-11-17 02:03 114,688 --a------ C:\WINDOWS\system32\calc.exe
    2006-11-17 02:03 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
    2006-11-17 02:03 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
    2006-11-17 02:03 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
    2006-11-17 02:03 102,400 --a------ C:\WINDOWS\system32\clipbrd.exe
    2006-11-17 02:03 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
    2006-11-17 02:03 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
    2006-11-17 02:03 <KANSIO> d-------- C:\WINDOWS\system32\MsDtc
    2006-11-17 02:03 <KANSIO> d-------- C:\WINDOWS\system32\Com
    2006-11-17 02:03 <KANSIO> d-------- C:\Program Files\Windows NT
    2006-11-17 02:03 <KANSIO> d-------- C:\Program Files\MSN
    2006-11-17 01:58 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
    2006-11-17 01:58 7,552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
    2006-11-17 01:58 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
    2006-11-17 01:58 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
    2006-11-17 01:58 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
    2006-11-17 01:58 5,376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
    2006-11-17 01:58 4,992 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
    2006-11-17 01:58 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
    2006-11-17 01:58 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
    2006-11-17 01:58 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
    2006-11-17 01:57 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
    2006-11-17 01:57 57,216 --a------ C:\WINDOWS\system32\drivers\redbook.sys
    2006-11-17 01:57 33,599 --a------ C:\WINDOWS\system32\drivers\wATV04nt.sys
    2006-11-17 01:57 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
    2006-11-17 01:57 29,311 --a------ C:\WINDOWS\system32\drivers\wATV01nt.sys
    2006-11-17 01:57 23,615 --a------ C:\WINDOWS\system32\drivers\wCh7xxNT.sys
    2006-11-17 01:57 19,551 --a------ C:\WINDOWS\system32\drivers\wATV02NT.sys
    2006-11-17 01:57 19,455 --a------ C:\WINDOWS\system32\drivers\wVchNTxx.sys
    2006-11-17 01:57 12,415 --a------ C:\WINDOWS\system32\drivers\wADV01nt.sys
    2006-11-17 01:57 12,127 --a------ C:\WINDOWS\system32\drivers\wADV02NT.sys
    2006-11-17 01:57 12,063 --a------ C:\WINDOWS\system32\drivers\wSiINTxx.sys
    2006-11-17 01:57 11,775 --a------ C:\WINDOWS\system32\drivers\wADV05NT.sys
    2006-11-17 01:56 96,256 --a------ C:\WINDOWS\system32\drivers\ac97intc.sys
    2006-11-17 01:56 74,240 --a------ C:\WINDOWS\system32\usbui.dll
    2006-11-17 01:56 702,845 --a------ C:\WINDOWS\system32\i81xdnt5.dll
    2006-11-17 01:56 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
    2006-11-17 01:56 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
    2006-11-17 01:56 2,944 --a------ C:\WINDOWS\system32\drivers\msmpu401.sys
    2006-11-17 01:56 161,020 --a------ C:\WINDOWS\system32\drivers\i81xnt5.sys
    2006-11-17 01:56 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
    2006-11-17 01:56 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
    2006-11-17 01:54 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
    2006-11-17 01:54 9,008 --a------ C:\WINDOWS\system\VER.DLL
    2006-11-17 01:54 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
    2006-11-17 01:54 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
    2006-11-17 01:54 8,704 --a------ C:\WINDOWS\system32\batt.dll
    2006-11-17 01:54 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
    2006-11-17 01:54 74,240 --a------ C:\WINDOWS\system32\storprop.dll
    2006-11-17 01:54 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
    2006-11-17 01:54 69,856 --a------ C:\WINDOWS\system\AVICAP.DLL
    2006-11-17 01:54 69,632 --a------ C:\WINDOWS\notepad.exe
    2006-11-17 01:54 68,768 --a------ C:\WINDOWS\system\mmsystem.dll
    2006-11-17 01:54 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
    2006-11-17 01:54 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
    2006-11-17 01:54 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
    2006-11-17 01:54 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
    2006-11-17 01:54 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
    2006-11-17 01:54 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
    2006-11-17 01:54 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
    2006-11-17 01:54 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
    2006-11-17 01:54 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
    2006-11-17 01:54 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
    2006-11-17 01:54 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
    2006-11-17 01:54 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
    2006-11-17 01:54 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
    2006-11-17 01:54 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
    2006-11-17 01:54 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
    2006-11-17 01:54 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
    2006-11-17 01:54 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
    2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
    2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
    2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
    2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
    2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
    2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
    2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
    2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
    2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
    2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
    2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
    2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
    2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
    2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
    2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
    2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
    2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
    2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
    2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
    2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
    2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
    2006-11-17 01:54 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
    2006-11-17 01:54 33,120 --a------ C:\WINDOWS\system\COMMDLG.DLL
    2006-11-17 01:54 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
    2006-11-17 01:54 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
    2006-11-17 01:54 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
    2006-11-17 01:54 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
    2006-11-17 01:54 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
    2006-11-17 01:54 13,312 --a------ C:\WINDOWS\system32\irclass.dll
    2006-11-17 01:54 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
    2006-11-17 01:54 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
    2006-11-17 01:54 109,504 --a------ C:\WINDOWS\system\AVIFILE.DLL
    2006-11-17 01:54 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
    2006-11-17 01:54 <KANSIO> dr------- C:\Program Files\Common Files\..
    2006-11-17 01:54 <KANSIO> dr------- C:\Program Files\.
    2006-11-17 01:54 <KANSIO> dr------- C:\Program Files
    2006-11-17 01:54 <KANSIO> d-------- C:\Program Files\Common Files\SpeechEngines
    2006-11-17 01:54 <KANSIO> d-------- C:\Program Files\Common Files\ODBC
    2006-11-17 01:54 <KANSIO> d-------- C:\Program Files\Common Files\Microsoft Shared
    2006-11-17 01:54 <KANSIO> d-------- C:\Program Files\Common Files\.
    2006-11-17 01:54 <KANSIO> d-------- C:\Program Files\Common Files
    2006-11-17 01:54 <KANSIO> d-------- C:\Program Files\..
    2006-11-17 01:53 <KANSIO> dr-h----- C:\Documents and Settings\All Users\Application Data\.
    2006-11-17 01:53 <KANSIO> dr-h----- C:\Documents and Settings\All Users\Application Data
    2006-11-17 01:53 <KANSIO> dr------- C:\Documents and Settings\All Users\Tiedostot
    2006-11-17 01:53 <KANSIO> dr------- C:\Documents and Settings\All Users\K„ynnist„-valikko
    2006-11-17 01:53 <KANSIO> d--h----- C:\Documents and Settings\All Users\Mallit
    2006-11-17 01:53 <KANSIO> d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
    2006-11-17 01:53 <KANSIO> d-------- C:\WINDOWS\system32\CatRoot2
    2006-11-17 01:53 <KANSIO> d-------- C:\WINDOWS\system32\CatRoot
    2006-11-17 01:53 <KANSIO> d-------- C:\Documents and Settings\All Users\Ty”p”yt„
    2006-11-17 01:53 <KANSIO> d-------- C:\Documents and Settings\All Users\Suosikit
    2006-11-17 01:53 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\..
    2006-11-17 01:52 <KANSIO> d-------- C:\Documents and Settings\All Users\..
    2006-11-17 01:52 <KANSIO> d-------- C:\Documents and Settings\All Users\.
    2006-11-17 01:52 <KANSIO> d-------- C:\Documents and Settings
    2006-11-17 01:46 <KANSIO> dr-hs---- C:\WINDOWS\system32\dllcache
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\WinSxS
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\twain_32
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\Temp
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\usmt
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\oobe
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\npp
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\mui
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\inetsrv
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\IME
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\icsxml
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\ias
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\export
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\3com_dmi
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\3076
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\2052
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\1054
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\1042
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\1041
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\1037
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\1035
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\1033
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\1031
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\1028
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\1025
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\security
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\Resources
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\mui
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\msapps
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\ime
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\Driver Cache
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\Debug
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\Connection Wizard
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\AppPatch
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\addins
    2006-11-17 01:45 <KANSIO> dr--s---- C:\WINDOWS\Fonts
    2006-11-17 01:45 <KANSIO> dr------- C:\WINDOWS\Web
    2006-11-17 01:45 <KANSIO> d--h----- C:\WINDOWS\inf
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\wins
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\wbem
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\spool
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\ShellExt
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\Setup
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\ras
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\drivers\etc
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\drivers\disdn
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\drivers\..
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\drivers\.
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\drivers
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\dhcp
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\config
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\..
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\.
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system\..
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system\.
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\repair
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\msagent
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\Media
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\java
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\Help
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\Cursors
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\Config
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\..
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\.
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))




