Mozillalla ja IE:llä paljon pop-uppeja. HjT-loki!

Yhtäkkiä näin käynyt, ennen ei mitään.. melkein koko ajan ilmestyy pop-uppeja Mozillalla ja internet explorerilla. suurin osa jonnekkin ihme TurvaPC sivustolle, mikä melkein pakottaa asentamaan kyseisen ohjelman.Tässä HjT-loki:





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:00:11, on 8.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Stardock\ThinkDesk\Multiplicity\MULTISRV32.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=105563
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: WebBlinds - {4F92B827-1E56-4E30-A978-A17A7861A606} - C:\Program Files\Object Desktop\WebBlinds\WebBlinds.dll
O2 - BHO: BrowsingEnhancer - {5ABBD91B-0215-2FE1-7A7E-753F05B40CB8} - C:\Program Files\BrowsingEnhancer\BrowsingEnhancer-2.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Mirar - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA3398] command /c del "C:\WINDOWS\SchedLgU.Txt_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC460] cmd /c del "C:\WINDOWS\SchedLgU.Txt_tobedeleted"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: Multi - C:\Program Files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Stardock Multiplicity (Multiplicity) - Unknown owner - C:\Program Files\Stardock\ThinkDesk\Multiplicity\MULTISRV32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag (OODefrag) - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 10826 bytes

 

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

Combofix-loki:




ComboFix 08-06-10.5 - Minä 2008-06-12 21:42:29.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1367 [GMT 3:00]
Running from: C:\Documents and Settings\Minä\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\PlayMP3z
C:\Program Files\PlayMP3z\uninstall.exe
C:\WINDOWS\system32\WinNB57.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-12 to 2008-06-12 )))))))))))))))))))))))))))))))
.

2008-06-02 22:45 . 2008-06-12 21:40 <DIR> d-------- C:\Program Files\FBrowsingAdvisor
2008-06-02 22:45 . 2008-06-02 22:45 <DIR> d-------- C:\Program Files\FBrowserAdvisor
2008-06-02 22:45 . 2008-06-07 12:12 <DIR> d-------- C:\Program Files\BrowsingEnhancer
2008-06-01 20:45 . 2008-06-01 22:04 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-06-01 20:38 . 2008-06-01 20:39 <DIR> d--h-c--- C:\WINDOWS\ie8
2008-05-18 12:25 . 2008-05-18 12:25 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-18 12:25 . 2008-03-21 23:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-18 12:25 . 2008-01-10 15:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-18 12:25 . 2008-04-01 00:25 682,496 --a------ C:\WINDOWS\system32\divx.dll
2008-05-18 12:25 . 2008-01-10 15:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-05-18 12:25 . 2008-03-21 23:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-05-18 12:25 . 2008-03-28 20:41 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-18 12:25 . 2007-07-10 19:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-05-15 21:31 . 2008-05-15 21:31 0 --a------ C:\WINDOWS\rasexit.INI
2008-05-15 21:31 . 2008-05-15 21:31 0 --a------ C:\WINDOWS\netscape.INI
2008-05-15 03:01 . 2008-05-29 15:03 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-05-12 20:38 . 2008-05-12 20:38 <DIR> d-------- C:\Program Files\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-18 10:19 --------- d-----w C:\Program Files\VideoLAN
2008-05-18 09:24 --------- d-----w C:\Program Files\ffdshow
2008-05-15 18:20 --------- d-----w C:\Program Files\EvilLyrics
2008-05-15 00:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-14 18:13 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-12 13:55 --------- d-----w C:\Program Files\LimeWire
2008-05-12 13:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-27 09:30 --------- d-----w C:\Program Files\Ganymede
2008-04-20 07:52 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-04-20 07:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-18 17:40 --------- d-----w C:\Program Files\Google
2008-04-18 12:54 --------- d-----w C:\Documents and Settings\Minõ\Application Data\Mozilla
2008-04-18 12:52 --------- d-----w C:\Program Files\mplayer
2008-04-14 14:02 --------- d-----w C:\Program Files\Nokia
2008-04-14 14:02 --------- d-----w C:\Program Files\Common Files\Nokia
2006-12-07 14:37 251 ----a-w C:\Program Files\wt3d.ini
.

