Logfile of HijackThis v1.99.1 Scan saved at 0:43:33, on 4.8.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE C:\WINDOWS\system32\cisvc.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Microsoft LifeCam\MSCamSvc.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsqh.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsrw.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe C:\Program Files\HPQ\IAM\bin\asghost.exe C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\RocketDock\RocketDock.exe C:\PROGRA~1\ELISAT~1\ANTI-S~1\fsaw.exe C:\Program Files\Widgets\YahooWidgetEngine.exe C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE C:\Program Files\Widgets\YahooWidgetEngine.exe C:\Program Files\Widgets\YahooWidgetEngine.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\winlogon.exe C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\hjt\SCANNER.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wings2.net/index.php?page=servers R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Documents and Settings\Käyttäjä\Omat tiedostot\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Widgets\YahooWidgetEngine.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - Global Startup: Elisa Tietoturvapalvelu.lnk = C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\blockpopups.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O15 - Trusted Zone: http://*.mu-online.com O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161857316578 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - BackWeb Technologies Inc. - C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
Tarkista koneesi F-Securen online skannerilla Huom, skanneri toimii vain Internet Explorer selaimella * Lue sivun ohjeet huolella läpi * Klikkaa Start scanning * Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna * Klikkaa Accept * Klikkaa Custom Scan * Säädä asetukset seuraavasti o "Virus Scan Option" kohdasta valitse Scan whole system o "Other Scan Option" kohdasta valitse Scan All Files o Valitse Scan whole system for rootkits o Valitse Scan whole system for spyware o Laita ruksi kohtaan Scan inside archives o Varmista että Use advanced heuristics on valittuna * Klikkaa Start * Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu * Odota kärsivällisesti * Kun sakannaus on suoritettu, klikkaa Automatic cleaning * Klikkaa Show Report * Raportti aukeaa selaimessa, kopioi teksti kokonaan * Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle * Voit sulkea skannerin * Lähetä raportti viestiketjuusi ========== Loistava ohje tietokoneeen nopeuttamiseksi http://neko.1g.fi/ohje/hidastelua.html ========== Jos sinulla ei ole tätä java versiota (6.2): Vanha java saastuttaa helposti koneesi! Javan päivitys ja välimuistin tyhjennys: 1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa. 2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... ) Niissä pitäisi olla seuraava kuva vieressä: 3. Valitse kaikki entiset Java versiosi ja valitse Poista. 4. Asenna uusin Java päivitys seuraavasta linkistä.. 5. Käynnistä kone uudelleen asennuksen jälkeen: http://java.sun.com/javase/downloads/index.jsp tai http://www.filehippo.com/download_java_runtime/ Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u2 Paina Download Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se. 6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi). 7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia. (Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa. Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle). 8. Varmista että kaikki kaksi valintaa ovat rastitettuja: *Applications and Applets *Trace and Log Files Ja paina OK -nappia 9. Klikkaa OK "Temporary Files Settings" -ikkunassasi. 10. Klikkaa OK jättääksesi Java asetusikkunasi. ========== Lataa Deckard's System Scanner Työpöydällesi. Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman. [*]Sulje kaikki avoimet ikkunat ja ohjelmat. [*]Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita. [*]Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt [*]Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V ) [*]kopioi ja liitä Extra.txt & Main.txt sisältö seuraavaan vastaukseesi. myös F-securen raportti
Tuliki tuossa mieleen, että tuo dss oli vissiin minulla sitten saastunut tai jotain, mutta koneeni oma F-secure löys sen viruksena/worminä, ja tuo teki sen msn protokolla photo.zip-virusten lähettelyn, poistin sen koneelta...
Ok.. Lataa WinPFind3 http://download.bleepingcomputer.com/oldtimer/winpfind3u.exe työpöydällesi ja tuplaklikkaa exeä purkaaksesi sen. Kansio nimeltä WinPFind3u luodaan työpöydällesi. * Avaa WinPFind3u-kansio ja tuplaklikkaa WinPFind3U.exe käynnistääksesi ohjelman. o Files Created Within-kohdassa klikkaa30 days o Files Modified Within-kohdassa klikkaa30 days o File String Search -kohdassa klikkaaNon-Microsoft * Nyt klikkaa Run Scan-nappulaa työkalupalkissa. * Kun skanni on valmis, raportti avautuu muistioon. * Klikkaa Muotoile ja varmistu ettei automaattinen rivitys ole valittuna. Jos on, ota valinta pois. Lähetä loki seuraavassa vastauksessasi. Voit tarvita siihen useita vastauksia, ettei se jää vaillinaiseksi Tolla voit korvata sen ohjelman.. falsepositiveahan toi on palautetta vaan äffälle..
Ja, eikös tämä koneen F-secure aja samanasian kun tuo, tässä on rootkit ja vakoiluohjelmien tarkistaminen, otan aina: Suorita koneen täysitarkistus.
Winpfind3u: WinPFind3 logfile created on: 6.8.2007 17:27:25 WinPFind3U by OldTimer - Version 1.0.39 Folder = C:\Documents and Settings\Käyttäjä\Omat tiedostot\WinPFind3u\ Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) Internet Explorer (Version = 6.0.2900.2180) 503,36 Mb Total Physical Memory | 151,34 Mb Available Physical Memory | 30,07% Memory free 1,20 Gb Paging File | 0,81 Gb Available in Paging File | 67,15% Paging File free Paging file location(s): C:\pagefile.sys 756 1512; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 36,36 Gb Total Space | 11,84 Gb Free Space | 32,55% Space Free D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded Computer Name: LIUKKONEN Current User Name: Käyttäjä Logged in as Administrator. Current Boot Mode: Normal [Processes - Non-Microsoft Only] agrsmmsg.exe -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.59 2.1.59 08/24/2005 16:24:34 | Size = 88203 bytes | Modified Date = 30.1.2006 4:00:04 | Attr = ] asghost.exe -> %ProgramFiles%\HPQ\IAM\Bin\asghost.exe -> Cognizance Corporation [Ver = 1.5.0.035 | Size = 43008 bytes | Modified Date = 29.6.2005 22:06:54 | Attr = ] bcmwltry.exe -> %System32%\BCMWLTRY.EXE -> Broadcom Corporation [Ver = 4.10.47.0 | Size = 1093632 bytes | Modified Date = 19.1.2006 11:50:44 | Attr = ] dlactrlw.exe -> %System32%\DLA\DLACTRLW.EXE -> Sonic Solutions [Ver = 5.20.07a | Size = 122940 bytes | Modified Date = 31.8.2005 5:20:00 | Attr = ] fameh32.exe -> %ProgramFiles%\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE -> F-Secure Corporation [Ver = 6.05.8452 | Size = 270387 bytes | Modified Date = 26.10.2005 4:51:58 | Attr = ] fch32.exe -> %ProgramFiles%\Elisa Tietoturvapalvelu\Common\FCH32.EXE -> F-Secure Corporation [Ver = 6.05.8452 | Size = 65585 bytes | Modified Date = 26.10.2005 4:52:00 | Attr = ] firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.6: 2007072518 | Size = 7644520 bytes | Modified Date = 1.8.2007 12:06:16 | Attr = ] fsav32.exe -> %ProgramFiles%\Elisa Tietoturvapalvelu\Anti-Virus\FSAV32.exe -> F-Secure Corporation [Ver = 6.10.11370 | Size = 180224 bytes | Modified Date = 12.9.2005 20:43:28 | Attr = ] fsaw.exe -> %ProgramFiles%\Elisa Tietoturvapalvelu\Anti-Spyware\FSAW.exe -> F-Secure Corporation [Ver = 1.1.197 | Size = 86064 bytes | Modified Date = 22.8.2005 15:16:52 | Attr = ] fsbwsys.exe -> %ProgramFiles%\Elisa Tietoturvapalvelu\backweb\4119343\Program\fsbwsys.exe -> F-Secure Corp. [Ver = 6.90.881 | Size = 278581 bytes | Modified Date = 12.4.2007 20:16:28 | Attr = ] fsdfwd.exe -> %ProgramFiles%\Elisa Tietoturvapalvelu\FWES\program\fsdfwd.exe -> F-Secure Corporation [Ver = 5.91.210 | Size = 204863 bytes | Modified Date = 18.11.2005 18:03:56 | Attr = ] fsgk32.exe -> %ProgramFiles%\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32.exe -> F-Secure Corp. [Ver = 6.10.12200 | Size = 290304 bytes | Modified Date = 30.5.2007 12:46:40 | Attr = ] fsgk32st.exe -> %ProgramFiles%\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe -> F-Secure Corporation [Ver = 1.00.11280 | Size = 36947 bytes | Modified Date = 13.7.2005 17:43:48 | Attr = ] fsguidll.exe -> %ProgramFiles%\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe -> F-Secure Corporation [Ver = 6, 20, 350, 0 | Size = 233537 bytes | Modified Date = 18.10.2005 11:36:26 | Attr = ] fsm32.exe -> %ProgramFiles%\Elisa Tietoturvapalvelu\Common\FSM32.EXE -> F-Secure Corporation [Ver = 6.05.8452 | Size = 122929 bytes | Modified Date = 26.10.2005 4:51:58 | Attr = ] fsma32.exe -> %ProgramFiles%\Elisa Tietoturvapalvelu\Common\FSMA32.EXE -> F-Secure Corporation [Ver = 6.05.8452 | Size = 61490 bytes | Modified Date = 26.10.2005 4:51:58 | Attr = ] fsmb32.exe -> %ProgramFiles%\Elisa Tietoturvapalvelu\Common\FSMB32.EXE -> F-Secure Corporation [Ver = 6.05.8452 | Size = 180274 bytes | Modified Date = 26.10.2005 4:51:58 | Attr = ] fspex.exe -> %ProgramFiles%\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe -> BackWeb Technologies Inc. [Ver = Version 6.3.2 (Build 123R) | Size = 32807 bytes | Modified Date = 12.4.2007 20:16:24 | Attr = ] fsqh.exe -> %ProgramFiles%\Elisa Tietoturvapalvelu\Anti-Virus\fsqh.exe -> F-Secure Corporation [Ver = 6.00.11240 | Size = 32826 bytes | Modified Date = 13.6.2005 19:19:34 | Attr = ] fsrw.exe -> %ProgramFiles%\Elisa Tietoturvapalvelu\Anti-Virus\FSRW.exe -> F-Secure Corporation [Ver = 1.1.222 | Size = 159804 bytes | Modified Date = 3.10.2005 16:10:44 | Attr = ] fssm32.exe -> %ProgramFiles%\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe -> F-Secure Corp. [Ver = 6.10.12200 | Size = 248320 bytes | Modified Date = 30.5.2007 12:46:40 | Attr = ] googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 15.6.2007 3:49:22 | Attr = ] hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4543 | Size = 77824 bytes | Modified Date = 23.3.2006 15:13:40 | Attr = ] hp wireless assistant.exe -> %ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 5, 1 | Size = 454656 bytes | Modified Date = 14.2.2006 10:49:22 | Attr = ] hpqtoa~1.exe -> %ProgramFiles%\HPQ\Shared\HpqToaster.exe -> [Ver = 1, 0, 0, 7 | Size = 491606 bytes | Modified Date = 23.12.2005 13:44:26 | Attr = ] hpqwmiex.exe -> %ProgramFiles%\Hewlett-Packard\Shared\hpqwmiex.