    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
    "MSMSGS"="\"C:\\Program Files\\Messenger\\MSMSGS.EXE\" /background"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "F-Secure Manager"="\"C:\\Program Files\\F-Secure\\Common\\FSM32.EXE\" /splash"
    "F-Secure TNB"="\"C:\\Program Files\\F-Secure\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{9A36CEDC-2619-43F0-8108-50A321AD3057}"=""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnkjk
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkhh

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    Completion time: 06-11-23 11:49:31.68
    C:\ComboFix.txt ... 06-11-23 11:49
     
    mikrosiru, Nov 22, 2006
    #5
  6. mikrosiru

    mikrosiru Member

    Joined:
    Sep 11, 2006
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    16
    smitfraudfix logi


    SmitFraudFix v2.122

    Scan done at 11:53:28,23, to 23.11.2006
    Run from D:\smitfreudfix\SmitfraudFix
    OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mikko


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mikko\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MIKKO\SUOSIKIT


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
    mikrosiru, Nov 22, 2006
    #6
  7. mikrosiru

    mikrosiru Member

    Joined:
    Sep 11, 2006
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    16
    HjT logi



    Logfile of HijackThis v1.99.1
    Scan saved at 11:56:32, on 23.11.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    C:\Program Files\F-Secure\Common\FIH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\MSMSGS.EXE
    C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\hijack\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
    O2 - BHO: (no name) - {9A36CEDC-2619-43F0-8108-50A321AD3057} - C:\WINDOWS\System32\opnnkjk.dll
    O2 - BHO: (no name) - {DA14646E-4460-4874-9068-138C4BC3AD6C} - C:\WINDOWS\System32\pmkhh.dll
    O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: opnnkjk - C:\WINDOWS\SYSTEM32\opnnkjk.dll
    O20 - Winlogon Notify: pmkhh - C:\WINDOWS\System32\pmkhh.dll
    O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
     
    mikrosiru, Nov 22, 2006
    #7
  8. Hujo

    Hujo Guest

    Lisää poista Sovellutuksesta poista

    VSToolBar


    Lataa VundoFix.exe
    http://www.atribune.org/ccount/click.php?id=4 työpöydällesi.

    • Tupla-klikkaa VundoFix.exe ajaaksesi sen.
    • Klikkaa Scan for Vundo valintaa.
    • Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
    • Sinulta kysytään haluatko poistaa filut - klikkaa YES.
    • Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
    • Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
    • Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.


    Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
    Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.


    SmitFraudFix v2.122 vanha versio poista ja ota uusi

     
    Hujo, Nov 23, 2006
    #8
  9. mikrosiru

    mikrosiru Member

    Joined:
    Sep 11, 2006
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    16
    HjT logi


    Logfile of HijackThis v1.99.1
    Scan saved at 16:24, on 06-11-23
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\MSMSGS.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
    C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    C:\Program Files\F-Secure\Common\FIH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\hijack\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - C:\WINDOWS\system32\bprltfat.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0DCC0102-3D42-4E7F-BF94-05CD0C9DF0F5} - C:\WINDOWS\System32\pmkhh.dll (file missing)
    O2 - BHO: (no name) - {9A36CEDC-2619-43F0-8108-50A321AD3057} - C:\WINDOWS\System32\opnnkjk.dll
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: opnnkjk - C:\WINDOWS\SYSTEM32\opnnkjk.dll
    O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe


    vundofix logi


    VundoFix V6.2.11

    Checking Java version...

    Sun Java not detected
    Scan started at 16:18:56 06-11-23

    Listing files found while scanning....

    C:\WINDOWS\System32\hhkmp.ini
    C:\WINDOWS\System32\hhkmp.bak1
    C:\WINDOWS\System32\hhkmp.bak2
    C:\WINDOWS\System32\hhkmp.ini2
    C:\WINDOWS\System32\hhkmp.tmp

    Beginning removal...