((((((((((((((((((((((((((((( snapshot@2008-04-21_18.59.18.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-02-26 11:48:44 297,984 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\updspapi.dll
+ 2008-01-23 04:56:21 554,008 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360.dll
+ 2007-12-10 12:41:11 518,944 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40.dll
+ 2007-12-10 12:41:11 326,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40.dll
+ 2007-12-10 12:41:11 1,516,568 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40.dll
+ 2007-12-10 12:41:11 355,112 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjetol1.dll
+ 2008-03-27 07:39:13 151,583 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll
+ 2007-12-10 12:41:12 60,192 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40.dll
+ 2007-12-10 12:41:12 248,608 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40.dll
+ 2007-12-10 12:41:12 219,936 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40.dll
+ 2007-12-10 12:41:12 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40.dll
+ 2007-12-10 12:41:13 432,928 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll
+ 2007-12-10 12:41:13 322,336 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll
+ 2007-12-10 12:41:13 559,904 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40.dll
+ 2007-12-10 12:41:13 264,992 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40.dll
+ 2007-12-10 12:41:13 838,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10.dll
+ 2007-12-10 12:41:14 621,344 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10.dll
+ 2007-12-10 12:41:14 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\updspapi.dll
+ 2008-05-09 16:19:25 6,800 ----a-w C:\WINDOWS\.mpr_file_store_32\HybridScape2\data\notes.dat
+ 2008-05-09 16:19:25 6,800 ----a-w C:\WINDOWS\.mpr_file_store_32\HybridScape2\data\sellable.dat
+ 2008-05-09 16:19:25 6,800 ----a-w C:\WINDOWS\.mpr_file_store_32\HybridScape2\data\stackable.dat
+ 2008-05-09 16:19:25 6,800 ----a-w C:\WINDOWS\.mpr_file_store_32\HybridScape2\data\tradeable.dat
+ 2008-05-09 16:19:25 6,800 ----a-w C:\WINDOWS\.mpr_file_store_32\HybridScape2\data\twohanded.dat
+ 2008-05-09 16:18:47 15,521,827 ----a-w C:\WINDOWS\.mpr_file_store_32\main_file_cache.dat
+ 2008-05-09 16:18:46 4,663,304 ----a-w C:\WINDOWS\.mpr_file_store_32\vanhat\main_file_cache.dat
+ 2008-05-09 16:18:48 330,292 ----a-w C:\WINDOWS\.mpr_file_store_32\worldmap.dat
- 2008-04-21 15:54:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-12 18:45:34 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2007-11-10 03:38:40 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-04-20 23:32:39 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
- 2007-11-10 17:33:43 11,202,560 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-04-21 16:05:39 13,889,536 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
- 2007-11-10 17:33:43 290,816 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-04-21 16:05:39 286,720 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2007-08-13 16:39:20 71,680 -c--a-w C:\WINDOWS\ie8\admparse.dll
+ 2008-03-01 13:06:20 124,928 -c--a-w C:\WINDOWS\ie8\advpack.dll
+ 2007-08-13 16:42:54 17,408 -c--a-w C:\WINDOWS\ie8\corpol.dll
+ 2008-03-01 13:06:21 347,136 -c--a-w C:\WINDOWS\ie8\dxtmsft.dll
+ 2008-03-01 13:06:21 214,528 -c--a-w C:\WINDOWS\ie8\dxtrans.dll
+ 2007-08-13 16:18:02 60,416 -c--a-w C:\WINDOWS\ie8\hmmapi.dll
+ 2008-03-01 13:06:21 63,488 -c--a-w C:\WINDOWS\ie8\icardie.dll
+ 2008-02-29 08:55:23 70,656 -c--a-w C:\WINDOWS\ie8\ie4uinit.exe
+ 2008-03-01 13:06:21 153,088 -c--a-w C:\WINDOWS\ie8\ieakeng.dll
+ 2008-03-01 13:06:21 230,400 -c--a-w C:\WINDOWS\ie8\ieaksie.dll
+ 2008-02-15 05:44:25 161,792 -c--a-w C:\WINDOWS\ie8\ieakui.dll
+ 2007-07-01 03:31:33 2,455,488 -c--a-w C:\WINDOWS\ie8\ieapfltr.dat
+ 2008-03-01 13:06:22 383,488 -c--a-w C:\WINDOWS\ie8\ieapfltr.dll
+ 2008-03-01 13:06:22 384,512 -c--a-w C:\WINDOWS\ie8\iedkcs32.dll
+ 2007-08-13 16:44:02 69,120 -c--a-w C:\WINDOWS\ie8\iedw.exe
+ 2007-08-13 16:45:18 78,336 -c--a-w C:\WINDOWS\ie8\ieencode.dll
+ 2008-03-01 13:06:24 6,066,176 -c--a-w C:\WINDOWS\ie8\ieframe.dll
+ 2007-08-13 16:54:10 191,488 -c--a-w C:\WINDOWS\ie8\iepeers.dll
+ 2007-08-13 16:54:10 287,744 -c--a-w C:\WINDOWS\ie8\ieproxy.dll
+ 2008-03-01 13:06:24 44,544 -c--a-w C:\WINDOWS\ie8\iernonce.dll
+ 2008-03-01 13:06:25 267,776 -c--a-w C:\WINDOWS\ie8\iertutil.dll
+ 2007-08-13 16:39:12 55,296 -c--a-w C:\WINDOWS\ie8\iesetup.dll
+ 2007-08-13 16:54:10 180,736 -c--a-w C:\WINDOWS\ie8\ieui.dll
+ 2008-02-29 08:55:46 625,664 -c--a-w C:\WINDOWS\ie8\iexplore.exe
+ 2007-08-13 16:36:06 36,352 -c--a-w C:\WINDOWS\ie8\imgutil.dll
+ 2007-08-13 16:39:02 92,672 -c--a-w C:\WINDOWS\ie8\inseng.dll
+ 2007-08-13 16:38:04 491,520 -c--a-w C:\WINDOWS\ie8\jscript.dll
+ 2008-03-01 13:06:25 27,648 -c--a-w C:\WINDOWS\ie8\jsproxy.dll
+ 2007-08-13 16:44:18 40,960 -c--a-w C:\WINDOWS\ie8\licmgr10.dll
+ 2008-03-01 13:06:26 459,264 -c--a-w C:\WINDOWS\ie8\msfeeds.dll
+ 2008-03-01 13:06:26 52,224 -c--a-w C:\WINDOWS\ie8\msfeedsbs.dll
+ 2007-08-13 16:36:40 12,288 -c--a-w C:\WINDOWS\ie8\msfeedssync.exe
+ 2007-08-13 16:32:30 45,568 -c--a-w C:\WINDOWS\ie8\mshta.exe
+ 2008-03-01 15:36:30 3,591,680 -c--a-w C:\WINDOWS\ie8\mshtml.dll
+ 2008-03-01 13:06:28 478,208 -c--a-w C:\WINDOWS\ie8\mshtmled.dll
+ 2007-08-13 16:01:12 48,128 -c--a-w C:\WINDOWS\ie8\mshtmler.dll
+ 2007-08-13 16:54:10 156,160 -c--a-w C:\WINDOWS\ie8\msls31.dll
+ 2008-03-01 13:06:28 193,024 -c--a-w C:\WINDOWS\ie8\msrating.dll
+ 2008-03-01 13:06:29 671,232 -c--a-w C:\WINDOWS\ie8\mstime.dll
+ 2008-03-01 13:06:29 102,912 -c--a-w C:\WINDOWS\ie8\occache.dll
+ 2008-03-01 13:06:29 44,544 -c--a-w C:\WINDOWS\ie8\pngfilt.dll
+ 2006-09-06 15:43:16 213,216 -c--a-w C:\WINDOWS\ie8\spuninst.exe
+ 2008-03-03 17:01:58 51,784 -c--a-w C:\WINDOWS\ie8\spuninst\iecustom.dll
+ 2008-01-11 08:35:36 213,216 -c--a-w C:\WINDOWS\ie8\spuninst\spuninst.exe
+ 2008-01-11 08:35:36 371,424 -c--a-w C:\WINDOWS\ie8\spuninst\updspapi.dll
+ 2008-03-01 13:06:29 105,984 -c--a-w C:\WINDOWS\ie8\url.dll
+ 2008-03-01 13:06:30 1,159,680 -c--a-w C:\WINDOWS\ie8\urlmon.dll
+ 2007-08-13 16:54:10 413,696 -c--a-w C:\WINDOWS\ie8\vbscript.dll
+ 2008-03-01 13:06:30 233,472 -c--a-w C:\WINDOWS\ie8\webcheck.dll
+ 2007-07-12 23:31:54 765,952 -c--a-w C:\WINDOWS\ie8\vgx.dll
+ 2007-08-13 16:45:16 206,336 -c--a-w C:\WINDOWS\ie8\winfxdocobj.exe
+ 2008-03-01 13:06:31 826,368 -c--a-w C:\WINDOWS\ie8\wininet.dll
+ 2006-10-27 12:04:08 497,504 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MORPH9.DLL
+ 2006-10-26 17:09:36 136,008 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PRTF9.DLL
+ 2006-10-27 12:04:06 624,456 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PTXT9.DLL
+ 2006-10-27 12:23:04 347,432 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WINWORD.EXE
- 2008-04-10 12:13:57 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-05-15 00:02:29 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-04-10 12:13:57 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-05-15 00:02:30 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-04-10 12:13:57 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-05-15 00:02:29 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-04-10 12:13:57 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-05-15 00:02:29 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-04-10 12:13:57 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-05-15 00:02:30 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-04-10 12:13:57 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-05-15 00:02:30 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-04-10 12:13:57 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-05-15 00:02:30 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-04-10 12:13:57 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-05-15 00:02:30 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-04-10 12:13:57 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-05-15 00:02:30 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-04-10 12:13:57 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-05-15 00:02:30 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-04-10 12:13:57 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-05-15 00:02:30 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-04-10 12:13:57 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-05-15 00:02:29 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2007-12-26 16:39:09 42,692 ----a-w C:\WINDOWS\nsreg.dat