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 1, 9 | Size = 135168 bytes | Modified Date = 2.5.2006 15:41:28 | Attr = ] hpwuschd2.exe -> %ProgramFiles%\Hp\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 49152 bytes | Modified Date = 11.5.2005 23:12:54 | Attr = ] igfxpers.exe -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4543 | Size = 118784 bytes | Modified Date = 23.3.2006 15:17:50 | Attr = ] igfxsrvc.exe -> %System32%\igfxsrvc.exe -> Intel Corporation [Ver = 3.0.0.4543 | Size = 163840 bytes | Modified Date = 23.3.2006 15:13:30 | Attr = ] igfxtray.exe -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4543 | Size = 94208 bytes | Modified Date = 23.3.2006 15:17:04 | Attr = ] ispnews.exe -> %ProgramFiles%\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe -> F-Secure Corporation [Ver = 1, 0, 0, 14 | Size = 356352 bytes | Modified Date = 31.5.2005 15:45:06 | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12.7.2007 4:00:36 | Attr = ] lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.62.1 | Size = 73728 bytes | Modified Date = 18.12.2005 18:26:54 | Attr = ] pthosttr.exe -> %ProgramFiles%\HPQ\HP ProtectTools Security Manager\pthosttr.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 3, 3 | Size = 122880 bytes | Modified Date = 14.2.2006 11:56:08 | Attr = ] rocketdock.exe -> %ProgramFiles%\RocketDock\RocketDock.exe -> [Ver = | Size = 630784 bytes | Modified Date = 19.3.2007 0:05:02 | Attr = ] servic~1.exe -> %ProgramFiles%\Elisa Tietoturvapalvelu\backweb\4119343\Program\ServiceWrapper-4119343.exe -> BackWeb Technologies Inc. [Ver = Version 6.3.2 (Build 123R) | Size = 32807 bytes | Modified Date = 12.4.2007 20:16:24 | Attr = ] smax4pnp.exe -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> Analog Devices, Inc. [Ver = 6, 0, 0, 20 | Size = 925696 bytes | Modified Date = 20.5.2005 11:11:06 | Attr = ] syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.16.4 03Mar06 | Size = 761948 bytes | Modified Date = 3.3.2006 19:46:48 | Attr = ] winpfind3u.exe -> %UserDocuments%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 322048 bytes | Modified Date = 23.6.2007 15:15:54 | Attr = ] wltray.exe -> %System32%\WLTRAY.EXE -> Broadcom Corporation [Ver = 4.10.47.0 | Size = 1236992 bytes | Modified Date = 19.1.2006 11:50:50 | Attr = ] wltrysvc.exe -> %System32%\WLTRYSVC.EXE -> [Ver = | Size = 18944 bytes | Modified Date = 19.1.2006 11:50:50 | Attr = ] yahoowidgetengine.exe -> %ProgramFiles%\Widgets\YahooWidgetEngine.exe -> Yahoo! Inc. [Ver = 4.0.3 | Size = 2913840 bytes | Modified Date = 4.5.2007 22:39:42 | Attr = ] yahoowidgetengine.exe -> %ProgramFiles%\Widgets\YahooWidgetEngine.exe -> Yahoo! Inc. [Ver = 4.0.3 | Size = 2913840 bytes | Modified Date = 4.5.2007 22:39:42 | Attr = ] yahoowidgetengine.exe -> %ProgramFiles%\Widgets\YahooWidgetEngine.exe -> Yahoo! Inc. [Ver = 4.0.3 | Size = 2913840 bytes | Modified Date = 4.5.2007 22:39:42 | Attr = ] yahoowidgetengine.exe -> %ProgramFiles%\Widgets\YahooWidgetEngine.exe -> Yahoo! Inc. [Ver = 4.0.3 | Size = 2913840 bytes | Modified Date = 4.5.2007 22:39:42 | Attr = ] [Win32 Services - Non-Microsoft Only] (Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 28.5.2007 23:07:22 | Attr = ] (BackWeb Plug-in - 4119343) Elisa Tietoturvapalvelu [Win32_Own | Auto | Running] -> %ProgramFiles%\Elisa Tietoturvapalvelu\backweb\4119343\Program\ServiceWrapper-4119343.exe -> BackWeb Technologies Inc. [Ver = Version 6.3.2 (Build 123R) | Size = 32807 bytes | Modified Date = 12.4.2007 20:16:24 | Attr = ] (dmadmin) Loogisen levyn hallinnan valvontapalvelu [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 15.9.2004 15:00:00 | Attr = ] (F-Secure Gatekeeper Handler Starter) FSGKHS [Win32_Own | Auto | Running] -> %ProgramFiles%\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe -> F-Secure Corporation [Ver = 1.00.11280 | Size = 36947 bytes | Modified Date = 13.7.2005 17:43:48 | Attr = ] (FSBWSYS) FSBWSYS [Win32_Own | Auto | Running] -> %ProgramFiles%\Elisa Tietoturvapalvelu\backweb\4119343\Program\fsbwsys.exe -> F-Secure Corp. [Ver = 6.90.881 | Size = 278581 bytes | Modified Date = 12.4.2007 20:16:28 | Attr = ] (FSDFWD) F-Secure Anti-Virus Firewall Daemon [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Elisa Tietoturvapalvelu\FWES\program\fsdfwd.exe -> F-Secure Corporation [Ver = 5.91.210 | Size = 204863 bytes | Modified Date = 18.11.2005 18:03:56 | Attr = ] (FSMA) F-Secure Management Agent [Win32_Own | Auto | Running] -> %ProgramFiles%\Elisa Tietoturvapalvelu\Common\FSMA32.EXE -> F-Secure Corporation [Ver = 6.05.8452 | Size = 61490 bytes | Modified Date = 26.10.2005 4:51:58 | Attr = ] (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 21.4.2007 22:14:22 | Attr = ] (hpqwmiex) hpqwmiex [Win32_Own | Auto | Running] -> %ProgramFiles%\Hewlett-Packard\Shared\hpqwmiex.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 1, 9 | Size = 135168 bytes | Modified Date = 2.5.2006 15:41:28 | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4.4.2005 0:41:10 | Attr = ] (idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found (LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.62.1 | Size = 73728 bytes | Modified Date = 18.12.2005 18:26:54 | Attr = ] (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Stopped] -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 29.9.2004 12:14:36 | Attr = ] (Service_Desktop) Desktop [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Free-Soft\Virtual Desktop\Desktop.exe -> File not found (wltrysvc) Broadcom Wireless LAN Tray Service [Win32_Own | Auto | Running] -> %System32%\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe -> File not found [Registry - Non-Microsoft Only] < Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AGRSMMSG -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.59 2.1.59 08/24/2005 16:24:34 | Size = 88203 bytes | Modified Date = 30.1.2006 4:00:04 | Attr = ] Broadcom Wireless Manager UI -> %System32%\WLTRAY.EXE -> Broadcom Corporation [Ver = 4.10.47.0 | Size = 1236992 bytes | Modified Date = 19.1.2006 11:50:50 | Attr = ] CognizanceTS -> %ProgramFiles%\HPQ\IAM\Bin\AsTsVcc.dll [rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule] -> Cognizance Corporation [Ver = 1.0.0.008 | Size = 17920 bytes | Modified Date = 22.12.2003 21:12:00 | Attr = ] Cpqset -> %ProgramFiles%\HPQ\Default Settings\Cpqset.exe -> [Ver = | Size = 172094 bytes | Modified Date = 26.1.2006 14:35:10 | Attr = ] DLA -> %System32%\DLA\DLACTRLW.EXE -> Sonic Solutions [Ver = 5.20.07a | Size = 122940 bytes | Modified Date = 31.8.2005 5:20:00 | Attr = ] F-Secure Manager -> %ProgramFiles%\Elisa Tietoturvapalvelu\Common\FSM32.EXE -> F-Secure Corporation [Ver = 6.05.8452 | Size = 122929 bytes | Modified Date = 26.10.2005 4:51:58 | Attr = ] F-Secure Startup Wizard -> %ProgramFiles%\Elisa Tietoturvapalvelu\FSGUI\fssw.exe -> F-Secure Corporation [Ver = 1, 0, 37, 1 | Size = 372736 bytes | Modified Date = 18.10.2005 11:29:10 | Attr = ] F-Secure TNB -> %ProgramFiles%\Elisa Tietoturvapalvelu\TNB\tnbutil.exe -> F-Secure Corporation [Ver = 1.09.5050 | Size = 700416 bytes | Modified Date = 18.7.2005 17:51:18 | Attr = ] HP Software Update -> %ProgramFiles%\Hp\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 49152 bytes | Modified Date = 11.5.2005 23:12:54 | Attr = ] hpWirelessAssistant -> %ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 5, 1 | Size = 454656 bytes | Modified Date = 14.2.2006 10:49:22 | Attr = ] igfxhkcmd -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4543 | Size = 77824 bytes | Modified Date = 23.3.2006 15:13:40 | Attr = ] igfxpers -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4543 | Size = 118784 bytes | Modified Date = 23.3.2006 15:17:50 | Attr = ] igfxtray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4543 | Size = 94208 bytes | Modified Date = 23.3.2006 15:17:04 | Attr = ] News Service -> %ProgramFiles%\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe -> F-Secure Corporation [Ver = 1, 0, 0, 14 | Size = 356352 bytes | Modified Date = 31.5.2005 15:45:06 | Attr = ] PTHOSTTR -> %ProgramFiles%\HPQ\HP ProtectTools Security Manager\pthosttr.