    Attempting to delete C:\WINDOWS\System32\pmkhh.dll
    C:\WINDOWS\System32\pmkhh.dll Has been deleted!

    Attempting to delete C:\WINDOWS\System32\hhkmp.ini
    C:\WINDOWS\System32\hhkmp.ini Has been deleted!

    Attempting to delete C:\WINDOWS\System32\hhkmp.bak1
    C:\WINDOWS\System32\hhkmp.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\System32\hhkmp.bak2
    C:\WINDOWS\System32\hhkmp.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\System32\hhkmp.ini2
    C:\WINDOWS\System32\hhkmp.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\System32\hhkmp.tmp
    C:\WINDOWS\System32\hhkmp.tmp Has been deleted!

    Performing Repairs to the registry.
    Done!

     
    mikrosiru, Nov 23, 2006
    #9
  10. mikrosiru

    mikrosiru Member

    Joined:
    Sep 11, 2006
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    16
    siin on viel smitfraudfixin logi


    SmitFraudFix v2.123

    Scan done at 18:48:39.53, 06-11-23
    Run from D:\smitfreudfix\SmitfraudFix
    OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mikko


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mikko\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MIKKO\SUOSIKIT


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
    mikrosiru, Nov 23, 2006
    #10
  11. Hujo

    Hujo Guest

    Scannaa hjt:llä merkkaa paina Fix checked

    O2 - BHO: (no name) - {0DCC0102-3D42-4E7F-BF94-05CD0C9DF0F5} - C:\WINDOWS\System32\pmkhh.dll (file missing)


    aja Vundoo uudestaan Lähetä raportti
    aja Compofix uudestaan Lähetä raportti
    uusi hjt -loki

    Smitfraudfix ok
     
    Last edited by a moderator: Nov 23, 2006
    Hujo, Nov 23, 2006
    #11
  12. mikrosiru

    mikrosiru Member

    Joined:
    Sep 11, 2006
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    16
    vundon logi




    VundoFix V6.2.11

    Checking Java version...

    Sun Java not detected
    Scan started at 19:08:52 06-11-23

    Listing files found while scanning....

    C:\WINDOWS\system32\qstwa.ini
    C:\WINDOWS\system32\qstwa.bak1

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\awtsq.dll
    C:\WINDOWS\system32\awtsq.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qstwa.ini
    C:\WINDOWS\system32\qstwa.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qstwa.bak1
    C:\WINDOWS\system32\qstwa.bak1 Has been deleted!

    Performing Repairs to the registry.
    Done!






    combofix logi


    Mikko - 06-11-23 19:15:46.51 Service Pack 2
    ComboFix 06.11.22 - Running from: "C:\Documents and Settings\Mikko\Ty”p”yt„"

    ((((((((((((((((((((((((((((((( Files Created from 2006-10-23 to 2006-11-23 ))))))))))))))))))))))))))))))))))