+ 2008-05-15 18:31:38 42,692 ----a-w C:\WINDOWS\nsreg.dat
- 2007-08-13 16:39:20 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
+ 2008-03-03 16:51:50 69,120 ----a-w C:\WINDOWS\system32\admparse.dll
+ 2008-03-19 16:23:20 114,688 ----a-w C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
+ 2008-03-19 16:36:22 202,168 ----a-w C:\WINDOWS\system32\Adobe\Director\SwDir.dll
+ 2008-03-19 16:24:02 487,424 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Control.dll
+ 2008-03-19 15:46:26 1,798,144 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\dirapi.dll
+ 2008-03-19 16:24:04 9,216 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2008-03-19 15:36:14 754,688 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gi.dll
+ 2008-03-19 15:36:16 1,145,896 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gt.exe
+ 2008-03-19 15:36:14 52,288 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gtapi.dll
+ 2008-03-19 15:42:42 892,928 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\iml32.dll
+ 2008-03-19 16:22:34 249,856 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Plugin.dll
+ 2008-03-19 16:25:36 442,368 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Proj.dll
+ 2008-03-19 16:36:06 439,736 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1100429.exe
+ 2008-03-19 16:26:20 110,592 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwInit.exe
+ 2008-03-19 16:22:22 94,208 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2008-03-19 15:36:14 50,808 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 1999-06-25 07:55:30 149,504 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\UNWISE.EXE
- 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-03-03 16:51:42 126,464 ----a-w C:\WINDOWS\system32\advpack.dll
- 2008-03-29 17:45:49 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-05-15 23:24:43 1,152,888 ----a-w C:\WINDOWS\system32\aswBoot.exe
- 2008-03-29 17:23:22 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
+ 2008-05-15 23:12:36 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
- 2007-08-13 16:42:54 17,408 ----a-w C:\WINDOWS\system32\corpol.dll
+ 2008-03-03 16:52:20 17,920 ----a-w C:\WINDOWS\system32\corpol.dll
- 2007-08-13 16:39:20 71,680 -c--a-w C:\WINDOWS\system32\dllcache\admparse.dll
+ 2008-03-03 16:51:50 69,120 -c--a-w C:\WINDOWS\system32\dllcache\admparse.dll
- 2008-03-01 13:06:20 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-03-03 16:51:42 126,464 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
- 2007-08-13 16:42:54 17,408 -c--a-w C:\WINDOWS\system32\dllcache\corpol.dll
+ 2008-03-03 16:52:20 17,920 -c--a-w C:\WINDOWS\system32\dllcache\corpol.dll
- 2004-08-10 20:00:00 561,179 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
+ 2008-03-25 04:50:25 554,008 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
- 2008-03-01 13:06:21 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-03-03 16:50:34 345,600 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-03-01 13:06:21 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-03-03 16:50:30 212,992 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-08-13 16:18:02 60,416 -c--a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
+ 2008-03-03 16:46:02 68,096 -c--a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
- 2008-03-01 13:06:21 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-03-03 16:50:40 60,928 -c--a-w C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-02-29 08:55:23 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-03-03 16:51:52 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2008-03-01 13:06:21 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-03-03 16:51:56 119,808 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-03-01 13:06:21 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-03-03 16:52:04 224,768 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-03-03 16:51:50 149,504 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2007-07-01 03:31:33 2,455,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dat
+ 2008-02-07 14:48:08 3,670,112 -c--a-w C:\WINDOWS\system32\dllcache\ieapfltr.dat
- 2008-03-01 13:06:22 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-03-03 16:34:48 440,832 -c--a-w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-03-01 13:06:22 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-03-03 16:52:02 349,184 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-08-13 16:44:02 69,120 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2008-03-03 16:52:46 70,656 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2007-08-13 16:45:18 78,336 -c--a-w C:\WINDOWS\system32\dllcache\ieencode.dll
+ 2008-03-03 16:53:14 78,336 -c--a-w C:\WINDOWS\system32\dllcache\ieencode.dll
- 2008-03-01 13:06:24 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-03-03 17:01:22 8,016,384 -c--a-w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2007-08-13 16:54:10 191,488 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-03-03 17:01:22 184,320 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2008-03-01 13:06:24 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-03-03 16:51:46 44,032 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-03-01 13:06:25 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-03-03 16:50:38 268,800 -c--a-w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2007-08-13 16:39:12 55,296 -c--a-w C:\WINDOWS\system32\dllcache\iesetup.dll
+ 2008-03-03 16:51:48 69,120 -c--a-w C:\WINDOWS\system32\dllcache\iesetup.dll
- 2008-02-29 08:55:46 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-03-03 16:52:48 599,552 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-08-13 16:36:06 36,352 -c--a-w C:\WINDOWS\system32\dllcache\imgutil.dll
+ 2008-03-03 16:50:30 36,352 -c--a-w C:\WINDOWS\system32\dllcache\imgutil.dll
- 2007-08-13 16:39:02 92,672 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-03-03 16:51:46 94,208 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2007-08-13 16:38:04 491,520 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2008-03-03 16:51:38 557,056 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2008-03-01 13:06:25 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-03-03 17:01:22 28,672 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2007-08-13 16:44:18 40,960 -c--a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
+ 2008-03-03 16:52:54 41,984 -c--a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
- 2004-08-10 20:00:00 294,400 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll
+ 2008-02-26 11:59:50 294,912 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll
- 2004-08-10 20:00:00 512,029 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:28 518,944 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
- 2004-08-10 20:00:00 319,517 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
- 2008-03-01 13:06:26 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-03-03 17:01:22 585,728 -c--a-w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-03-01 13:06:26 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-03-03 17:01:22 52,224 -c--a-w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2007-08-13 16:32:30 45,568 -c--a-w C:\WINDOWS\system32\dllcache\mshta.exe
+ 2008-03-03 16:50:10 45,568 -c--a-w C:\WINDOWS\system32\dllcache\mshta.exe
- 2008-03-01 15:36:30 3,591,680 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-03-03 17:01:22 5,120,000 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-03-01 13:06:28 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-03-03 17:01:22 68,608 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-08-13 16:01:12 48,128 -c--a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
+ 2008-03-03 16:50:16 48,128 -c--a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
- 2004-08-10 20:00:00 1,507,356 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
- 2004-08-10 20:00:00 358,976 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-25 04:50:40 355,112 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
- 2004-08-10 20:00:00 151,583 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
+ 2008-03-27 08:12:54 151,583 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
- 2004-08-10 20:00:00 53,279 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 60,192 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
- 2004-08-10 20:00:00 241,693 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
- 2007-08-13 16:54:10 156,160 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