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 3, 3 | Size = 122880 bytes | Modified Date = 14.2.2006 11:56:08 | Attr = ] QuickTime Task -> %UserDocuments%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 29.6.2007 6:24:52 | Attr = ] SoundMAX -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4.exe -> Analog Devices, Inc. [Ver = 5, 2, 0, 8 | Size = 716800 bytes | Modified Date = 6.5.2005 14:06:12 | Attr = ] SoundMAXPnP -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> Analog Devices, Inc. [Ver = 6, 0, 0, 20 | Size = 925696 bytes | Modified Date = 20.5.2005 11:11:06 | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12.7.2007 4:00:36 | Attr = ] SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.16.4 03Mar06 | Size = 761948 bytes | Modified Date = 3.3.2006 19:46:48 | Attr = ] WatchDog -> %ProgramFiles%\InterVideo\DVD Check\DVDCheck.exe -> InterVideo Inc. [Ver = 1, 0, 0, 8 | Size = 184320 bytes | Modified Date = 8.11.2005 11:59:20 | Attr = ] < Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> RocketDock -> %ProgramFiles%\RocketDock\RocketDock.exe -> [Ver = | Size = 630784 bytes | Modified Date = 19.3.2007 0:05:02 | Attr = ] swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 15.6.2007 3:49:22 | Attr = ] < Common Startup > -> C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys -> %AllUsersStartup%\Elisa Tietoturvapalvelu.lnk -> %ProgramFiles%\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe -> BackWeb Technologies Inc. [Ver = Version 6.3.2 (Build 123R) | Size = 32807 bytes | Modified Date = 12.4.2007 20:16:24 | Attr = ] < User Startup > -> C:\Documents and Settings\Käyttäjä\Käynnistä-valikko\Ohjelmat\Käynnistys -> %UserStartup%\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 16.3.2005 19:16:50 | Attr = ] %UserStartup%\Yahoo! Widget Engine.lnk -> %ProgramFiles%\Widgets\YahooWidgetEngine.exe -> Yahoo! Inc. [Ver = 4.0.3 | Size = 2913840 bytes | Modified Date = 4.5.2007 22:39:42 | Attr = ] < SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> igfxcui -> %System32%\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4543 | Size = 139264 bytes | Modified Date = 23.3.2006 15:12:42 | Attr = ] OneCard -> %ProgramFiles%\HPQ\IAM\Bin\AsWlnPkg.dll -> Cognizance Corporation [Ver = 1.5.0.037 | Size = 40960 bytes | Modified Date = 25.7.2005 21:41:50 | Attr = ] < CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoComponents -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoViewOnDrive -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLogoff -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCloseDragDropBands -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoMovingBands -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktopCleanupWizard -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSaveSettings -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceActiveDesktopOn -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoWindowsUpdate -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\StartMenuLogOff -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoTrayItemsDisplay -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\EditLevel -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRun -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoClose -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFileMenu -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCommonGroups -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictCpl\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegedit -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoFind -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoRun -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDesktop -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoControlPanel -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoClose -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\StartMenuLogOff -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideClock -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Windows Update\ -> -> < HOSTS File > (665 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 127.0.0.1 localhost -> -> < Internet Explorer Settings > -> -> HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKLM: Main\\Default_Search_URL -> http://www.google.com/ie -> HKLM: Local Page -> %SystemRoot%\system32\blank.htm -> HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKLM: Search\\Default_Search_URL -> http://www.google.com/ie -> HKLM: SearchAssistant -> http://www.google.com/ie -> HKCU: Local Page -> C:\WINDOWS\system32\blank.htm -> HKCU: Search Bar -> http://www.google.com/ie -> HKCU: Search Page -> http://www.google.com -> HKCU: Start Page -> http://wings2.net/index.php?page=servers -> HKCU: Search\\Default_Search_URL -> http://www.google.com/ie -> HKCU: SearchAssistant -> http://www.google.com/ie -> HKCU: ProxyEnable -> 0 -> < Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> msn.com [ - ] -> -> < Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> mu-online.com [http] -> -> < BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 63136 bytes | Modified Date = 23.9.2005 20:12:08 | Attr = ] {5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> %System32%\DLA\DLASHX_W.DLL [DriveLetterAccess] -> Sonic Solutions [Ver = 5.20.07a | Size = 110652 bytes | Modified Date = 31.8.2005 5:20:00 | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 12.7.2007 4:00:36 | Attr = ] {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar3.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2423872 bytes | Modified Date = 19.1.2007 23:56:02 | Attr = R ] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 15.6.2007 3:49:20 | Attr = ] {DF21F1DB-80C6-11D3-9483-B03D0EC10000} [HKLM] -> %ProgramFiles%\HPQ\IAM\Bin\ItIeAddIN.dll [HP Credential Manager for ProtectTools] -> Infineon Technologies AG [Ver = 1.01.069 | Size = 50688 bytes | Modified Date = 3.3.2005 5:35:00 | Attr = ] < Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2423872 bytes | Modified Date = 19.1.2007 23:56:02 | Attr = R ] < Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2423872 bytes | Modified Date = 19.1.2007 23:56:02 | Attr = R ] WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2423872 bytes | Modified Date = 19.1.2007 23:56:02 | Attr = R ] WebBrowser\\{B9D1647F-A66A-4695-B249-07901A45FF59} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found < Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12.7.2007 4:00:36 | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 12.7.2007 4:00:36 | Attr = ] {300DB664-75B5-47c0-8B45-A44ACCF73C00} -> Reg Data - Value does not exist [ButtonText: IE-suojaus] -> File not found < Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &Estä tämä kohoikkuna -> %ProgramFiles%\Elisa Tietoturvapalvelu\Anti-Spyware\blockpopups.htm -> [Ver = | Size = 380 bytes | Modified Date = 18.11.2004 15:51:56 | Attr = ] < User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> SV1 -> -> < DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {0661173D-1330-4611-A0DA-8E0EF356792D} -> (Broadcom 802.11b/g WLAN) -> {7FA89AB6-6C4B-4B5B-AB65-76407D0DEC7F} -> (1394-verkkosovitin) -> {8E86851C-CC1C-4526-A1D8-78068D15816F} -> (Broadcom 440x 10/100 Integrated Controller) -> {CF0B94BC-F6DC-47B1-A599-7B98FB3CCBF4} -> () -> < Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp -> Reg Data - Key not found -> File not found msdaipp -> Reg Data - Key not found -> File not found < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {0B79F48A-E8D6-11DB-9283-E25056D89593} -> - CodeBase = http://support.f-secure.com/ols/fscax.cab -> {166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab -> {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -> Installation Support - CodeBase = C:\Program Files\Yahoo!\Common\Yinsthelper.dll -> {33564D57-0000-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161857316578 -> {8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -> - CodeBase = http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab -> [Files/Folders - Created Within 30 days] AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT -> [Ver = | Size = 0 bytes | Created Date = 10.7.2007 19:51:48 | Attr = ] CONFIG.SYS -> %SystemDrive%\CONFIG.SYS -> [Ver = | Size = 0 bytes | Created Date = 10.7.2007 19:51:48 | Attr = ] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 17.7.2007 11:48:38 | Attr = ] Downloads -> %SystemDrive%\Downloads -> [Folder | Created Date = 28.7.2007 17:05:48 | Attr = ] HeavensGlow-v2.lev -> %SystemDrive%\HeavensGlow-v2.lev -> [Ver = | Size = 2780447 bytes | Created Date = 25.7.2007 1:19:39 | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 527880192 bytes | Created Date = 2.1.1601 22:00:00 | Attr = HS] img2-001.raw -> %SystemDrive%\img2-001.raw -> [Ver = | Size = 230424 bytes | Created Date = 13.7.2007 13:15:26 | Attr = ] Kaspersky -> %SystemDrive%\Kaspersky -> [Folder | Created Date = 28.7.2007 16:59:35 | Attr = ] Recovery -> %SystemDrive%\Recovery -> [Folder | Created Date = 24.7.2007 0:05:46 | Attr = ] WUTemp -> %SystemDrive%\WUTemp -> [Folder | Created Date = 24.7.2007 0:03:19 | Attr = ] bcm2AB.tmp -> %SystemRoot%\bcm2AB.tmp -> Broadcom Corporation [Ver = 4.10.47.0 | Size = 667648 bytes | Created Date = 21.7.2007 23:40:23 | Attr = ] bcm2AC.tmp -> %SystemRoot%\bcm2AC.tmp -> Broadcom Corporation [Ver = 4.10.47.0 | Size = 122880 bytes | Created Date = 21.7.2007 23:39:59 | Attr = ] bcm2AD.tmp -> %SystemRoot%\bcm2AD.tmp -> Broadcom Corporation [Ver = 4.10.47.0 | Size = 176128 bytes | Created Date = 21.7.2007 23:39:54 | Attr = ] bcm2D.tmp -> %SystemRoot%\bcm2D.tmp -> Broadcom Corporation [Ver = 4.10.47.0 | Size = 667648 bytes | Created Date = 21.7.2007 23:40:23 | Attr = ] bcm2E.tmp -> %SystemRoot%\bcm2E.tmp -> [Ver = | Size = 86016 bytes | Created Date = 21.7.2007 23:39:54 | Attr = ] bcm2F.tmp -> %SystemRoot%\bcm2F.tmp -> Broadcom Corporation [Ver = 4.10.47.0 | Size = 122880 bytes | Created Date = 21.7.2007 23:39:59 | Attr = ] bcm30.tmp -> %SystemRoot%\bcm30.tmp -> Broadcom Corporation [Ver = 4.10.47.0 | Size = 176128 bytes | Created Date = 21.7.2007 23:39:54 | Attr = ] bcm31.tmp -> %SystemRoot%\bcm31.tmp -> Broadcom