    2006-11-23 16:25 <KANSIO> d-------- C:\logit
    2006-11-23 16:18 <KANSIO> d-------- C:\VundoFix Backups
    2006-11-23 12:29 38,420 --a------ C:\WINDOWS\system32\bprltfat.dll
    2006-11-23 12:24 <KANSIO> d-------- C:\WINDOWS\pss
    2006-11-23 07:41 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
    2006-11-23 07:35 <KANSIO> d-------- C:\WINDOWS\Prefetch
    2006-11-23 03:15 <KANSIO> d-------- C:\WINDOWS\provisioning
    2006-11-23 03:15 <KANSIO> d-------- C:\WINDOWS\peernet
    2006-11-23 03:07 <KANSIO> d-------- C:\WINDOWS\ServicePackFiles
    2006-11-23 02:53 <KANSIO> d-------- C:\WINDOWS\system32\ReinstallBackups
    2006-11-23 02:44 <KANSIO> d-------- C:\WINDOWS\EHome
    2006-11-23 02:06 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
    2006-11-23 00:16 <KANSIO> d-------- C:\hijack
    2006-11-21 19:52 <KANSIO> d--h----- C:\WINDOWS\PIF
    2006-11-21 14:29 <KANSIO> d-------- C:\Program Files\Ahead
    2006-11-21 14:01 <KANSIO> d-------- C:\WINDOWS\RegisteredPackages
    2006-11-21 13:58 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    2006-11-20 16:36 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\Real
    2006-11-19 23:21 1,432 --a------ C:\WINDOWS\system32\tmp.reg
    2006-11-19 23:08 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
    2006-11-19 23:07 <KANSIO> d-------- C:\Program Files\WinZip
    2006-11-19 21:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
    2006-11-19 21:17 <KANSIO> d-------- C:\Program Files\Microsoft.NET
    2006-11-19 21:15 <KANSIO> d-------- C:\Program Files\Microsoft Works
    2006-11-19 21:15 <KANSIO> d-------- C:\Program Files\Common Files\DESIGNER
    2006-11-19 21:14 <KANSIO> d-------- C:\Program Files\Microsoft Visual Studio
    2006-11-19 21:13 <KANSIO> d-------- C:\WINDOWS\SHELLNEW
    2006-11-19 21:12 <KANSIO> d-------- C:\Program Files\Microsoft Office
    2006-11-19 20:54 <KANSIO> d-------- C:\WINDOWS\Downloaded Installations
    2006-11-19 00:37 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\SearchToolbarCorp
    2006-11-18 22:36 110,612 --a------ C:\WINDOWS\system32\vdlgrndp.exe
    2006-11-18 22:36 <KANSIO> d-------- C:\Program Files\VSAdd-in
    2006-11-18 11:41 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
    2006-11-18 11:41 330,752 --a------ C:\WINDOWS\system32\ipnathlp.dll
    2006-11-18 11:41 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
    2006-11-18 11:25 947,472 --a------ C:\WINDOWS\system32\msjava.dll
    2006-11-18 11:25 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
    2006-11-18 11:25 49,424 --a------ C:\WINDOWS\system32\clspack.exe
    2006-11-18 11:25 46,352 --a------ C:\WINDOWS\setdebug.exe
    2006-11-18 11:25 404,752 --a------ C:\WINDOWS\system32\javart.dll
    2006-11-18 11:25 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
    2006-11-18 11:25 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
    2006-11-18 11:25 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
    2006-11-18 11:25 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
    2006-11-18 11:25 172,304 --a------ C:\WINDOWS\system32\jview.exe
    2006-11-18 11:25 171,792 --a------ C:\WINDOWS\system32\wjview.exe
    2006-11-18 11:25 171,280 --a------ C:\WINDOWS\system32\jit.dll
    2006-11-18 11:25 154,384 --a------ C:\WINDOWS\system32\msawt.dll
    2006-11-18 11:25 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
    2006-11-18 11:25 139,536 --a------ C:\WINDOWS\system32\javaee.dll
    2006-11-18 11:25 113 --a------ C:\WINDOWS\system32\zonedon.reg
    2006-11-18 11:25 113 --a------ C:\WINDOWS\system32\zonedoff.reg
    2006-11-18 11:02 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Adobe
    2006-11-18 04:21 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\Macromedia
    2006-11-18 01:10 <KANSIO> d-------- C:\Program Files\Adobe
    2006-11-18 00:45 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\Adobe
    2006-11-18 00:44 <KANSIO> d-------- C:\Program Files\Common Files\Adobe
    2006-11-18 00:29 <KANSIO> d-------- C:\Documents and Settings\Mikko\Contacts
    2006-11-18 00:27 <KANSIO> d-------- C:\WINDOWS\system32\DRVSTORE
    2006-11-18 00:27 <KANSIO> d-------- C:\Program Files\MSN Messenger
    2006-11-18 00:19 <KANSIO> d--h----- C:\Program Files\InstallShield Installation Information
    2006-11-18 00:18 <KANSIO> d-------- C:\Program Files\Common Files\InstallShield
    2006-11-18 00:01 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
    2006-11-17 22:41 <KANSIO> d---s---- C:\Documents and Settings\Mikko\UserData
    2006-11-17 22:36 110,612 --a------ C:\WINDOWS\system32\fmcixqks.exe
    2006-11-17 22:19 <KANSIO> d-------- C:\mikko
    2006-11-17 22:13 <KANSIO> d-------- C:\WINDOWS\system32\bits
    2006-11-17 22:11 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
    2006-11-17 22:11 <KANSIO> d--h----- C:\WINDOWS\$hf_mig$
    2006-11-17 22:11 <KANSIO> d-------- C:\WINDOWS\system32\PreInstall
    2006-11-17 21:59 40,973 ---hs---- C:\WINDOWS\system32\opnnkjk.dll
    2006-11-17 21:48 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
    2006-11-17 21:48 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
    2006-11-17 21:48 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
    2006-11-17 21:48 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
    2006-11-17 21:45 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\Mozilla
    2006-11-17 21:44 <KANSIO> d-------- C:\Program Files\Mozilla Firefox
    2006-11-17 21:41 <KANSIO> d-------- C:\WINDOWS\system32\SoftwareDistribution
    2006-11-17 21:41 <KANSIO> d-------- C:\mozilla
    2006-11-17 21:39 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
    2006-11-17 21:39 41,240 --a------ C:\WINDOWS\system32\wups.dll
    2006-11-17 21:39 194,840 --a------ C:\WINDOWS\system32\wuaueng1.dll
    2006-11-17 21:39 173,848 --a------ C:\WINDOWS\system32\wuauclt1.exe
    2006-11-17 21:39 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
    2006-11-17 21:39 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
    2006-11-17 21:39 <KANSIO> d-------- C:\WINDOWS\SoftwareDistribution
    2006-11-17 21:18 68,752 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
    2006-11-17 21:18 26,928 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
    2006-11-17 21:17 118,784 -r------- C:\WINDOWS\bwUnin-6.3.2.62-7681197L.exe
    2006-11-17 21:14 <KANSIO> d-------- C:\Program Files\F-Secure
    2006-11-17 18:20 40,973 ---hs---- C:\WINDOWS\system32\awtqnkh.dll
    2006-11-17 15:52 <KANSIO> d--hs---- C:\Recycled
    2006-11-17 15:46 66,591 --a------ C:\WINDOWS\system32\drivers\el90xbc5.sys
    2006-11-17 02:37 <KANSIO> d---s---- C:\WINDOWS\system32\Microsoft
    2006-11-17 02:29 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
    2006-11-17 02:28 75,264 --a------ C:\WINDOWS\system32\MACDec.dll
    2006-11-17 02:28 679,936 --a------ C:\WINDOWS\system32\xvidcore.dll
    2006-11-17 02:28 45,568 --a------ C:\WINDOWS\system32\huffyuv.dll
    2006-11-17 02:28 446,464 --a------ C:\WINDOWS\system32\vp31vfw.dll
    2006-11-17 02:28 438,272 --a------ C:\WINDOWS\system32\vp6vfw.dll
    2006-11-17 02:28 421,888 --a------ C:\WINDOWS\system32\OpenQuicktimeLib.dll
    2006-11-17 02:28 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
    2006-11-17 02:28 413,760 --a------ C:\WINDOWS\system32\DivXc32f.dll
    2006-11-17 02:28 413,760 --a------ C:\WINDOWS\system32\DivXc32.dll
    2006-11-17 02:28 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
    2006-11-17 02:28 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
    2006-11-17 02:28 338,432 --a------ C:\WINDOWS\system32\ir41_qcx.dll
    2006-11-17 02:28 286,720 --a------ C:\WINDOWS\system32\3ivxVfWCodec.dll
    2006-11-17 02:28 245,408 --a------ C:\WINDOWS\system32\unicows.dll
    2006-11-17 02:28 200,192 --a------ C:\WINDOWS\system32\Ir50_qc.dll
    2006-11-17 02:28 19,968 --a------ C:\WINDOWS\system32\cpuinf32.dll
    2006-11-17 02:28 183,808 --a------ C:\WINDOWS\system32\Ir50_qcx.dll
    2006-11-17 02:28 155,648 --a------ C:\WINDOWS\system32\xvidvfw.dll
    2006-11-17 02:28 120,320 --a------ C:\WINDOWS\system32\ir41_qc.dll
    2006-11-17 02:28 1,824,768 --a------ C:\WINDOWS\system32\divx.dll