+ 2008-03-03 17:01:22 156,160 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
- 2004-08-10 20:00:00 213,023 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
+ 2008-03-25 04:50:44 219,936 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
- 2004-08-10 20:00:00 348,189 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
- 2008-03-01 13:06:28 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-03-03 16:52:58 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2004-08-10 20:00:00 421,919 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
- 2004-08-10 20:00:00 315,423 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
- 2004-08-10 20:00:00 552,989 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
- 2004-08-10 20:00:00 258,077 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
+ 2008-03-25 04:50:55 264,992 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
- 2008-03-01 13:06:29 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-03-03 17:01:22 629,248 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2004-08-10 20:00:00 831,519 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
- 2004-08-10 20:00:00 614,429 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
- 2004-08-10 20:00:00 348,189 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
- 2008-03-01 13:06:29 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-03-03 16:52:52 116,224 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-03-01 13:06:29 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-03-03 16:50:32 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-01-11 08:35:32 134,144 -c----w C:\WINDOWS\system32\dllcache\sqmapi.dll
- 2008-03-01 13:06:29 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-03-03 16:52:54 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
- 2008-03-01 13:06:30 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-03-03 17:01:22 1,188,352 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-08-13 16:54:10 413,696 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2008-03-03 17:01:22 434,176 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2008-03-01 13:06:30 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-03-03 17:01:22 233,984 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-07-12 23:31:54 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2008-03-03 17:01:22 755,200 -c--a-w C:\WINDOWS\system32\dllcache\VGX.dll
- 2008-03-01 13:06:31 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-03-03 17:01:22 830,464 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-03-29 17:26:52 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-05-15 23:13:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
- 2008-03-29 17:35:49 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
+ 2008-05-15 23:16:06 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
- 2008-03-29 17:35:21 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-05-15 23:18:33 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
- 2008-03-29 17:29:08 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-05-15 23:15:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
- 2008-03-29 17:31:34 75,856 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
+ 2008-05-15 23:20:32 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
- 2008-03-29 17:27:33 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2008-05-15 23:14:11 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
- 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-03-03 16:50:34 345,600 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-03-01 13:06:21 214,528 ------w C:\WINDOWS\system32\dxtrans.dll
+ 2008-03-03 16:50:30 212,992 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2004-05-18 18:16:42 39,936 ----a-w C:\WINDOWS\system32\huffyuv.dll
+ 1997-04-07 17:19:00 391,680 ----a-w C:\WINDOWS\system32\I263_32.drv
+ 1998-11-18 13:33:16 144,384 ----a-w C:\WINDOWS\system32\Iacenc.dll
- 2008-03-01 13:06:21 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-03-03 16:50:40 60,928 ----a-w C:\WINDOWS\system32\icardie.dll
- 2006-06-29 06:05:44 26,112 ------w C:\WINDOWS\system32\idndl.dll
+ 2008-01-11 08:35:16 26,112 ----a-w C:\WINDOWS\system32\idndl.dll
- 2008-02-29 08:55:23 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-03-03 16:51:52 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2008-03-01 13:06:21 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
+ 2008-03-03 16:51:56 119,808 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2008-03-01 13:06:21 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
+ 2008-03-03 16:52:04 224,768 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2008-02-15 05:44:25 161,792 ------w C:\WINDOWS\system32\ieakui.dll
+ 2008-03-03 16:51:50 149,504 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2007-07-01 03:31:33 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
+ 2008-02-07 14:48:08 3,670,112 ----a-w C:\WINDOWS\system32\ieapfltr.dat
- 2008-03-01 13:06:22 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-03-03 16:34:48 440,832 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-03-01 13:06:22 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-03-03 16:52:02 349,184 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2007-08-13 16:45:18 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
+ 2008-03-03 16:53:14 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
- 2008-03-01 13:06:24 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-03-03 17:01:22 8,016,384 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-08-13 16:54:10 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-03-03 17:01:22 184,320 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2008-03-01 13:06:24 44,544 ------w C:\WINDOWS\system32\iernonce.dll
+ 2008-03-03 16:51:46 44,032 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2008-03-01 13:06:25 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-03-03 16:50:38 268,800 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-03-03 17:01:22 142,848 ------w C:\WINDOWS\system32\IESetting.dll
- 2007-08-13 16:39:12 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2008-03-03 16:51:48 69,120 ----a-w C:\WINDOWS\system32\iesetup.dll
- 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-03-03 16:51:46 36,864 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2007-08-13 16:54:10 180,736 ------w C:\WINDOWS\system32\ieui.dll
+ 2008-03-03 17:01:22 181,248 ----a-w C:\WINDOWS\system32\ieui.dll
- 2007-08-13 16:36:06 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
+ 2008-03-03 16:50:30 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
- 2007-08-13 16:39:02 92,672 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-03-03 16:51:46 94,208 ----a-w C:\WINDOWS\system32\inseng.dll
- 2007-08-13 16:38:04 491,520 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2008-03-03 16:51:38 557,056 ----a-w C:\WINDOWS\system32\jscript.dll
- 2008-03-01 13:06:25 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
+ 2008-03-03 17:01:22 28,672 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2007-08-13 16:44:18 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
+ 2008-03-03 16:52:54 41,984 ----a-w C:\WINDOWS\system32\licmgr10.dll
- 2007-11-21 00:52:38 2,884,992 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2008-03-25 03:21:18 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
- 2007-11-21 00:52:40 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-03-25 03:21:20 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2008-01-19 08:03:48 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
+ 2008-05-03 10:31:01 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
- 2007-08-07 11:35:56 585,728 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Control.dll
+ 2008-03-14 20:29:22 581,632 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Control.dll
+ 2008-03-14 20:12:30 1,490,944 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\dirapiX.dll
- 2007-08-07 11:36:32 24,576 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\DynaPlayer.dll
+ 2008-03-14 20:29:58 24,576 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\DynaPlayer.dll
+ 2008-03-14 20:10:06 606,208 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\iml32X.dll
- 2007-08-07 11:35:22 339,968 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Plugin.dll
+ 2008-03-14 20:28:48 339,968 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Plugin.dll
- 2007-08-07 11:35:32 483,328 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\PluginPing.dll