Corporation [Ver = 4.10.47.0 | Size = 2985984 bytes | Created Date = 21.7.2007 23:39:55 | Attr = ] bcm32.tmp -> %SystemRoot%\bcm32.tmp -> BCGSoft Ltd [Ver = 7, 31, 0, 0 | Size = 2129920 bytes | Created Date = 21.7.2007 23:39:54 | Attr = ] biwlanappxpver.dll -> %SystemRoot%\biwlanappxpver.dll -> hp [Ver = 5, 0, 0, 1 | Size = 32768 bytes | Created Date = 21.7.2007 23:40:41 | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 17.7.2007 11:49:59 | Attr = ] iPlayer.INI -> %SystemRoot%\iPlayer.INI -> [Ver = | Size = 0 bytes | Created Date = 2.8.2007 19:12:09 | Attr = ] LastGood -> %SystemRoot%\LastGood -> [Folder | Created Date = 6.8.2007 14:27:09 | Attr = ] mozregistry.dat -> %SystemRoot%\mozregistry.dat -> [Ver = | Size = 335 bytes | Created Date = 1.8.2007 4:02:49 | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 69 bytes | Created Date = 8.7.2007 17:39:06 | Attr = ] Offline Web Pages -> %SystemRoot%\Offline Web Pages -> [Folder | Created Date = 21.7.2007 1:42:44 | Attr = R ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 10.7.2007 19:58:14 | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 4.8.2007 19:01:32 | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 4.8.2007 19:01:32 | Attr = H ] SETDE.tmp -> %SystemRoot%\SETDE.tmp -> [Ver = | Size = 1014139 bytes | Created Date = 10.7.2007 19:42:58 | Attr = R ] SETE1.tmp -> %SystemRoot%\SETE1.tmp -> [Ver = | Size = 1086058 bytes | Created Date = 10.7.2007 19:43:00 | Attr = R ] SETED.tmp -> %SystemRoot%\SETED.tmp -> [Ver = | Size = 14043 bytes | Created Date = 10.7.2007 19:43:02 | Attr = R ] setup.pss -> %SystemRoot%\setup.pss -> [Folder | Created Date = 10.7.2007 19:29:30 | Attr = ] setupapi.old -> %SystemRoot%\setupapi.old -> [Ver = | Size = 3311 bytes | Created Date = 9.7.2007 16:03:54 | Attr = ] SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Created Date = 14.7.2007 2:54:35 | Attr = ] WFTPSRV.INI -> %SystemRoot%\WFTPSRV.INI -> [Ver = | Size = 121 bytes | Created Date = 27.7.2007 17:59:45 | Attr = ] WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest -> [Ver = | Size = 749 bytes | Created Date = 10.7.2007 19:50:22 | Attr = RH ] Mozilla Firefox.job -> %SystemRoot%\tasks\Mozilla Firefox.job -> [Ver = | Size = 324 bytes | Created Date = 22.7.2007 2:13:42 | Attr = ] Scheduled scanning task.job -> %SystemRoot%\tasks\Scheduled scanning task.job -> [Ver = | Size = 568 bytes | Created Date = 10.7.2007 20:57:49 | Attr = ] Tarkista kansio virusten varalta.job -> %SystemRoot%\tasks\Tarkista kansio virusten varalta.job -> [Ver = | Size = 330 bytes | Created Date = 27.7.2007 20:48:40 | Attr = ] bcm1xsup(2).dll -> %System32%\bcm1xsup(2).dll -> [Ver = | Size = 757760 bytes | Created Date = 21.7.2007 23:39:55 | Attr = ] bcm1xsup.dll -> %System32%\bcm1xsup.dll -> [Ver = | Size = 757760 bytes | Created Date = 21.7.2007 23:39:55 | Attr = ] BCMLogon.dll -> %System32%\BCMLogon.dll -> Broadcom Corporation [Ver = 4.10.47.0 | Size = 667648 bytes | Created Date = 21.7.2007 23:40:23 | Attr = ] BCMWLCPL.CPL -> %System32%\BCMWLCPL.CPL -> Broadcom Corporation [Ver = 4.10.47.0 | Size = 2985984 bytes | Created Date = 21.7.2007 23:39:55 | Attr = ] bcmwlpkt(2).dll -> %System32%\bcmwlpkt(2).dll -> CACE Technologies [Ver = 3, 1, 0, 27 | Size = 69632 bytes | Created Date = 21.7.2007 23:39:59 | Attr = ] bcmwlpkt.dll -> %System32%\bcmwlpkt.dll -> CACE Technologies [Ver = 3, 1, 0, 27 | Size = 69632 bytes | Created Date = 21.7.2007 23:39:59 | Attr = ] BCMWLTRY(2).EXE -> %System32%\BCMWLTRY(2).EXE -> Broadcom Corporation [Ver = 4.10.47.0 | Size = 1093632 bytes | Created Date = 21.7.2007 23:39:54 | Attr = ] BCMWLTRY.EXE -> %System32%\BCMWLTRY.EXE -> Broadcom Corporation [Ver = 4.10.47.0 | Size = 1093632 bytes | Created Date = 21.7.2007 23:39:54 | Attr = ] bcmwlu00.exe -> %System32%\bcmwlu00.exe -> Broadcom Corporation [Ver = 4.10.47.0 | Size = 176128 bytes | Created Date = 21.7.2007 23:39:54 | Attr = ] CatRoot2 -> %System32%\CatRoot2 -> [Folder | Created Date = 21.7.2007 1:41:49 | Attr = ] cmmgr32.GID -> %System32%\cmmgr32.GID -> [Ver = | Size = 8628 bytes | Created Date = 21.7.2007 2:14:31 | Attr = H ] eppgpl8k.dll -> %System32%\eppgpl8k.dll -> Hewlett-Packard [Ver = 1.27 | Size = 471040 bytes | Created Date = 22.7.2007 15:50:22 | Attr = ] eppgplus.dll -> %System32%\eppgplus.dll -> Hewlett-Packard [Ver = 1.27 | Size = 471040 bytes | Created Date = 22.7.2007 15:50:22 | Attr = ] epppflex.dll -> %System32%\epppflex.dll -> Hewlett-Packard [Ver = 1.26 | Size = 163840 bytes | Created Date = 22.7.2007 15:50:22 | Attr = ] gpa.dll -> %System32%\gpa.dll -> Hewlett-Packard [Ver = 1.39 | Size = 69632 bytes | Created Date = 22.7.2007 15:50:21 | Attr = ] gparm.dll -> %System32%\gparm.dll -> Hewlett-Packard [Ver = 1.44 | Size = 57344 bytes | Created Date = 22.7.2007 15:50:21 | Attr = ] gpatools.dll -> %System32%\gpatools.dll -> Hewlett-Packard [Ver = 1.60 | Size = 139264 bytes | Created Date = 22.7.2007 15:50:21 | Attr = ] hp-common-msg.dll -> %System32%\hp-common-msg.dll -> Hewlett-Packard [Ver = 1.60 | Size = 12288 bytes | Created Date = 22.7.2007 15:50:21 | Attr = ] HPZc3212.dll -> %System32%\HPZc3212.dll -> Hewlett-Packard Co. [Ver = 9, 0, 0, 0 | Size = 274432 bytes | Created Date = 22.7.2007 11:40:05 | Attr = R ] HPZidr12.dll -> %System32%\HPZidr12.dll -> HP [Ver = 9, 0, 0, 0 | Size = 278584 bytes | Created Date = 22.7.2007 11:59:04 | Attr = ] HPZinw12.exe -> %System32%\HPZinw12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 61440 bytes | Created Date = 22.7.2007 11:59:04 | Attr = ] HPZipm12.exe -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Created Date = 22.7.2007 11:59:04 | Attr = ] HPZipr12.dll -> %System32%\HPZipr12.dll -> HP [Ver = 9, 0, 0, 0 | Size = 204800 bytes | Created Date = 22.7.2007 11:59:04 | Attr = ] HPZipt12.dll -> %System32%\HPZipt12.dll -> HP [Ver = 9, 0, 0, 0 | Size = 94208 bytes | Created Date = 22.7.2007 11:59:04 | Attr = ] HPZisn12.dll -> %System32%\HPZisn12.dll -> HP [Ver = 9, 0, 0, 0 | Size = 57344 bytes | Created Date = 22.7.2007 11:59:04 | Attr = ] igfxres.dll -> %System32%\igfxres.dll -> Intel Corporation [Ver = 3.0.0.4543 | Size = 143360 bytes | Created Date = 11.7.2007 18:04:05 | Attr = ] ImagX7.dll -> %System32%\ImagX7.dll -> Pegasus Imaging Corp. [Ver = 7.0.46.0 | Size = 1568768 bytes | Created Date = 7.7.2007 23:09:09 | Attr = ] ImagXpr7.dll -> %System32%\ImagXpr7.dll -> Pegasus Imaging Corp. [Ver = 7.0.46.0 | Size = 476320 bytes | Created Date = 7.7.2007 23:09:10 | Attr = ] ImagXR7.dll -> %System32%\ImagXR7.dll -> Pegasus Imaging Corp. [Ver = 7.0.476.0 | Size = 262144 bytes | Created Date = 7.7.2007 23:09:10 | Attr = ] ImagXRA7.dll -> %System32%\ImagXRA7.dll -> Pegasus Imaging Corp. [Ver = 7.0.476.0 | Size = 471040 bytes | Created Date = 7.7.2007 23:09:10 | Attr = ] java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 135168 bytes | Created Date = 29.7.2007 3:21:19 | Attr = ] javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 135168 bytes | Created Date = 29.7.2007 3:21:19 | Attr = ] javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 139264 bytes | Created Date = 29.7.2007 3:21:19 | Attr = ] lame_enc.dll -> %System32%\lame_enc.dll -> [Ver = | Size = 120832 bytes | Created Date = 4.8.2007 2:20:18 | Attr = ] logonui.exe.manifest -> %System32%\logonui.exe.manifest -> [Ver = | Size = 488 bytes | Created Date = 10.7.2007 19:50:30 | Attr = RH ] msgeppg1.dll -> %System32%\msgeppg1.dll -> Hewlett-Packard [Ver = 1.27 | Size = 36864 bytes | Created Date = 22.7.2007 15:50:22 | Attr = ] ncpa.cpl.manifest -> %System32%\ncpa.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 10.7.2007 19:50:22 | Attr = RH ] NCTAudioFile.dll -> %System32%\NCTAudioFile.dll -> NCT Company [Ver = 1, 7, 6, 0 | Size = 491520 bytes | Created Date = 4.8.2007 2:20:18 | Attr = ] NCTAudioInformation2.dll -> %System32%\NCTAudioInformation2.dll -> NCT Company Ltd. [Ver = 2, 1, 2, 0 | Size = 573440 bytes | Created Date = 4.8.2007 2:20:18 | Attr = ] NCTWMAFile.dll -> %System32%\NCTWMAFile.dll -> NCT Company [Ver = 1, 7, 6, 0 | Size = 143872 bytes | Created Date = 4.8.2007 2:20:18 | Attr = ] NCTWMAFile2.dll -> %System32%\NCTWMAFile2.dll -> NCT Company Ltd. [Ver = 2, 1, 3, 0 | Size = 286720 bytes | Created Date = 4.8.2007 2:20:19 | Attr = ] NeroCheck.exe -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Created Date = 7.7.2007 23:09:03 | Attr = ] picn20.dll -> %System32%\picn20.dll -> Pegasus Imaging Corp. [Ver = 1.0.0.54 | Size = 38912 bytes | Created Date = 7.7.2007 23:09:08 | Attr = ] preflib.dll -> %System32%\preflib.dll -> [Ver = | Size = 86016 bytes | Created Date = 21.7.2007 23:39:54 | Attr = ] sapi.cpl.manifest -> %System32%\sapi.