    2006-11-17 02:28 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll
    2006-11-17 02:28 1,024,000 --a------ C:\WINDOWS\system32\3ivx.dll
    2006-11-17 02:28 <KANSIO> d-------- C:\WINDOWS\system32\QuickTime
    2006-11-17 02:26 <KANSIO> d-------- C:\klm codec
    2006-11-17 02:18 <KANSIO> d--hs---- C:\WINDOWS\Installer
    2006-11-17 02:17 <KANSIO> dr-h----- C:\Documents and Settings\Mikko\SendTo
    2006-11-17 02:17 <KANSIO> dr-h----- C:\Documents and Settings\Mikko\Recent
    2006-11-17 02:17 <KANSIO> dr-h----- C:\Documents and Settings\Mikko\Application Data\.
    2006-11-17 02:17 <KANSIO> dr-h----- C:\Documents and Settings\Mikko\Application Data
    2006-11-17 02:17 <KANSIO> dr------- C:\Documents and Settings\Mikko\Suosikit
    2006-11-17 02:17 <KANSIO> dr------- C:\Documents and Settings\Mikko\Omat tiedostot
    2006-11-17 02:17 <KANSIO> dr------- C:\Documents and Settings\Mikko\K„ynnist„-valikko
    2006-11-17 02:17 <KANSIO> d--h----- C:\Program Files\Uninstall Information
    2006-11-17 02:17 <KANSIO> d--h----- C:\Documents and Settings\Mikko\Verkkoymp„rist”
    2006-11-17 02:17 <KANSIO> d--h----- C:\Documents and Settings\Mikko\Tulostinymp„rist”
    2006-11-17 02:17 <KANSIO> d--h----- C:\Documents and Settings\Mikko\Mallit
    2006-11-17 02:17 <KANSIO> d--h----- C:\Documents and Settings\Mikko\Local Settings
    2006-11-17 02:17 <KANSIO> d---s---- C:\Documents and Settings\Mikko\Cookies
    2006-11-17 02:17 <KANSIO> d---s---- C:\Documents and Settings\Mikko\Application Data\Microsoft
    2006-11-17 02:17 <KANSIO> d-------- C:\Documents and Settings\Mikko\Ty”p”yt„
    2006-11-17 02:17 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\Identities
    2006-11-17 02:17 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\..
    2006-11-17 02:17 <KANSIO> d-------- C:\Documents and Settings\Mikko\..
    2006-11-17 02:17 <KANSIO> d-------- C:\Documents and Settings\Mikko\.
    2006-11-17 02:15 <KANSIO> d--hs---- C:\System Volume Information
    2006-11-17 02:10 0 -rahs---- C:\MSDOS.SYS
    2006-11-17 02:10 0 -rahs---- C:\IO.SYS
    2006-11-17 02:10 0 --a------ C:\CONFIG.SYS
    2006-11-17 02:10 0 --a------ C:\AUTOEXEC.BAT
    2006-11-17 02:10 <KANSIO> d-------- C:\WINDOWS\system32\xircom
    2006-11-17 02:10 <KANSIO> d-------- C:\Program Files\xerox
    2006-11-17 02:10 <KANSIO> d-------- C:\Program Files\microsoft frontpage
    2006-11-17 02:09 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
    2006-11-17 02:08 <KANSIO> dr------- C:\WINDOWS\Offline Web Pages
    2006-11-17 02:08 <KANSIO> d--hs---- C:\Documents and Settings\All Users\DRM
    2006-11-17 02:08 <KANSIO> d---s---- C:\WINDOWS\Downloaded Program Files
    2006-11-17 02:07 <KANSIO> d-------- C:\WINDOWS\system32\DirectX
    2006-11-17 02:06 86,016 --a------ C:\WINDOWS\system32\isign32.dll
    2006-11-17 02:06 81,920 --a------ C:\WINDOWS\system32\ils.dll
    2006-11-17 02:06 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
    2006-11-17 02:06 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
    2006-11-17 02:06 69,632 --a------ C:\WINDOWS\system32\msconf.dll
    2006-11-17 02:06 67,584 --a------ C:\WINDOWS\system32\srclient.dll
    2006-11-17 02:06 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
    2006-11-17 02:06 64,512 --a------ C:\WINDOWS\system32\acctres.dll
    2006-11-17 02:06 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
    2006-11-17 02:06 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
    2006-11-17 02:06 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
    2006-11-17 02:06 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
    2006-11-17 02:06 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
    2006-11-17 02:06 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
    2006-11-17 02:06 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
    2006-11-17 02:06 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
    2006-11-17 02:06 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
    2006-11-17 02:06 278,528 --a------ C:\WINDOWS\system32\inetcfg.dll
    2006-11-17 02:06 276,480 --a------ C:\WINDOWS\system32\mstask.dll
    2006-11-17 02:06 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
    2006-11-17 02:06 240,640 --a------ C:\WINDOWS\system32\srrstr.dll
    2006-11-17 02:06 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
    2006-11-17 02:06 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
    2006-11-17 02:06 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
    2006-11-17 02:06 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
    2006-11-17 02:06 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
    2006-11-17 02:06 11,264 --a------ C:\WINDOWS\system32\atrace.dll
    2006-11-17 02:06 <KANSIO> d---s---- C:\WINDOWS\Tasks
    2006-11-17 02:06 <KANSIO> d-------- C:\WINDOWS\system32\Restore
    2006-11-17 02:06 <KANSIO> d-------- C:\WINDOWS\system32\Macromed
    2006-11-17 02:06 <KANSIO> d-------- C:\WINDOWS\srchasst
    2006-11-17 02:06 <KANSIO> d-------- C:\WINDOWS\PCHealth
    2006-11-17 02:06 <KANSIO> d-------- C:\Program Files\Outlook Express
    2006-11-17 02:06 <KANSIO> d-------- C:\Program Files\NetMeeting
    2006-11-17 02:06 <KANSIO> d-------- C:\Program Files\Movie Maker
    2006-11-17 02:06 <KANSIO> d-------- C:\Program Files\Internet Explorer
    2006-11-17 02:06 <KANSIO> d-------- C:\Program Files\Common Files\System
    2006-11-17 02:06 <KANSIO> d-------- C:\Program Files\Common Files\Services
    2006-11-17 02:06 <KANSIO> d-------- C:\Program Files\Common Files\MSSoap
    2006-11-17 02:05 <KANSIO> d-------- C:\WINDOWS\Registration
    2006-11-17 02:05 <KANSIO> d-------- C:\Program Files\ComPlus Applications
    2006-11-17 02:04 73,216 --a------ C:\WINDOWS\system32\avwav.dll
    2006-11-17 02:04 605,696 --a------ C:\WINDOWS\system32\getuname.dll
    2006-11-17 02:04 5,632 --a------ C:\WINDOWS\system32\write.exe
    2006-11-17 02:04 44,544 --a------ C:\WINDOWS\system32\hticons.dll
    2006-11-17 02:04 35,328 --a------ C:\WINDOWS\system32\winchat.exe
    2006-11-17 02:04 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
    2006-11-17 02:04 186,368 --a------ C:\WINDOWS\system32\accwiz.exe
    2006-11-17 02:04 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
    2006-11-17 02:04 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
    2006-11-17 02:04 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
    2006-11-17 02:04 <KANSIO> d--h----- C:\Program Files\WindowsUpdate
    2006-11-17 02:04 <KANSIO> d-------- C:\Program Files\Windows Media Player
    2006-11-17 02:04 <KANSIO> d-------- C:\Program Files\Online Services
    2006-11-17 02:04 <KANSIO> d-------- C:\Program Files\MSN Gaming Zone
    2006-11-17 02:04 <KANSIO> d-------- C:\Program Files\Messenger
    2006-11-17 02:03 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
    2006-11-17 02:03 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
    2006-11-17 02:03 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
    2006-11-17 02:03 9,728 --a------ C:\WINDOWS\system32\reset.exe
    2006-11-17 02:03 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
    2006-11-17 02:03 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
    2006-11-17 02:03 80,896 --a------ C:\WINDOWS\system32\charmap.exe
    2006-11-17 02:03 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
    2006-11-17 02:03 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
    2006-11-17 02:03 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
    2006-11-17 02:03 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
    2006-11-17 02:03 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
    2006-11-17 02:03 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
    2006-11-17 02:03 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
    2006-11-17 02:03 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
    2006-11-17 02:03 56,832 --a------ C:\WINDOWS\system32\sol.exe
    2006-11-17 02:03 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
    2006-11-17 02:03 55,296 --a------ C:\WINDOWS\system32\freecell.exe
    2006-11-17 02:03 540,160 --a------ C:\WINDOWS\system32\comuid.dll