+ 2008-03-14 20:28:56 475,136 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\PluginPing.dll
- 2007-08-07 11:28:38 180,224 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Proj.dll
+ 2008-03-14 20:21:52 180,224 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Proj.dll
- 2007-08-07 11:37:56 77,824 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe
+ 2008-03-14 20:31:28 77,824 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe
+ 2008-03-15 08:38:08 86,016 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwMenuX.dll
- 2007-08-07 11:37:58 98,304 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwOnce.dll
+ 2008-03-14 20:31:28 98,304 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwOnce.dll
- 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
- 2004-08-10 20:00:00 294,400 ----a-w C:\WINDOWS\system32\MSCTF.dll
+ 2008-02-26 11:59:50 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
- 2004-08-10 20:00:00 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll
- 2004-08-10 20:00:00 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll
- 2008-03-01 13:06:26 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-03-03 17:01:22 585,728 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2008-03-01 13:06:26 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-03-03 17:01:22 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2007-08-13 16:36:40 12,288 ------w C:\WINDOWS\system32\msfeedssync.exe
+ 2008-03-03 16:50:46 52,736 ----a-w C:\WINDOWS\system32\msfeedssync.exe
- 2007-08-13 16:32:30 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
+ 2008-03-03 16:50:10 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
- 2008-03-01 15:36:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-03-03 17:01:22 5,120,000 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-03-01 13:06:28 478,208 ------w C:\WINDOWS\system32\mshtmled.dll
+ 2008-03-03 17:01:22 68,608 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-08-13 16:01:12 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
+ 2008-03-03 16:50:16 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
- 2004-08-10 20:00:00 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll
- 2004-08-10 20:00:00 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
- 2004-08-10 20:00:00 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
+ 2008-03-27 08:12:54 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
- 2004-08-10 20:00:00 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll
- 2004-08-10 20:00:00 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll
- 2007-08-13 16:54:10 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
+ 2008-03-03 17:01:22 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
- 2004-08-10 20:00:00 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
- 2004-08-10 20:00:00 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll
- 2008-03-01 13:06:28 193,024 ------w C:\WINDOWS\system32\msrating.dll
+ 2008-03-03 16:52:58 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2004-08-10 20:00:00 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll
- 2004-08-10 20:00:00 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll
- 2004-08-10 20:00:00 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll
- 2004-08-10 20:00:00 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll
- 2008-03-01 13:06:29 671,232 ------w C:\WINDOWS\system32\mstime.dll
+ 2008-03-03 17:01:22 629,248 ----a-w C:\WINDOWS\system32\mstime.dll
- 2004-08-10 20:00:00 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll
- 2004-08-10 20:00:00 614,429 ----a-w C:\WINDOWS\system32\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
- 2004-08-10 20:00:00 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll
- 2006-06-28 15:59:26 24,576 ------w C:\WINDOWS\system32\nlsdl.dll
+ 2008-01-11 08:35:16 24,576 ----a-w C:\WINDOWS\system32\nlsdl.dll
- 2006-06-29 06:05:44 23,552 ------w C:\WINDOWS\system32\normaliz.dll
+ 2008-01-11 08:35:16 23,552 ----a-w C:\WINDOWS\system32\normaliz.dll
- 2008-03-01 13:06:29 102,912 ------w C:\WINDOWS\system32\occache.dll
+ 2008-03-03 16:52:52 116,224 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-03-03 16:50:32 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2008-04-20 14:21:16 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
+ 2008-05-14 18:13:30 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
+ 2007-09-04 16:56:10 164,352 ----a-w C:\WINDOWS\system32\unrar.dll
- 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-03-03 16:52:54 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-03-03 17:01:22 1,188,352 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-08-13 16:54:10 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2008-03-03 17:01:22 434,176 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2008-03-01 13:06:30 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-03-03 17:01:22 233,984 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2007-08-13 16:45:16 206,336 ------w C:\WINDOWS\system32\WinFXDocObj.exe
+ 2008-03-03 16:53:08 208,384 ----a-w C:\WINDOWS\system32\WinFXDocObj.exe
- 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-03-03 17:01:22 830,464 ----a-w C:\WINDOWS\system32\wininet.dll
- 2004-08-18 09:17:21 442,368 ----a-r C:\WINDOWS\system32\vp6vfw.dll
+ 2004-12-10 08:03:02 438,272 ----a-w C:\WINDOWS\system32\vp6vfw.dll
+ 2006-04-02 12:47:06 630,784 ----a-w C:\WINDOWS\system32\vp7vfw.dll
+ 2008-04-01 22:28:48 2,102,272 ----a-w C:\WINDOWS\system32\x264vfw.dll
- 2006-07-14 15:51:51 121,856 ------w C:\WINDOWS\system32\xmllite.dll
+ 2008-01-11 08:35:38 121,856 ----a-w C:\WINDOWS\system32\xmllite.dll
- 2004-01-24 22:00:00 70,656 ----a-w C:\WINDOWS\system32\yv12vfw.dll
+ 2004-01-25 16:18:44 217,088 ----a-w C:\WINDOWS\system32\yv12vfw.dll
- 2008-04-21 15:54:23 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_740.dat
+ 2008-06-12 18:45:40 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_740.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5ABBD91B-0215-2FE1-7A7E-753F05B40CB8}]
2007-12-27 02:32 1019904 --a------ C:\Program Files\BrowsingEnhancer\BrowsingEnhancer-2.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 23:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]
"LaunchApp"="Alaunch" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-12 01:19 7626752]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-12 01:19 86016]
"SkyTel"="SkyTel.EXE" [2006-05-16 05:04 2879488 C:\WINDOWS\SkyTel.exe]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 23:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 23:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 23:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 23:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 23:00 455168]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 23:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 09:01 437160]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 11:17 1241088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\Program Files\\TGTSoft\\StyleXP\\Logon\\CurrentLogon.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 2005-01-31 15:13 49152 C:\PROGRA~1\COMMON~1\stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Multi]
C:\Program Files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll 2005-04-17 15:36 90112 C:\Program Files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll 2001-12-20 23:34 24576 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2005-11-28 15:52 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll
"MSACM.VOXACM118"= vdk32118.acm
"MSACM.NSX83"= nsx83p32.acm
"MSACM.NSPAC"= NSPAC32.ACM
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"D:\\Program Files\\BitComet\\BitComet.exe"=
"D:\\Windows.old\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Soldat\\Soldat.exe"=
"D:\\Pelit\\Kokoversiot\\Wolfenstein - Enemy Territory\\ET.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\Pelit\\Kokoversiot\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"D:\\Pelit\\Kokoversiot\\Worms Armageddon\\WA.exe"=
"D:\\Pelit\\Kokoversiot\\Worms Armageddon\\Worms Armageddon.exe"=
"D:\\Pelit\\Kokoversiot\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Steam\\steamapps\\miikka_k\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"D:\\Pelit\\Kokoversiot\\TA - Kingdoms\\KINGDOMS.icd"=
"D:\\Pelit\\Kokoversiot\\FlatOut 2\\FlatOut2.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27370:TCP"= 27370:TCP:BitComet 27370 TCP
"27370:UDP"= 27370:UDP:BitComet 27370 UDP