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 10.7.2007 19:50:22 | Attr = RH ] scagpl8k.dll -> %System32%\scagpl8k.dll -> Hewlett-Packard [Ver = 1.27 | Size = 65536 bytes | Created Date = 22.7.2007 15:50:22 | Attr = ] scagplus.dll -> %System32%\scagplus.dll -> Hewlett-Packard [Ver = 1.27 | Size = 65536 bytes | Created Date = 22.7.2007 15:50:22 | Attr = ] scapflex.dll -> %System32%\scapflex.dll -> Hewlett-Packard [Ver = 1.26 | Size = 94208 bytes | Created Date = 22.7.2007 15:50:22 | Attr = ] spxcoins.dll -> %System32%\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 10.7.2007 19:43:17 | Attr = ] std201mt.dll -> %System32%\std201mt.dll -> [Ver = | Size = 24576 bytes | Created Date = 22.7.2007 15:50:21 | Attr = ] TwnLib20.dll -> %System32%\TwnLib20.dll -> Pegasus Software [Ver = 2.02.010 | Size = 106496 bytes | Created Date = 7.7.2007 23:09:15 | Attr = ] TwnLib4.dll -> %System32%\TwnLib4.dll -> Pegasus Imaging Corp. [Ver = 4.0.14.0 | Size = 364544 bytes | Created Date = 7.7.2007 23:09:10 | Attr = ] WLBCGCBPRO731.DLL -> %System32%\WLBCGCBPRO731.DLL -> BCGSoft Ltd [Ver = 7, 31, 0, 0 | Size = 2129920 bytes | Created Date = 21.7.2007 23:39:54 | Attr = ] WLTRAY(2).EXE -> %System32%\WLTRAY(2).EXE -> Broadcom Corporation [Ver = 4.10.47.0 | Size = 1236992 bytes | Created Date = 21.7.2007 23:39:55 | Attr = ] WLTRAY.EXE -> %System32%\WLTRAY.EXE -> Broadcom Corporation [Ver = 4.10.47.0 | Size = 1236992 bytes | Created Date = 21.7.2007 23:39:55 | Attr = ] wltrynt(2).dll -> %System32%\wltrynt(2).dll -> Broadcom Corporation [Ver = 4.10.47.0 | Size = 44032 bytes | Created Date = 21.7.2007 23:39:55 | Attr = ] wltrynt.dll -> %System32%\wltrynt.dll -> Broadcom Corporation [Ver = 4.10.47.0 | Size = 44032 bytes | Created Date = 21.7.2007 23:39:55 | Attr = ] WLTRYSVC(2).EXE -> %System32%\WLTRYSVC(2).EXE -> [Ver = | Size = 18944 bytes | Created Date = 21.7.2007 23:39:55 | Attr = ] WLTRYSVC.EXE -> %System32%\WLTRYSVC.EXE -> [Ver = | Size = 18944 bytes | Created Date = 21.7.2007 23:39:55 | Attr = ] wpa.bak -> %System32%\wpa.bak -> [Ver = | Size = 1374 bytes | Created Date = 11.7.2007 18:03:34 | Attr = ] wuaucpl.cpl.manifest -> %System32%\wuaucpl.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 10.7.2007 19:50:22 | Attr = RH ] admjoy.sys -> %System32%\dllcache\admjoy.sys -> Aureal, Inc. [Ver = 5.12.01.1500 | Size = 10880 bytes | Created Date = 13.7.2007 22:33:57 | Attr = ] big5.nls -> %System32%\dllcache\big5.nls -> [Ver = | Size = 66728 bytes | Created Date = 10.7.2007 19:52:46 | Attr = ] bopomofo.nls -> %System32%\dllcache\bopomofo.nls -> [Ver = | Size = 82172 bytes | Created Date = 10.7.2007 19:52:46 | Attr = ] cap7146.sys -> %System32%\dllcache\cap7146.sys -> Philips Semiconductors GmbH [Ver = 1.00 (XPClient.010817-1148) | Size = 54528 bytes | Created Date = 10.7.2007 19:52:56 | Attr = ] chtskf.dll -> %System32%\dllcache\chtskf.dll -> [Ver = | Size = 173568 bytes | Created Date = 10.7.2007 19:53:02 | Attr = ] c_10001.nls -> %System32%\dllcache\c_10001.nls -> [Ver = | Size = 162850 bytes | Created Date = 10.7.2007 19:52:47 | Attr = ] c_10002.nls -> %System32%\dllcache\c_10002.nls -> [Ver = | Size = 195618 bytes | Created Date = 10.7.2007 19:52:47 | Attr = ] c_10003.nls -> %System32%\dllcache\c_10003.nls -> [Ver = | Size = 177698 bytes | Created Date = 10.7.2007 19:52:47 | Attr = ] c_10004.nls -> %System32%\dllcache\c_10004.nls -> [Ver = | Size = 66082 bytes | Created Date = 10.7.2007 19:52:47 | Attr = ] c_10005.nls -> %System32%\dllcache\c_10005.nls -> [Ver = | Size = 66082 bytes | Created Date = 10.7.2007 19:52:47 | Attr = ] c_10008.nls -> %System32%\dllcache\c_10008.nls -> [Ver = | Size = 173602 bytes | Created Date = 10.7.2007 19:52:48 | Attr = ] c_10021.nls -> %System32%\dllcache\c_10021.nls -> [Ver = | Size = 66082 bytes | Created Date = 10.7.2007 19:52:48 | Attr = ] c_1047.nls -> %System32%\dllcache\c_1047.nls -> [Ver = | Size = 66082 bytes | Created Date = 10.7.2007 19:52:48 | Attr = ] c_1140.nls -> %System32%\dllcache\c_1140.nls -> [Ver = | Size = 66082 bytes | Created Date = 10.7.2007 19:52:48 | Attr = ] c_1141.nls -> %System32%\dllcache\c_1141.nls -> [Ver = | Size = 66082 bytes | Created Date = 10.7.2007 19:52:48 | Attr = ] c_1142.nls -> %System32%\dllcache\c_1142.nls -> [Ver = | Size = 66082 bytes | Created Date = 10.7.2007 19:52:49 | Attr = ] c_1143.nls -> %System32%\dllcache\c_1143.nls -> [Ver = | Size = 66082 bytes | Created Date = 10.7.2007 19:52:49 | Attr = ] c_1144.nls -> %System32%\dllcache\c_1144.nls -> [Ver = | Size = 66082 bytes | Created Date = 10.7.2007 19:52:49 | Attr = ] c_1145.nls -> %System32%\dllcache\c_1145.nls -> [Ver = | Size = 66082 bytes | Created Date = 10.7.2007 19:52:49 | Attr = ] c_1146.nls -> %System32%\dllcache\c_1146.nls -> [Ver = | Size = 66082 bytes | Created Date = 10.7.2007 19:52:49 | Attr = ] c_1147.nls -> %System32%\dllcache\c_1147.nls -> [Ver = | Size = 66082 bytes | Created Date = 10.7.2007 19:52:49 | Attr = ] c_1148.nls -> %System32%\dllcache\c_1148.nls -> [Ver = | Size = 66082 bytes | Created Date = 10.7.2007 19:52:49 | Attr = ] c_1149.nls -> %System32%\dllcache\c_1149.nls -> [Ver = | Size = 66082 bytes | Created Date = 10.7.2007 19:52:49 | Attr = ] c_1361.nls -> %System32%\dllcache\c_1361.nls -> [Ver = | Size = 189986 bytes | Created Date = 10.7.2007 19:52:50 | Attr = ] c_20000.nls -> %System32%\dllcache\c_20000.nls -> [Ver = | Size = 180258 bytes | Created Date = 10.7.2007 19:52:50 | Attr = ] c_20001.nls -> %System32%\dllcache\c_20001.nls -> [Ver = | Size = 186402 bytes | Created Date = 10.7.2007 19:52:50 | Attr = ] c_20002.nls -> %System32%\dllcache\c_20002.nls -> [Ver = | Size = 173602 bytes | Created Date = 10.7.2007 19:52:50 | Attr = ] c_20003.nls -> %System32%\dllcache\c_20003.nls -> [Ver = | Size = 185378 bytes | Created Date = 10.7.2007 19:52:50 | Attr = ] c_20004.nls -> %System32%\dllcache\c_20004.nls -> [Ver = | Size = 180258 bytes | Created Date = 10.7.2007 19:52:50 | Attr = ] c_20005.nls -> %System32%\dllcache\c_20005.nls -> [Ver = | Size = 187938 bytes | Created Date = 10.7.2007 19:52:51 | Attr = ] c_20105.nls -> %System32%\dllcache\c_20105.nls -> [Ver = | Size = 66082 bytes | Created Date = 10.7.2007 19:52:51 | Attr = ] c_20106.nls -> %System32%\dllcache\c_20106.nls -> [Ver = | Size = 66082 bytes | Created Date = 10.7.2007 19:52:51 | Attr = ] c_20107.nls -> %System32%\dllcache\c_20107.nls -> [Ver = | Size = 66082 bytes | Created Date = 10.7.2007 19:52:51 | Attr = ] c_20108.nls -> %System32%\dllcache\c_20108.nls -> [Ver = | Size = 66082 bytes | Created Date = 10.7.2007 19:52:51 | Attr = ] c_20269.nls -> %System32%\dllcache\c_20269.nls -> [Ver = | Size = 66082 bytes | Created Date = 10.7.2007 19:52:51 | Attr = ] c_20273.nls -> %System32%\dllcache\c_20273.nls -> [Ver = | Size = 66082 bytes | Created Date = 10.7.2007 19:52:51 | Attr = ] c_20277.nls -> %System32%\dllcache\c_20277.nls -> [Ver = | Size = 66082 bytes | Created Date = 10.7.2007 19:52:51 | Attr = ] c_20278.nls -> %System32%\dllcache\c_20278.nls -> [Ver = | Size = 66082 bytes | Created Date = 10.7.2007 19:52:51 | Attr = ] c_20280.nls -> %System32%\dllcache\c_20280.nls -> [Ver = | Size = 66082 bytes | Created Date = 10.7.2007 19:52:51 | Attr = ] c_20284.nls -> %System32%\dllcache\c_20284.nls -> [Ver = | Size = 66082 bytes | Created Date = 10.7.2007 19:52:52 | Attr = ] c_20285.nls -> %System32%\dllcache\c_20285.nls -> [Ver = | Size = 66082 bytes | Created Date = 10.7.2007 19:52:52 | Attr = ] c_20290.nls -> %System32%\dllcache\c_20290.nls -> [Ver = | Size = 66082 bytes | Created Date = 10.7.2007 19:52:52 | Attr = ] c_20297.nls -> %System32%\dllcache\c_20297.nls -> [Ver = | Size = 66082 bytes | Created Date = 10.7.2007 19:52:52 | Attr = ] c_20420.nls -> %System32%\dllcache\c_20420.nls -> [Ver = | Size = 66082 bytes | Created Date = 10.7.2007 19:52:52 | Attr = ] c_20423.nls -> %System32%\dllcache\c_20423.nls -> [Ver = | Size = 66082 bytes | Created Date = 10.7.2007 19:52:52 | Attr = ] c_20424.nls -> %System32%\dllcache\c_20424.nls -> [Ver = | Size = 66082 bytes | Created Date = 10.7.2007 19:52:52 | Attr = ] c_20833.nls -> %System32%\dllcache\c_20833.nls -> [Ver = | Size = 66082 bytes | Created Date = 10.7.2007 19:52:52 | Attr = ] c_20838.nls -> %System32%\dllcache\c_20838.nls -> [Ver = | Size = 66082 bytes | Created Date = 10.7.2007 19:52:52 | Attr = ] c_20871.nls -> %System32%\dllcache\c_20871.nls -> [Ver = | Size = 66082 bytes | Created Date = 10.7.2007 19:52:52 | Attr = ] c_20880.nls -> %System32%\dllcache\c_20880.nls -> [Ver = | Size = 66082 bytes | Created Date = 10.7.2007 19:52:53 | Attr = ] c_20924.nls -> %System32%\dllcache\c_20924.nls -> [Ver = | Size = 66082 bytes | Created Date = 10.7.2007 19:52:53 | Attr = ] c_20932.nls -> %System32%\dllcache\c_20932.nls -> [Ver = | Size = 180770 bytes | Created Date = 10.7.2007 19:52:53 | Attr = ] c_20936.nls -> %System32%\dllcache\c_20936.nls -> [Ver = | Size = 173602 bytes | Created Date = 10.7.2007 19:52:53 | Attr = ] c_20949.nls -> %System32%\dllcache\c_20949.nls -> [Ver = | Size = 177698 bytes | Created Date = 10.7.2007 19:52:53 | Attr = ] c_21025.nls -> %System32%\dllcache\c_21025.nls -> [Ver = | Size = 66082 bytes | Created Date = 10.7.2007 19:52:53 | Attr = ] c_21027.nls -> %System32%\dllcache\c_21027.nls -> [Ver = | Size = 66082 bytes | Created Date = 10.7.2007 19:52:53 | Attr = ] c_28596.nls -> %System32%\dllcache\c_28596.nls -> [Ver = | Size = 66082 bytes | Created Date = 10.7.2007 19:52:53 | Attr = ] c_708.nls -> %System32%\dllcache\c_708.nls -> [Ver = | Size = 66082 bytes | Created Date = 10.7.2007 19:52:54 | Attr = ] c_720.nls -> %System32%\dllcache\c_720.nls -> [Ver = | Size = 66594 bytes | Created Date = 10.7.2007 19:52:54 | Attr = ] c_858.nls -> %System32%\dllcache\c_858.nls -> [Ver = | Size = 66594 bytes | Created Date = 10.7.2007 19:52:54 | Attr = ] c_862.nls -> %System32%\dllcache\c_862.nls -> [Ver = | Size = 66594 bytes | Created Date = 10.7.2007 19:52:55 | Attr = ] c_864.nls -> %System32%\dllcache\c_864.nls -> [Ver = | Size = 66594 bytes | Created Date = 10.7.2007 19:52:55 | Attr = ] c_870.nls -> %System32%\dllcache\c_870.nls -> [Ver = | Size = 66082 bytes | Created Date = 10.7.2007 19:52:55 | Attr = ] esucmd.dll -> %System32%\dllcache\esucmd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 31744 bytes | Created Date = 10.7.2007 19:53:22 | Attr = ] esuimgd.dll -> %System32%\dllcache\esuimgd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 57856 bytes | Created Date = 10.7.2007 19:53:22 | Attr = ] esunid.dll -> %System32%\dllcache\esunid.