    2006-11-17 02:03 54,272 --a------ C:\WINDOWS\system32\stclient.dll
    2006-11-17 02:03 538,624 --a------ C:\WINDOWS\system32\spider.exe
    2006-11-17 02:03 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
    2006-11-17 02:03 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
    2006-11-17 02:03 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
    2006-11-17 02:03 404,992 --a------ C:\WINDOWS\system32\mstsc.exe
    2006-11-17 02:03 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
    2006-11-17 02:03 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
    2006-11-17 02:03 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
    2006-11-17 02:03 39,424 --a------ C:\WINDOWS\system32\cfgbkend.dll
    2006-11-17 02:03 344,064 --a------ C:\WINDOWS\system32\mspaint.exe
    2006-11-17 02:03 33,792 --a------ C:\WINDOWS\system32\regini.exe
    2006-11-17 02:03 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
    2006-11-17 02:03 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
    2006-11-17 02:03 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
    2006-11-17 02:03 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
    2006-11-17 02:03 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
    2006-11-17 02:03 21,504 --a------ C:\WINDOWS\system32\msg.exe
    2006-11-17 02:03 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
    2006-11-17 02:03 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
    2006-11-17 02:03 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
    2006-11-17 02:03 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
    2006-11-17 02:03 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
    2006-11-17 02:03 17,408 --a------ C:\WINDOWS\system32\tsshutdn.exe
    2006-11-17 02:03 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
    2006-11-17 02:03 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
    2006-11-17 02:03 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
    2006-11-17 02:03 16,384 --a------ C:\WINDOWS\system32\tskill.exe
    2006-11-17 02:03 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
    2006-11-17 02:03 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
    2006-11-17 02:03 15,360 --a------ C:\WINDOWS\system32\tscon.exe
    2006-11-17 02:03 15,360 --a------ C:\WINDOWS\system32\logoff.exe
    2006-11-17 02:03 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
    2006-11-17 02:03 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
    2006-11-17 02:03 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
    2006-11-17 02:03 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
    2006-11-17 02:03 14,848 --a------ C:\WINDOWS\system32\shadow.exe
    2006-11-17 02:03 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
    2006-11-17 02:03 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
    2006-11-17 02:03 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
    2006-11-17 02:03 124,696 --a------ C:\WINDOWS\system32\wuauclt.exe
    2006-11-17 02:03 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
    2006-11-17 02:03 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
    2006-11-17 02:03 119,808 --a------ C:\WINDOWS\system32\winmine.exe
    2006-11-17 02:03 114,688 --a------ C:\WINDOWS\system32\calc.exe
    2006-11-17 02:03 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
    2006-11-17 02:03 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
    2006-11-17 02:03 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
    2006-11-17 02:03 102,400 --a------ C:\WINDOWS\system32\clipbrd.exe
    2006-11-17 02:03 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
    2006-11-17 02:03 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
    2006-11-17 02:03 <KANSIO> d-------- C:\WINDOWS\system32\MsDtc
    2006-11-17 02:03 <KANSIO> d-------- C:\WINDOWS\system32\Com
    2006-11-17 02:03 <KANSIO> d-------- C:\Program Files\Windows NT
    2006-11-17 02:03 <KANSIO> d-------- C:\Program Files\MSN
    2006-11-17 01:58 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
    2006-11-17 01:58 7,552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
    2006-11-17 01:58 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
    2006-11-17 01:58 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
    2006-11-17 01:58 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
    2006-11-17 01:58 5,376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
    2006-11-17 01:58 4,992 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
    2006-11-17 01:58 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
    2006-11-17 01:58 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
    2006-11-17 01:58 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
    2006-11-17 01:57 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
    2006-11-17 01:57 57,216 --a------ C:\WINDOWS\system32\drivers\redbook.sys
    2006-11-17 01:57 33,599 --a------ C:\WINDOWS\system32\drivers\wATV04nt.sys
    2006-11-17 01:57 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
    2006-11-17 01:57 29,311 --a------ C:\WINDOWS\system32\drivers\wATV01nt.sys
    2006-11-17 01:57 23,615 --a------ C:\WINDOWS\system32\drivers\wCh7xxNT.sys
    2006-11-17 01:57 19,551 --a------ C:\WINDOWS\system32\drivers\wATV02NT.sys
    2006-11-17 01:57 19,455 --a------ C:\WINDOWS\system32\drivers\wVchNTxx.sys
    2006-11-17 01:57 12,415 --a------ C:\WINDOWS\system32\drivers\wADV01nt.sys
    2006-11-17 01:57 12,127 --a------ C:\WINDOWS\system32\drivers\wADV02NT.sys
    2006-11-17 01:57 12,063 --a------ C:\WINDOWS\system32\drivers\wSiINTxx.sys
    2006-11-17 01:57 11,775 --a------ C:\WINDOWS\system32\drivers\wADV05NT.sys
    2006-11-17 01:56 96,256 --a------ C:\WINDOWS\system32\drivers\ac97intc.sys
    2006-11-17 01:56 74,240 --a------ C:\WINDOWS\system32\usbui.dll
    2006-11-17 01:56 702,845 --a------ C:\WINDOWS\system32\i81xdnt5.dll
    2006-11-17 01:56 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
    2006-11-17 01:56 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
    2006-11-17 01:56 2,944 --a------ C:\WINDOWS\system32\drivers\msmpu401.sys
    2006-11-17 01:56 161,020 --a------ C:\WINDOWS\system32\drivers\i81xnt5.sys
    2006-11-17 01:56 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
    2006-11-17 01:56 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
    2006-11-17 01:54 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
    2006-11-17 01:54 9,008 --a------ C:\WINDOWS\system\VER.DLL
    2006-11-17 01:54 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
    2006-11-17 01:54 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
    2006-11-17 01:54 8,704 --a------ C:\WINDOWS\system32\batt.dll
    2006-11-17 01:54 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
    2006-11-17 01:54 74,240 --a------ C:\WINDOWS\system32\storprop.dll
    2006-11-17 01:54 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
    2006-11-17 01:54 69,856 --a------ C:\WINDOWS\system\AVICAP.DLL
    2006-11-17 01:54 69,632 --a------ C:\WINDOWS\notepad.exe
    2006-11-17 01:54 68,768 --a------ C:\WINDOWS\system\mmsystem.dll
    2006-11-17 01:54 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
    2006-11-17 01:54 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
    2006-11-17 01:54 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
    2006-11-17 01:54 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
    2006-11-17 01:54 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
    2006-11-17 01:54 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
    2006-11-17 01:54 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
    2006-11-17 01:54 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
    2006-11-17 01:54 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
    2006-11-17 01:54 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
    2006-11-17 01:54 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
    2006-11-17 01:54 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
    2006-11-17 01:54 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
    2006-11-17 01:54 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