R0 HFXP2;HFXP2;C:\WINDOWS\system32\DRIVERS\HFXP2.SYS [2006-11-30 23:21]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
R2 Multiplicity;Stardock Multiplicity;C:\Program Files\Stardock\ThinkDesk\Multiplicity\MULTISRV32.EXE [2005-04-17 15:37]
R3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 15:46]
S2 OODefrag;O&O Defrag;C:\WINDOWS\system32\oodag.exe [2002-02-08 12:15]
S3 imhidusb;Immersion's HID USB Driver;C:\WINDOWS\system32\DRIVERS\imhidusb.sys [2001-12-12 12:37]
S3 jgameenp;jgameenp;C:\DOCUME~1\MIN~1\LOCALS~1\Temp\jgameenp.sys []
S3 u2kg54;BUFFALO WLI-U2-KG54 Wireless LAN Adapter Service;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2004-06-22 04:15]
S3 XDva076;XDva076;C:\WINDOWS\system32\XDva076.sys []
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 11:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f3707da-e130-11db-9138-001921053f47}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-05-29 12:45:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-27 15:02:02 C:\WINDOWS\Tasks\chkdsk.job"
- C:\WINDOWS\system32\chkdsk.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-12 21:46:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\COMMON~1\stardock\SDMCP.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
.
**************************************************************************
.
Completion time: 2008-06-12 21:51:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-12 18:51:20
ComboFix2.txt 2008-04-21 15:59:36