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 45056 bytes | Created Date = 10.7.2007 19:53:22 | Attr = ] FP4.CAT -> %System32%\dllcache\FP4.CAT -> [Ver = | Size = 30983 bytes | Created Date = 10.7.2007 19:43:07 | Attr = ] fpencode.dll -> %System32%\dllcache\fpencode.dll -> [Ver = | Size = 94208 bytes | Created Date = 10.7.2007 19:53:26 | Attr = ] hanja.lex -> %System32%\dllcache\hanja.lex -> [Ver = | Size = 108827 bytes | Created Date = 10.7.2007 19:53:33 | Attr = ] HPCRDP.CAT -> %System32%\dllcache\HPCRDP.CAT -> [Ver = | Size = 13497 bytes | Created Date = 10.7.2007 19:43:07 | Attr = ] hwxjpn.dll -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Created Date = 10.7.2007 19:53:40 | Attr = ] IASNT4.CAT -> %System32%\dllcache\IASNT4.CAT -> [Ver = | Size = 8599 bytes | Created Date = 10.7.2007 19:43:08 | Attr = ] imekr.lex -> %System32%\dllcache\imekr.lex -> [Ver = | Size = 134339 bytes | Created Date = 10.7.2007 19:53:54 | Attr = ] imjpinst.exe -> %System32%\dllcache\imjpinst.exe -> [Ver = | Size = 196665 bytes | Created Date = 10.7.2007 19:53:57 | Attr = ] IMS.CAT -> %System32%\dllcache\IMS.CAT -> [Ver = | Size = 14043 bytes | Created Date = 10.7.2007 19:43:07 | Attr = ] imscinst.exe -> %System32%\dllcache\imscinst.exe -> [Ver = | Size = 59392 bytes | Created Date = 10.7.2007 19:53:58 | Attr = ] korwbrkr.lex -> %System32%\dllcache\korwbrkr.lex -> [Ver = | Size = 1158818 bytes | Created Date = 10.7.2007 19:54:10 | Attr = ] ksc.nls -> %System32%\dllcache\ksc.nls -> [Ver = | Size = 47066 bytes | Created Date = 10.7.2007 19:54:11 | Attr = ] MAPIMIG.CAT -> %System32%\dllcache\MAPIMIG.CAT -> [Ver = | Size = 399670 bytes | Created Date = 10.7.2007 19:43:07 | Attr = ] MSMSGS.CAT -> %System32%\dllcache\MSMSGS.CAT -> [Ver = | Size = 9581 bytes | Created Date = 10.7.2007 19:43:07 | Attr = ] MSTSWEB.CAT -> %System32%\dllcache\MSTSWEB.CAT -> [Ver = | Size = 7245 bytes | Created Date = 10.7.2007 19:43:08 | Attr = ] MW770.CAT -> %System32%\dllcache\MW770.CAT -> [Ver = | Size = 37509 bytes | Created Date = 10.7.2007 19:43:08 | Attr = ] NT5.CAT -> %System32%\dllcache\NT5.CAT -> [Ver = | Size = 1895804 bytes | Created Date = 10.7.2007 19:43:07 | Attr = ] NT5IIS.CAT -> %System32%\dllcache\NT5IIS.CAT -> [Ver = | Size = 809684 bytes | Created Date = 10.7.2007 19:43:07 | Attr = ] NT5INF.CAT -> %System32%\dllcache\NT5INF.CAT -> [Ver = | Size = 523682 bytes | Created Date = 10.7.2007 19:43:06 | Attr = ] NTPRINT.CAT -> %System32%\dllcache\NTPRINT.CAT -> [Ver = | Size = 1086058 bytes | Created Date = 10.7.2007 19:43:07 | Attr = ] OEMBIOS.CAT -> %System32%\dllcache\OEMBIOS.CAT -> [Ver = | Size = 7407 bytes | Created Date = 10.7.2007 19:43:08 | Attr = ] pintlcsa.dll -> %System32%\dllcache\pintlcsa.dll -> [Ver = | Size = 175104 bytes | Created Date = 10.7.2007 19:54:44 | Attr = ] prc.nls -> %System32%\dllcache\prc.nls -> [Ver = | Size = 83748 bytes | Created Date = 10.7.2007 19:54:46 | Attr = ] prcp.nls -> %System32%\dllcache\prcp.nls -> [Ver = | Size = 83748 bytes | Created Date = 10.7.2007 19:54:46 | Attr = ] rw330ext.dll -> %System32%\dllcache\rw330ext.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 26624 bytes | Created Date = 10.7.2007 19:54:55 | Attr = ] rwia001.dll -> %System32%\dllcache\rwia001.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 10.7.2007 19:54:55 | Attr = ] rwia330.dll -> %System32%\dllcache\rwia330.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 10.7.2007 19:54:56 | Attr = ] SP2.CAT -> %System32%\dllcache\SP2.CAT -> [Ver = | Size = 1014139 bytes | Created Date = 10.7.2007 19:43:07 | Attr = ] spxcoins.dll -> %System32%\dllcache\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 10.7.2007 19:43:17 | Attr = ] startoc.cat -> %System32%\dllcache\startoc.cat -> [Ver = | Size = 168806 bytes | Created Date = 10.7.2007 19:43:08 | Attr = ] wmerrenu.cat -> %System32%\dllcache\wmerrenu.cat -> [Ver = | Size = 7334 bytes | Created Date = 10.7.2007 19:43:08 | Attr = ] xjis.nls -> %System32%\dllcache\xjis.nls -> [Ver = | Size = 28288 bytes | Created Date = 10.7.2007 19:55:41 | Attr = ] admjoy.sys -> %System32%\drivers\admjoy.sys -> Aureal, Inc. [Ver = 5.12.01.1500 | Size = 10880 bytes | Created Date = 13.7.2007 22:33:57 | Attr = ] BCMWLNPF.SYS -> %System32%\drivers\BCMWLNPF.SYS -> CACE Technologies [Ver = 3, 1, 0, 27 | Size = 33664 bytes | Created Date = 21.7.2007 23:39:59 | Attr = ] hamachi.sys -> %System32%\drivers\hamachi.sys -> LogMeIn, Inc. [Ver = 6.0.1.0 | Size = 26056 bytes | Created Date = 11.7.2007 21:31:09 | Attr = ] HPZid412.sys -> %System32%\drivers\HPZid412.sys -> HP [Ver = 9, 0, 0, 0 | Size = 51120 bytes | Created Date = 22.7.2007 11:43:25 | Attr = R ] HPZipr12.sys -> %System32%\drivers\HPZipr12.sys -> HP [Ver = 9, 0, 0, 0 | Size = 16496 bytes | Created Date = 22.7.2007 11:43:29 | Attr = R ] HPZius12.sys -> %System32%\drivers\HPZius12.sys -> HP [Ver = 9, 0, 0, 0 | Size = 21744 bytes | Created Date = 22.7.2007 11:40:03 | Attr = R ] [Files/Folders - Modified Within 30 days] asennus -> %SystemDrive%\asennus -> [Folder | Modified Date = 12.7.2007 3:53:48 | Attr = ] AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT -> [Ver = | Size = 0 bytes | Modified Date = 10.7.2007 20:51:50 | Attr = ] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 210 bytes | Modified Date = 6.8.2007 0:10:56 | Attr = HS] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 6.8.2007 16:37:02 | Attr = H ] CONFIG.SYS -> %SystemDrive%\CONFIG.SYS -> [Ver = | Size = 0 bytes | Modified Date = 10.7.2007 20:51:50 | Attr = ] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 17.7.2007 12:48:40 | Attr = ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 24.7.2007 1:19:06 | Attr = ] Downloads -> %SystemDrive%\Downloads -> [Folder | Modified Date = 28.7.2007 18:20:20 | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 527880192 bytes | Modified Date = 6.8.2007 15:25:24 | Attr = HS] hjt -> %SystemDrive%\hjt -> [Folder | Modified Date = 4.8.2007 0:43:20 | Attr = ] img2-001.raw -> %SystemDrive%\img2-001.raw -> [Ver = | Size = 230424 bytes | Modified Date = 30.7.2007 14:33:20 | Attr = ] Kaspersky -> %SystemDrive%\Kaspersky -> [Folder | Modified Date = 29.7.2007 2:38:28 | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 5.8.2007 23:49:16 | Attr = R ] Recovery -> %SystemDrive%\Recovery -> [Folder | Modified Date = 24.7.2007 1:05:48 | Attr = ] SwSetup -> %SystemDrive%\SwSetup -> [Folder | Modified Date = 29.7.2007 2:38:08 | Attr = ] System Recovery -> %SystemDrive%\System Recovery -> [Folder | Modified Date = 24.7.2007 1:05:54 | Attr = HS] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 10.7.2007 20:58:26 | Attr = HS] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 6.8.2007 15:27:10 | Attr = ] WUTemp -> %SystemDrive%\WUTemp -> [Folder | Modified Date = 24.7.2007 1:03:38 | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 11.7.2007 21:46:20 | Attr = H ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 10.7.2007 23:39:40 | Attr = ] assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 25.7.2007 1:17:04 | Attr = R S] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 6.8.2007 15:25:26 | Attr = S] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 24.7.2007 0:02:16 | Attr = ] Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 8.7.2007 1:37:36 | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 18.7.2007 1:47:46 | Attr = S] Driver Cache -> %SystemRoot%\Driver Cache -> [Folder | Modified Date = 10.7.2007 23:31:50 | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 17.7.2007 12:50:00 | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 30.7.2007 20:11:00 | Attr = R S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 6.8.2007 0:41:04 | Attr = ] ime -> %SystemRoot%\ime -> [Folder | Modified Date = 10.7.2007 23:39:36 | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 6.8.2007 0:04:06 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 6.8.2007 16:37:02 | Attr = HS] iPlayer.INI -> %SystemRoot%\iPlayer.INI -> [Ver = | Size = 0 bytes | Modified Date = 2.8.2007 20:12:10 | Attr = ] LastGood -> %SystemRoot%\LastGood -> [Folder | Modified Date = 6.8.2007 15:27:12 | Attr = ] Media -> %SystemRoot%\Media -> [Folder | Modified Date = 10.7.2007 23:39:34 | Attr = ] Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 27.7.2007 19:24:52 | Attr = ] mozregistry.dat -> %SystemRoot%\mozregistry.dat -> [Ver = | Size = 335 bytes | Modified Date = 1.8.2007 5:02:50 | Attr = ] mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 4068 bytes | Modified Date = 17.7.2007 3:18:38 | Attr = ] msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 10.7.2007 23:38:54 | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 69 bytes | Modified Date = 4.8.2007 12:24:30 | Attr = ] ODBCINST.INI -> %SystemRoot%\ODBCINST.INI -> [Ver = | Size = 4381 bytes | Modified Date = 10.7.2007 20:51:32 | Attr = ] Offline Web Pages -> %SystemRoot%\Offline Web Pages -> [Folder | Modified Date = 21.7.2007 2:42:46 | Attr = R ] PeerNet -> %SystemRoot%\PeerNet -> [Folder | Modified Date = 10.7.2007 23:39:20 | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 5.8.2007 23:13:18 | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Modified Date = 4.8.2007 15:08:14 | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 4.8.2007 20:01:34 | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 6.8.2007 15:33:00 | Attr = H ] RegisteredPackages -> %SystemRoot%\RegisteredPackages -> [Folder | Modified Date = 24.7.2007 1:04:12 | Attr = ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 6.8.2007 0:26:42 | Attr = ] security -> %SystemRoot%\security -> [Folder | Modified Date = 18.7.2007 21:53:10 | Attr = ] setup.pss -> %SystemRoot%\setup.pss -> [Folder | Modified Date = 10.7.2007 20:29:32 | Attr = ] setupapi.old -> %SystemRoot%\setupapi.old -> [Ver = | Size = 3311 bytes | Modified Date = 10.7.2007 18:26:32 | Attr = ] SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 14.7.2007 3:55:38 | Attr = ] SoftwareDistribution_0ld -> %SystemRoot%\SoftwareDistribution_0ld -> [Folder | Modified Date = 14.7.2007 3:54:02 | Attr = ] system -> %SystemRoot%\system -> [Folder | Modified Date = 10.7.2007 20:43:30 | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 6.8.2007 0:10:56 | Attr = ] system32 -> %System32% -> [Folder | Modified Date = 6.8.2007 0:12:16 | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 6.8.2007 15:25:28 | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 6.8.2007 17:25:32 | Attr = ] twain_32 -> %SystemRoot%\twain_32 -> [Folder | Modified Date = 28.7.2007 11:04:28 | Attr = ] Web -> %SystemRoot%\Web -> [Folder | Modified Date = 10.7.2007 20:50:34 | Attr = R ] WFTPSRV.INI -> %SystemRoot%\WFTPSRV.INI -> [Ver = | Size = 121 bytes | Modified Date = 27.7.2007 19:03:08 | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 703 bytes | Modified Date = 6.8.2007 3:32:54 | Attr = ] WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest -> [Ver = | Size = 749 bytes | Modified Date = 10.7.2007 20:50:24 | Attr = RH ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 28.7.2007 11:04:20 | Attr = ] WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 17.7.2007 16:29:00 | Attr = ] Mozilla Firefox.job -> %SystemRoot%\tasks\Mozilla Firefox.job -> [Ver = | Size = 324 bytes | Modified Date = 22.7.2007 12:34:40 | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 6.8.2007 15:25:28 | Attr = H ] Scheduled scanning task.job -> %SystemRoot%\tasks\Scheduled scanning task.job -> [Ver = | Size = 568 bytes | Modified Date = 6.8.2007 3:01:06 | Attr = ] Tarkista kansio virusten varalta.job -> %SystemRoot%\tasks\Tarkista kansio virusten varalta.job -> [Ver = | Size = 330 bytes | Modified Date = 30.7.2007 21:50:08 | Attr = ] $winnt$.inf -> %System32%\$winnt$.inf -> [Ver = | Size = 26861 bytes | Modified Date = 10.7.2007 20:56:52 | Attr = ] 1033 -> %System32%\1033 -> [Folder | Modified Date = 10.7.2007 23:33:18 | Attr = ] 1035 -> %System32%\1035 -> [Folder | Modified Date = 10.7.2007 23:35:22 | Attr = ] amcompat.tlb -> %System32%\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 5.8.2007 20:43:46 | Attr = ] CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 5.8.2007 20:43:40 | Attr = ] CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 6.8.2007 15:26:20 | Attr = ] Catroot2_0ld -> %System32%\Catroot2_0ld -> [Folder | Modified Date = 21.7.2007 2:41:28 | Attr = ] cdplayer.exe.manifest -> %System32%\cdplayer.exe.manifest -> [Ver = | Size = 749 bytes | Modified Date = 10.7.2007 20:50:24 | Attr = RH ] cmmgr32.GID -> %System32%\cmmgr32.GID -> [Ver = | Size = 8628 bytes | Modified Date = 21.7.2007 3:14:36 | Attr = H ] Com -> %System32%\Com -> [Folder | Modified Date = 10.7.2007 20:49:38 | Attr = ] config -> %System32%\config -> [Folder | Modified Date = 29.7.2007 2:39:16 | Attr = ] DirectX -> %System32%\DirectX -> [Folder | Modified Date = 24.7.2007 1:03:48 | Attr = ] dllcache -> %System32%\dllcache -> [Folder | Modified Date = 24.7.2007 1:09:44 | Attr = RHS] drivers -> %System32%\drivers -> [Folder | Modified Date = 6.8.2007 15:27:14 | Attr = ] emptyregdb.dat -> %System32%\emptyregdb.dat -> [Ver = | Size = 23460 bytes | Modified Date = 10.7.2007 20:49:36 | Attr = ] FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 122928 bytes | Modified Date = 4.8.2007 23:17:38 | Attr = ] GDIPFONTCACHEV1.DAT -> %System32%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 21800 bytes | Modified Date = 4.8.2007 19:09:26 | Attr = ] ias -> %System32%\ias -> [Folder | Modified Date = 10.7.2007 20:51:08 | Attr = ] icsxml -> %System32%\icsxml -> [Folder | Modified Date = 10.7.2007 23:34:06 | Attr = ] java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 135168 bytes | Modified Date = 12.7.2007 1:22:00 | Attr = ] javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 69632 bytes | Modified Date = 12.7.2007 2:22:36 | Attr = ] javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 135168 bytes | Modified Date = 12.7.2007 1:22:04 | Attr = ] javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 139264 bytes | Modified Date = 12.7.2007 2:22:38 | Attr = ] logonui.exe.manifest -> %System32%\logonui.exe.manifest -> [Ver = | Size = 488 bytes | Modified Date = 10.7.2007 20:50:32 | Attr = RH ] mlfcache.dat -> %System32%\mlfcache.dat -> [Ver = | Size = 15520 bytes | Modified Date = 13.7.2007 4:50:14 | Attr = H ] ncpa.cpl.manifest -> %System32%\ncpa.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 10.7.2007 20:50:24 | Attr = RH ] npp -> %System32%\npp -> [Folder | Modified Date = 10.7.2007 23:39:04 | Attr = ] nscompat.tlb -> %System32%\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 5.8.2007 20:43:46 | Attr = ] NtmsData -> %System32%\NtmsData -> [Folder | Modified Date = 21.7.2007 1:36:28 | Attr = ] nwc.cpl.manifest -> %System32%\nwc.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 10.7.2007 20:50:24 | Attr = RH ] oeminfo.ini -> %System32%\oeminfo.ini -> [Ver = | Size = 27806 bytes | Modified Date = 10.7.2007 20:43:30 | Attr = ] oobe -> %System32%\oobe -> [Folder | Modified Date = 24.7.2007 1:04:36 | Attr = ] perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 99202 bytes | Modified Date = 25.7.2007 1:09:56 | Attr = ] perfc00B.dat -> %System32%\perfc00B.dat -> [Ver = | Size = 118840 bytes | Modified Date = 25.7.2007 1:09:56 | Attr = ] perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 508990 bytes | Modified Date = 25.7.2007 1:09:56 | Attr = ] perfh00B.dat -> %System32%\perfh00B.dat -> [Ver = | Size = 487056 bytes | Modified Date = 25.7.2007 1:09:56 | Attr = ] PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 1195632 bytes | Modified Date = 25.7.2007 1:09:56 | Attr = ] ReinstallBackups -> %System32%\ReinstallBackups -> [Folder | Modified Date = 4.8.2007 23:14:40 | Attr = ] Restore -> %System32%\Restore -> [Folder | Modified Date = 10.7.2007 20:58:26 | Attr = ] sapi.cpl.manifest -> %System32%\sapi.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 10.7.2007 20:50:24 | Attr = RH ] Setup -> %System32%\Setup -> [Folder | Modified Date = 10.7.2007 23:40:06 | Attr = ] usmt -> %System32%\usmt -> [Folder | Modified Date = 10.7.2007 23:39:54 | Attr = ] wbem -> %System32%\wbem -> [Folder | Modified Date = 29.7.2007 2:42:36 | Attr = ] WindowsLogon.manifest -> %System32%\WindowsLogon.manifest -> [Ver = | Size = 488 bytes | Modified Date = 10.7.2007 20:50:32 | Attr = RH ] wpa.bak -> %System32%\wpa.bak -> [Ver = | Size = 1374 bytes | Modified Date = 11.7.2007 19:03:36 | Attr = ] wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1374 bytes | Modified Date = 6.8.2007 15:26:24 | Attr = ] wuaucpl.cpl.manifest -> %System32%\wuaucpl.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 10.7.2007 20:50:24 | Attr = RH ] XPSViewer -> %System32%\XPSViewer -> [Folder | Modified Date = 25.7.2007 1:12:56 | Attr = ] 103C_HP_NTBK_HP Compaq nx6310 (RH323EA#AK8)_YN_0U_QCNU6423M9W_E404598B73_46_I30AA_SHP_VKBC Version 58.11_B68YDU Ver. F.08_T060727_WXH2_L40B_M504_J60_7Intel_8Celeron M 430_91.73_#060711_N14E4170C_(RH323EA#AK8).MRK -> %System32%\drivers\103C_HP_NTBK_HP Compaq nx6310 (RH323EA#AK8)_YN_0U_QCNU6423M9W_E404598B73_46_I30AA_SHP_VKBC Version 58.11_B68YDU Ver. F.08_T060727_WXH2_L40B_M504_J60_7Intel_8Celeron M 430_91.73_#060711_N14E4170C_(RH323EA#AK8).MRK -> [Ver = | Size = 1752 bytes | Modified Date = 22.7.2007 16:38:32 | Attr = RHS] hamachi.sys -> %System32%\drivers\hamachi.sys -> LogMeIn, Inc. [Ver = 6.0.1.0 | Size = 26056 bytes | Modified Date = 11.7.2007 22:31:10 | Attr = ] secdrv.sys -> %System32%\drivers\secdrv.sys -> Macrovision Europe Ltd [Ver = 3.18.000 | Size = 12400 bytes | Modified Date = 20.7.2007 0:05:32 | Attr = ] [File String Scan - Non-Microsoft Only] PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41113 bytes | Modified Date = 15.9.2004 15:00:00 | Attr = ] aspack , -> %System32%\lame_enc.dll -> [Ver = | Size = 120832 bytes | Modified Date = 19.3.2002 7:18:54 | Attr = ] aspack , -> %System32%\NCTAudioFile.dll -> NCT Company [Ver = 1, 7, 6, 0 | Size = 491520 bytes | Modified Date = 3.12.2002 3:02:58 | Attr = ] aspack , -> %System32%\NCTAudioInformation2.dll -> NCT Company Ltd. [Ver = 2, 1, 2, 0 | Size = 573440 bytes | Modified Date = 26.3.2003 6:59:40 | Attr = ] aspack , -> %System32%\NCTWMAFile.dll -> NCT Company [Ver = 1, 7, 6, 0 | Size = 143872 bytes | Modified Date = 3.12.2002 3:11:10 | Attr = ] UPX! , UPX0 , -> %System32%\saxzip.ocx -> Sax Software Corp. [Ver = 1.0.1211 | Size = 552960 bytes | Modified Date = 23.7.2001 9:29:32 | Attr = ] UPX! , UPX0 , -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 27.4.2006 17:49:30 | Attr = ] UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Modified Date = 29.8.2006 19:43:54 | Attr = ] UPX! , UPX0 , -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 9.1.2006 10:36:06 | Attr = ] UPX! , UPX0 , -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Modified Date = 1.12.2006 6:20:34 | Attr = ] UPX! , UPX0 , -> %System32%\Tweak-XP.scr -> [Ver = | Size = 584484 bytes | Modified Date = 28.9.2004 5:00:00 | Attr = ] UPX! , UPX0 , -> %System32%\vbskpro2.ocx -> JB [Ver = 2.01 | Size = 412672 bytes | Modified Date = 9.8.2005 1:07:00 | Attr = ] winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 15.9.2004 15:00:00 | Attr = ] WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 15.9.2004 15:00:00 | Attr = ] < End of report > F-secure tulee myöhemmin.