    2006-11-17 01:54 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
    2006-11-17 01:54 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
    2006-11-17 01:54 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
    2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
    2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
    2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
    2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
    2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
    2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
    2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
    2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
    2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
    2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
    2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
    2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
    2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
    2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
    2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
    2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
    2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
    2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
    2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
    2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
    2006-11-17 01:54 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
    2006-11-17 01:54 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
    2006-11-17 01:54 33,120 --a------ C:\WINDOWS\system\COMMDLG.DLL
    2006-11-17 01:54 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
    2006-11-17 01:54 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
    2006-11-17 01:54 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
    2006-11-17 01:54 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
    2006-11-17 01:54 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
    2006-11-17 01:54 13,312 --a------ C:\WINDOWS\system32\irclass.dll
    2006-11-17 01:54 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
    2006-11-17 01:54 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
    2006-11-17 01:54 109,504 --a------ C:\WINDOWS\system\AVIFILE.DLL
    2006-11-17 01:54 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
    2006-11-17 01:54 <KANSIO> dr------- C:\Program Files\Common Files\..
    2006-11-17 01:54 <KANSIO> dr------- C:\Program Files\.
    2006-11-17 01:54 <KANSIO> dr------- C:\Program Files
    2006-11-17 01:54 <KANSIO> d-------- C:\Program Files\Common Files\SpeechEngines
    2006-11-17 01:54 <KANSIO> d-------- C:\Program Files\Common Files\ODBC
    2006-11-17 01:54 <KANSIO> d-------- C:\Program Files\Common Files\Microsoft Shared
    2006-11-17 01:54 <KANSIO> d-------- C:\Program Files\Common Files\.
    2006-11-17 01:54 <KANSIO> d-------- C:\Program Files\Common Files
    2006-11-17 01:54 <KANSIO> d-------- C:\Program Files\..
    2006-11-17 01:53 <KANSIO> dr-h----- C:\Documents and Settings\All Users\Application Data\.
    2006-11-17 01:53 <KANSIO> dr-h----- C:\Documents and Settings\All Users\Application Data
    2006-11-17 01:53 <KANSIO> dr------- C:\Documents and Settings\All Users\Tiedostot
    2006-11-17 01:53 <KANSIO> dr------- C:\Documents and Settings\All Users\K„ynnist„-valikko
    2006-11-17 01:53 <KANSIO> d--h----- C:\Documents and Settings\All Users\Mallit
    2006-11-17 01:53 <KANSIO> d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
    2006-11-17 01:53 <KANSIO> d-------- C:\WINDOWS\system32\CatRoot2
    2006-11-17 01:53 <KANSIO> d-------- C:\WINDOWS\system32\CatRoot
    2006-11-17 01:53 <KANSIO> d-------- C:\Documents and Settings\All Users\Ty”p”yt„
    2006-11-17 01:53 <KANSIO> d-------- C:\Documents and Settings\All Users\Suosikit
    2006-11-17 01:53 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\..
    2006-11-17 01:52 <KANSIO> d-------- C:\Documents and Settings\All Users\..
    2006-11-17 01:52 <KANSIO> d-------- C:\Documents and Settings\All Users\.
    2006-11-17 01:52 <KANSIO> d-------- C:\Documents and Settings
    2006-11-17 01:46 <KANSIO> dr-hs---- C:\WINDOWS\system32\dllcache
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\WinSxS
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\twain_32
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\Temp
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\usmt
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\oobe
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\npp
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\mui
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\inetsrv
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\IME
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\icsxml
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\ias
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\export
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\3com_dmi
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\3076
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\2052
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\1054
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\1042
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\1041
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\1037
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\1035
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\1033
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\1031
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\1028
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\system32\1025
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\security
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\Resources
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\mui
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\msapps
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\ime
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\Driver Cache
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\Debug
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\Connection Wizard
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\AppPatch
    2006-11-17 01:46 <KANSIO> d-------- C:\WINDOWS\addins
    2006-11-17 01:45 <KANSIO> dr--s---- C:\WINDOWS\Fonts
    2006-11-17 01:45 <KANSIO> dr------- C:\WINDOWS\Web
    2006-11-17 01:45 <KANSIO> d--h----- C:\WINDOWS\inf
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\wins
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\wbem
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\spool
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\ShellExt
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\Setup
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\ras
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\drivers\etc
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\drivers\disdn
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\drivers\..
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\drivers\.
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\drivers
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\dhcp
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\config
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\..
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32\.
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system32
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system\..
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system\.
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\system
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\repair
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\msagent
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\Media
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\java
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\Help
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\Cursors
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\Config
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\..
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS\.
    2006-11-17 01:45 <KANSIO> d-------- C:\WINDOWS