Pre-Run: 5,960,454,144 bytes free
Post-Run: 6,036,377,600 bytes free

656 --- E O F --- 2008-05-29 12:03:01

 

Poista lisää poista sovelutuksestas

Mirar


Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.


Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

===============

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.

 

Tota Mirar:ii ei ollu siel..
ComboFix-loki:






ComboFix 08-06-10.5 - Minä 2008-06-13 18:42:34.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1384 [GMT 3:00]
Running from: C:\Documents and Settings\Minä\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Minä\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\WinNB57.dll
.

((((((((((((((((((((((((( Files Created from 2008-05-13 to 2008-06-13 )))))))))))))))))))))))))))))))
.

2008-06-02 22:45 . 2008-06-13 18:39 <DIR> d-------- C:\Program Files\FBrowsingAdvisor
2008-06-02 22:45 . 2008-06-02 22:45 <DIR> d-------- C:\Program Files\FBrowserAdvisor
2008-06-02 22:45 . 2008-06-07 12:12 <DIR> d-------- C:\Program Files\BrowsingEnhancer
2008-06-01 20:45 . 2008-06-01 22:04 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-06-01 20:38 . 2008-06-01 20:39 <DIR> d--h-c--- C:\WINDOWS\ie8
2008-05-18 12:25 . 2008-05-18 12:25 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-18 12:25 . 2008-03-21 23:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-18 12:25 . 2008-01-10 15:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-18 12:25 . 2008-04-01 00:25 682,496 --a------ C:\WINDOWS\system32\divx.dll
2008-05-18 12:25 . 2008-01-10 15:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-05-18 12:25 . 2008-03-21 23:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-05-18 12:25 . 2008-03-28 20:41 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-18 12:25 . 2007-07-10 19:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-05-15 21:31 . 2008-05-15 21:31 0 --a------ C:\WINDOWS\rasexit.INI
2008-05-15 21:31 . 2008-05-15 21:31 0 --a------ C:\WINDOWS\netscape.INI
2008-05-15 03:01 . 2008-06-13 16:06 1,374 --a------ C:\WINDOWS\imsins.BAK

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-18 10:19 --------- d-----w C:\Program Files\VideoLAN
2008-05-18 09:24 --------- d-----w C:\Program Files\ffdshow
2008-05-15 18:20 --------- d-----w C:\Program Files\EvilLyrics
2008-05-15 00:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-14 18:13 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-12 17:38 --------- d-----w C:\Program Files\uTorrent
2008-05-12 13:55 --------- d-----w C:\Program Files\LimeWire
2008-05-12 13:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-27 09:30 --------- d-----w C:\Program Files\Ganymede
2008-04-20 07:52 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-04-20 07:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-18 17:40 --------- d-----w C:\Program Files\Google
2008-04-18 12:54 --------- d-----w C:\Documents and Settings\Minõ\Application Data\Mozilla
2008-04-18 12:52 --------- d-----w C:\Program Files\mplayer
2008-04-14 14:02 --------- d-----w C:\Program Files\Nokia
2008-04-14 14:02 --------- d-----w C:\Program Files\Common Files\Nokia
2008-04-14 11:01 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2006-12-07 14:37 251 ----a-w C:\Program Files\wt3d.ini
.

((((((((((((((((((((((((((((( snapshot_2008-06-12_21.51.08.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-07 05:12:40 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll
+ 2008-05-07 05:04:15 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll
- 2008-06-12 18:45:34 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-13 15:45:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-14 11:01:02 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
- 2004-08-03 21:10:38 274,304 -c--a-w C:\WINDOWS\system32\dllcache\bthport.sys
+ 2008-04-14 11:01:02 272,128 -c--a-w C:\WINDOWS\system32\dllcache\bthport.sys
- 2007-10-29 22:35:13 1,287,680 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 04:55:40 1,288,192 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
- 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
- 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-10-29 22:35:13 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2008-05-07 04:55:40 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
- 2006-12-10 11:10:02 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-06-12 18:45:40 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_740.dat
+ 2008-06-13 15:45:20 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_740.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5ABBD91B-0215-2FE1-7A7E-753F05B40CB8}]
2007-12-27 02:32 1019904 --a------ C:\Program Files\BrowsingEnhancer\BrowsingEnhancer-2.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 23:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]
"LaunchApp"="Alaunch" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-12 01:19 7626752]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-12 01:19 86016]
"SkyTel"="SkyTel.EXE" [2006-05-16 05:04 2879488 C:\WINDOWS\SkyTel.exe]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 23:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 23:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 23:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 23:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 23:00 455168]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 23:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 09:01 437160]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 11:17 1241088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\Program Files\\TGTSoft\\StyleXP\\Logon\\CurrentLogon.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 2005-01-31 15:13 49152 C:\PROGRA~1\COMMON~1\stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Multi]
C:\Program Files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll 2005-04-17 15:36 90112 C:\Program Files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll 2001-12-20 23:34 24576 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2005-11-28 15:52 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll
"MSACM.VOXACM118"= vdk32118.acm
"MSACM.NSX83"= nsx83p32.acm
"MSACM.NSPAC"= NSPAC32.ACM
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"D:\\Program Files\\BitComet\\BitComet.exe"=
"D:\\Windows.old\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Soldat\\Soldat.exe"=
"D:\\Pelit\\Kokoversiot\\Wolfenstein - Enemy Territory\\ET.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\Pelit\\Kokoversiot\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"D:\\Pelit\\Kokoversiot\\Worms Armageddon\\WA.exe"=
"D:\\Pelit\\Kokoversiot\\Worms Armageddon\\Worms Armageddon.exe"=
"D:\\Pelit\\Kokoversiot\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Steam\\steamapps\\miikka_k\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"D:\\Pelit\\Kokoversiot\\TA - Kingdoms\\KINGDOMS.icd"=
"D:\\Pelit\\Kokoversiot\\FlatOut 2\\FlatOut2.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27370:TCP"= 27370:TCP:BitComet 27370 TCP
"27370:UDP"= 27370:UDP:BitComet 27370 UDP

R0 HFXP2;HFXP2;C:\WINDOWS\system32\DRIVERS\HFXP2.SYS [2006-11-30 23:21]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
R2 Multiplicity;Stardock Multiplicity;C:\Program Files\Stardock\ThinkDesk\Multiplicity\MULTISRV32.EXE [2005-04-17 15:37]
R3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 15:46]
S2 OODefrag;O&O Defrag;C:\WINDOWS\system32\oodag.exe [2002-02-08 12:15]
S3 imhidusb;Immersion's HID USB Driver;C:\WINDOWS\system32\DRIVERS\imhidusb.sys [2001-12-12 12:37]
S3 jgameenp;jgameenp;C:\DOCUME~1\MIN~1\LOCALS~1\Temp\jgameenp.sys []
S3 u2kg54;BUFFALO WLI-U2-KG54 Wireless LAN Adapter Service;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2004-06-22 04:15]
S3 XDva076;XDva076;C:\WINDOWS\system32\XDva076.sys []
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 11:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f3707da-e130-11db-9138-001921053f47}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-05-29 12:45:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-27 15:02:02 C:\WINDOWS\Tasks\chkdsk.job"
- C:\WINDOWS\system32\chkdsk.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-13 18:47:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\COMMON~1\stardock\SDMCP.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2008-06-13 18:51:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-13 15:51:25
ComboFix2.txt 2008-06-12 18:51:26
ComboFix3.txt 2008-04-21 15:59:36

Pre-Run: 5,927,669,760 bytes free
Post-Run: 5,919,981,568 bytes free

225 --- E O F --- 2008-06-13 13:07:14










Malwarebytes-loki:






Malwarebytes' Anti-Malware 1.17
Tietokantaversio: 853

20:32:19 13.6.2008
mbam-log-6-13-2008 (20-32-19).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 370568
Kulunut aika: 1 hour(s), 2 minute(s), 49 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 1
Saastuneita rekisteriavaimia: 5
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 3
Saastuneita tiedostoja: 8

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Unloaded module successfully.

Saastuneita rekisteriavaimia:
HKEY_CURRENT_USER\Software\Mirar (AdWare.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Delete on reboot.
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Minä\Start Menu\Programs\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

Saastuneita tiedostoja:
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Delete on reboot.
C:\Program Files\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Delete on reboot.
C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Minä\Start Menu\Programs\PlayMP3z\Run PlayMP3z.lnk (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

 

scannaa uusi hjt:n loki

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:05:22, on 13.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Stardock\ThinkDesk\Multiplicity\MULTISRV32.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=105563
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: WebBlinds - {4F92B827-1E56-4E30-A978-A17A7861A606} - C:\Program Files\Object Desktop\WebBlinds\WebBlinds.dll
O2 - BHO: BrowsingEnhancer - {5ABBD91B-0215-2FE1-7A7E-753F05B40CB8} - C:\Program Files\BrowsingEnhancer\BrowsingEnhancer-2.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: Multi - C:\Program Files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Stardock Multiplicity (Multiplicity) - Unknown owner - C:\Program Files\Stardock\ThinkDesk\Multiplicity\MULTISRV32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag (OODefrag) - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 10418 bytes

 

scannaa hjt:llä merkkaa paina Fix checked

O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)

===========

katos että avasti toimii

 

No se on ollu jo jonkun aikaa tälläne et pitää laittaa taustasuojaus käsin päälle ku se ei käynnisty koneen käynnistyessä niinkö ennen.. sit se on muutenki vähä outo. Pitäis varmaa asentaa uudellee...

 

joo asenna se uudelleen