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))




    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "MSMSGS"="\"C:\\Program Files\\Messenger\\MSMSGS.EXE\" /background"
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "F-Secure Manager"="\"C:\\Program Files\\F-Secure\\Common\\FSM32.EXE\" /splash"
    "F-Secure TNB"="\"C:\\Program Files\\F-Secure\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^WinZip Quick Pick.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Käynnistä-valikko\\Ohjelmat\\Käynnistys\\WinZip Quick Pick.lnk"
    "backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "
    "item"="WinZip Quick Pick"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="MsnMsgr"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"



    ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

    backup-20061123-190502-379
    O2 - BHO: (no name) - {0DCC0102-3D42-4E7F-BF94-05CD0C9DF0F5} - C:\WINDOWS\System32\pmkhh.dll (file missing)
    Completion time: 06-11-23 19:18:16.54
    C:\ComboFix.txt ... 06-11-23 19:18










    HjT logi



    Logfile of HijackThis v1.99.1
    Scan saved at 19:20:22, on 23.11.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\MSMSGS.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
    C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    C:\Program Files\F-Secure\Common\FIH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
    C:\hijack\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - C:\WINDOWS\system32\bprltfat.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {50DD71F9-1282-4934-8996-193079D5ED0E} - C:\WINDOWS\system32\awtsq.dll (file missing)
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe









     
    mikrosiru, Nov 23, 2006
    #12
  13. Hujo

    Hujo Guest

    Last edited by a moderator: Nov 23, 2006
    Hujo, Nov 23, 2006
    #13
  14. mikrosiru

    mikrosiru Member

    Joined:
    Sep 11, 2006
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    16

    [11/23/2006, 19:56:58] - VirtumundoBeGone v1.5 ( "C:\virtumundobegone\VirtumundoBeGone.exe" )
    [11/23/2006, 19:57:08] - Detected System Information:
    [11/23/2006, 19:57:08] - Windows Version: 5.1.2600, Service Pack 2
    [11/23/2006, 19:57:09] - Current Username: Mikko (Admin)
    [11/23/2006, 19:57:09] - Windows is in NORMAL mode.
    [11/23/2006, 19:57:09] - Searching for Browser Helper Objects:
    [11/23/2006, 19:57:09] - BHO 1: {013A653B-49A6-4f76-8B68-E4875EA6BA54} ()
    [11/23/2006, 19:57:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/23/2006, 19:57:10] - Checking for HKLM\...\Winlogon\Notify\bprltfat
    [11/23/2006, 19:57:10] - Key not found: HKLM\...\Winlogon\Notify\bprltfat, continuing.
    [11/23/2006, 19:57:10] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
    [11/23/2006, 19:57:10] - BHO 3: {50DD71F9-1282-4934-8996-193079D5ED0E} ()
    [11/23/2006, 19:57:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/23/2006, 19:57:11] - Checking for HKLM\...\Winlogon\Notify\awtsq
    [11/23/2006, 19:57:11] - Key not found: HKLM\...\Winlogon\Notify\awtsq, continuing.
    [11/23/2006, 19:57:11] - Finished Searching Browser Helper Objects
    [11/23/2006, 19:57:12] - Finishing up...
    [11/23/2006, 19:57:12] - Nothing found! Exiting...
     
    mikrosiru, Nov 23, 2006
    #14
  15. Hujo

    Hujo Guest

    Scannaa ja fixsaa

    O2 - BHO: (no name) - {50DD71F9-1282-4934-8996-193079D5ED0E} - C:\WINDOWS\system32\awtsq.dll (file missing)
     
    Hujo, Nov 23, 2006
    #15
  16. mikrosiru

    mikrosiru Member

    Joined:
    Sep 11, 2006
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    16
    millä ohjelmalla?
     
    mikrosiru, Nov 23, 2006
    #16
  17. mikrosiru

    mikrosiru Member

    Joined:
    Sep 11, 2006
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    16
    Logfile of HijackThis v1.99.1
    Scan saved at 20:08:50, on 23.11.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\MSMSGS.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
    C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    C:\Program Files\F-Secure\Common\FIH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
    C:\WINDOWS\explorer.exe
    C:\hijack\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - C:\WINDOWS\system32\bprltfat.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
     
    mikrosiru, Nov 23, 2006
    #17
  18. mikrosiru

    mikrosiru Member

    Joined:
    Sep 11, 2006
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    16
    pitäskös nyt olla täysin kondiksessa?
     
    mikrosiru, Nov 23, 2006
    #18
  19. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Tuo fixiin:

    O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - C:\WINDOWS\system32\bprltfat.dll

    Poista jos löytyy:

    C:\WINDOWS\system32\bprltfat.dll

    Käynnistä uudelleen ja lähetä uusi HjT-loki.
     
    -kemisti-, Nov 23, 2006
    #19
  20. mikrosiru

    mikrosiru Member

    Joined:
    Sep 11, 2006
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    16
    Logfile of HijackThis v1.99.1
    Scan saved at 20:19:25, on 25.11.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\MSMSGS.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
    C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    C:\Program Files\F-Secure\Common\FIH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\hijack\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

     
    mikrosiru, Nov 25, 2006
    #20
Page 1 of 2
Thread Status:
Not open for further replies.

Share This Page