F-secure: Tulos Haittaohjelmia ei löytynyt Tilastot Tarkistettuja: * Tiedostot: 302495 * Järjestelmän rekisteri: 5112 * Tarkistamatta: 106 Tulos: * Virukset: 0 * Vakoiluohjelmat: 0 * Epäilyttävät kohteet: 0 Toiminnot: * Puhdistettuja: 0 * Uudelleennimettyjä: 0 * Poistettuja: 0 * Eristettyjä: 0 * Epäonnistunut: 0 Käynnistyssektorit: * Tarkistettuja: 1 * Tartuntoja: 0 * Epäilyttävät kohteet: 0 * Puhdistettuja: 0 Tarkistamattomat tiedostot: * Tiedoston C:\hiberfil.sys avaaminen ei onnistu * Tiedoston C:\pagefile.sys avaaminen ei onnistu * Pakattuun tiedostoon C:\WINDOWS\Temp\Perflib_Perfdata_260.dat sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\WINDOWS\Temp\Perflib_Perfdata_26c.dat sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\WINDOWS\Temp\Perflib_Perfdata_28c.dat sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\WINDOWS\Temp\Perflib_Perfdata_2d0.dat sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\WINDOWS\Temp\Perflib_Perfdata_2e4.dat sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\WINDOWS\Temp\Perflib_Perfdata_2f0.dat sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\WINDOWS\Temp\Perflib_Perfdata_300.dat sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\WINDOWS\Temp\Perflib_Perfdata_33c.dat sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\WINDOWS\Temp\Perflib_Perfdata_4c8.dat sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\WINDOWS\Temp\Perflib_Perfdata_4fc.dat sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\WINDOWS\Temp\Perflib_Perfdata_558.dat sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\WINDOWS\Temp\Perflib_Perfdata_5f4.dat sisältyvän tiedoston avaaminen ei onnistu * Tiedoston C:\WINDOWS\Temp\Perflib_Perfdata_614.dat avaaminen ei onnistu * Pakattuun tiedostoon C:\WINDOWS\Temp\Perflib_Perfdata_620.dat sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\WINDOWS\Temp\Perflib_Perfdata_a4.dat sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\WINDOWS\Temp\Perflib_Perfdata_c0.dat sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\WINDOWS\system32\bios1.rom sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\WINDOWS\system32\DLA\DLAMRMsg.ISO sisältyvän tiedoston avaaminen ei onnistu * Tiedoston C:\WINDOWS\system32\config\default avaaminen ei onnistu * Tiedoston C:\WINDOWS\system32\config\SAM avaaminen ei onnistu * Tiedoston C:\WINDOWS\system32\config\SECURITY avaaminen ei onnistu * Tiedoston C:\WINDOWS\system32\config\software avaaminen ei onnistu * Tiedoston C:\WINDOWS\system32\config\system avaaminen ei onnistu * Tiedoston C:\WINDOWS\system32\CatRoot2\edb.log avaaminen ei onnistu * Tiedoston C:\WINDOWS\system32\CatRoot2\edbtmp.log avaaminen ei onnistu * Tiedoston C:\WINDOWS\system32\CatRoot2\tmp.edb avaaminen ei onnistu * Kohteen C:\System Volume Information\_restore{8129E08D-1AA7-409B-9D9D-DE05B0EE0B26}\RP126\A0023727.exe tarkistus keskeytyi [F-Secure AVP] * Pakattuun tiedostoon C:\System Volume Information\catalog.wci\CiFLfffc.001 sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\System Volume Information\catalog.wci\CiFLfffc.002 sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\System Volume Information\catalog.wci\CiSL0001.001 sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\System Volume Information\catalog.wci\CiSL0001.002 sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\System Volume Information\catalog.wci\CiVP0000.001 sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\System Volume Information\catalog.wci\CiVP0000.002 sisältyvän tiedoston avaaminen ei onnistu * Kohteen C:\SwSetup\SFT_Rec\hp-bnr-drdvd.EXE tarkistus keskeytyi [F-Secure AVP] * Kohteen C:\SwSetup\SDMPL\MYDVD_62\MyDVD.MSI\stream 8 tarkistus keskeytyi [F-Secure AVP] * Kohteen C:\SwSetup\SDMPL\MYDVD_62\MyDVD.MSI tarkistus keskeytyi [F-Secure AVP] * Pakattuun tiedostoon C:\SwSetup\SDMPL\DLA32_52\DLA.msi\stream 7\FILE0013.D0FFFB8D_996E_43B1_8C32_FF42F494CE70 sisältyvän tiedoston avaaminen ei onnistu * Kohteen C:\SwSetup\Btooth\Data1.cab tarkistus keskeytyi [F-Secure AVP] * Kohteen C:\SwSetup\Btooth\TZ\Data1.cab tarkistus keskeytyi [F-Secure AVP] * Pakattuun tiedostoon C:\Program Files\Sonic\DigitalMedia Plus v7\DLA\install\dlamrmsg.iso sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\Program Files\Maxis\The Sims\UserData8\PhotoAlbum\_ sisältyvän tiedoston avaaminen ei onnistu * Kohteen C:\Program Files\Java\jre1.6.0_02\lib\rt.jar tarkistus keskeytyi [F-Secure AVP] * Kohteen C:\Program Files\Java\jre1.6.0_01\lib\rt.jar tarkistus keskeytyi [F-Secure AVP] * Tiedoston C:\Program Files\Elisa Tietoturvapalvelu\Common\admin.pub avaaminen ei onnistu * Tiedoston C:\Program Files\Elisa Tietoturvapalvelu\Common\policy.ipf avaaminen ei onnistu * Tiedoston C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Users\Default\Data\chandir.dat avaaminen ei onnistu * Tiedoston C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Users\Default\Data\L0000037.FCS avaaminen ei onnistu * Tiedoston C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Users\Default\Data\prs.dat avaaminen ei onnistu * Tiedoston C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Users\Default\Data\storydb.dat avaaminen ei onnistu * Tiedosto C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 24\AdAware_SE_default.ask\Ad-Aware SE Default.skn on salattu * Pakattuun tiedostoon C:\I386\BIOS1.RO_ sisältyvän tiedoston avaaminen ei onnistu * Kohteen C:\I386\DRIVER.CAB tarkistus keskeytyi [F-Secure AVP] * Tiedoston C:\Documents and Settings\NetworkService\NTUSER.DAT avaaminen ei onnistu * Tiedoston C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat avaaminen ei onnistu * Tiedoston C:\Documents and Settings\LocalService\ntuser.dat avaaminen ei onnistu * Pakattuun tiedostoon C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla\Firefox\Profiles\imn1ch4d.default\Cache\_CACHE_001_ sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla\Firefox\Profiles\imn1ch4d.default\Cache\_CACHE_002_ sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla\Firefox\Profiles\imn1ch4d.default\Cache\_CACHE_003_ sisältyvän tiedoston avaaminen ei onnistu * Tiedoston C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat avaaminen ei onnistu * Pakattuun tiedostoon C:\Documents and Settings\Liukkonen K\Local Settings\Temp\~DF4980.tmp sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\Documents and Settings\Liukkonen K\Local Settings\Temp\~DF52EF.tmp sisältyvän tiedoston avaaminen ei onnistu * Tiedoston C:\Documents and Settings\Käyttäjä\ntuser.dat avaaminen ei onnistu * Pakattuun tiedostoon C:\Documents and Settings\Käyttäjä\Omat tiedostot\gparted-livecd-0.3.4-8.iso sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\Documents and Settings\Käyttäjä\Omat tiedostot\Tristan\PIC sisältyvän tiedoston avaaminen ei onnistu * Tiedosto C:\Documents and Settings\Käyttäjä\Omat tiedostot\torjunta\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\Ad-Aware SE Default.skn on salattu * Tiedoston C:\Documents and Settings\Käyttäjä\Local Settings\Temp\~ROMFN_0000101C avaaminen ei onnistu * Pakattuun tiedostoon C:\Documents and Settings\Käyttäjä\Local Settings\Application Data\Mozilla\Firefox\Profiles\mu7cme13.default\Cache(6)\_CACHE_001_ sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\Documents and Settings\Käyttäjä\Local Settings\Application Data\Mozilla\Firefox\Profiles\mu7cme13.default\Cache(6)\_CACHE_002_ sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\Documents and Settings\Käyttäjä\Local Settings\Application Data\Mozilla\Firefox\Profiles\mu7cme13.default\Cache(6)\_CACHE_003_ sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\Documents and Settings\Käyttäjä\Local Settings\Application Data\Mozilla\Firefox\Profiles\mu7cme13.default\Cache(5)\_CACHE_001_ sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\Documents and Settings\Käyttäjä\Local Settings\Application Data\Mozilla\Firefox\Profiles\mu7cme13.default\Cache(5)\_CACHE_002_ sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\Documents and Settings\Käyttäjä\Local Settings\Application Data\Mozilla\Firefox\Profiles\mu7cme13.default\Cache(5)\_CACHE_003_ sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\Documents and Settings\Käyttäjä\Local Settings\Application Data\Mozilla\Firefox\Profiles\mu7cme13.default\Cache(2)\_CACHE_001_ sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\Documents and Settings\Käyttäjä\Local Settings\Application Data\Mozilla\Firefox\Profiles\mu7cme13.default\Cache(2)\_CACHE_002_ sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\Documents and Settings\Käyttäjä\Local Settings\Application Data\Mozilla\Firefox\Profiles\mu7cme13.default\Cache(2)\_CACHE_003_ sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\Documents and Settings\Käyttäjä\Local Settings\Application Data\Mozilla\Firefox\Profiles\mu7cme13.default\Cache\_CACHE_002_ sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\Documents and Settings\Käyttäjä\Local Settings\Application Data\Mozilla\Firefox\Profiles\mu7cme13.default\Cache\_CACHE_003_ sisältyvän tiedoston avaaminen ei onnistu * Tiedoston C:\Documents and Settings\Käyttäjä\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat avaaminen ei onnistu * Tiedoston C:\Documents and Settings\Käyttäjä\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db avaaminen ei onnistu * Tiedoston C:\Documents and Settings\Käyttäjä\Application Data\ispnews\ispn.ini avaaminen ei onnistu * Tiedosto C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsAppFirewallBypass.zip\sbRecovery.reg on salattu * Tiedosto C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsAppFirewallBypass1.zip\sbRecovery.reg on salattu * Tiedosto C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsExplorer.zip\sbRecovery.reg on salattu * Tiedosto C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsIEFirewallBypass.zip\sbRecovery.reg on salattu * Tiedosto C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsIEFirewallBypass1.zip\sbRecovery.reg on salattu * Tiedosto C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff.zip\sbRecovery.reg on salattu * Tiedoston C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\835be74988418fd92726fcc5da95f465_383d4c95-fb63-487f-9f96-1a1f17197ced avaaminen ei onnistu * Pakattuun tiedostoon C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#32482332D7B3.dat sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#387870B8A7BC.dat sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#3BFC719CA331.dat sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#4C040B67A6F1.dat sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#4FAC9B5E72DF.dat sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#56242A84B2EB.dat sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#5C78C08AA89E.dat sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#60F89E24AB7B.dat sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#65C07FDAFFDC.dat sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#69D4305EFA57.dat sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#6E5494AB3776.dat sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#736444436726.dat sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#87EC2B34AB95.dat sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#893023553FBE.dat sisältyvän tiedoston avaaminen ei onnistu * Pakattuun tiedostoon C:\Documents and Settings\All Users\Application Data\Messenger Plus!\Custom Sounds\#9E6CB5517FF5.dat sisältyvän tiedoston avaaminen ei onnistu Asetukset Tunnisteiden versio: * Virukset: 2007-08-08_06 * Vakoiluohjelmat: 2007-07-25_05 Tarkistusohjelmat: * F-Secure AVP: 6.00.169, 2007-08-08 * F-Secure Libra: 2.03.11, 2007-08-08 * F-Secure Orion: 1.02.37, 2007-08-08 * F-Secure Draco: 1.00.35, 2007-07-23 * F-Secure BlackLight: 1.00.64 Tarkistusasetukset: * Tarkista kaikki tiedostot * Tarkista seuraavat pakatut tiedostot Toiminnot: * Virukset: Valitaan tarkistuksen jälkeen * Vakoiluohjelmat: Valitaan tarkistuksen jälkeen ------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 15:02:03, on 9.8.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Microsoft LifeCam\MSCamSvc.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsqh.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsrw.exe C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\HPQ\IAM\bin\asghost.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\PROGRA~1\ELISAT~1\ANTI-S~1\fsaw.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe C:\Program Files\Widgets\YahooWidgetEngine.exe C:\Program Files\Widgets\YahooWidgetEngine.exe C:\Program Files\Widgets\YahooWidgetEngine.exe C:\Program Files\Widgets\YahooWidgetEngine.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\explorer.exe C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\MyDVD.EXE C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\hjt\SCANNER.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wings2.net/index.php?page=servers R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Documents and Settings\Käyttäjä\Omat tiedostot\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Widgets\YahooWidgetEngine.exe O4 - Global Startup: Elisa Tietoturvapalvelu.lnk = C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\blockpopups.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O15 - Trusted Zone: http://*.mu-online.com O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161857316578 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - BackWeb Technologies Inc. - C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
Pysy puhtaana -> Tyhjennä järjestelmänpalautus Ohjeet Tyhjennä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä. -> Käytä CCleaneria -> CCleaner Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti. -> Asenna SpywareBlaster -> SpywareBlaster SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia! Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas -> Asenna MVPS Hosts tiedosto -> MVPS Hosts Estää koneesi yhteyden haitallisiin sivustoihin. Opas saatavilla suomeksi! Nimimerkki Axelin opas -> Vaihda selaimesi Firefoxiin -> Firefox Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer. -> Pidä järjestelmäsi ajantasalla. -> Windows Update Vieraile Windows Updatessa säännöllisesti. -> Pidä palomuuri ja virustorjunta ajantasalla Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi. ja hyvä myös escan http://koti.mbnet.fi/pattaya1/escanmwav.htm ->Pidä ohjelmistosi ajantasalla. -> Secunia Software Inspector Secunia Software Inspector tutkii sinun järjestälmäsi ja ohjelmistosi puuttuvien turvallisuuspäivityksien osalta. Tavallinen tutkinta kestää normaalisti 5-40 sekuntia, kun läpikotainen (thorough system inspection) voi kestää useita minuutteja. ->Seuraa säännöllisesti viestintäviraston tietoja uusista haavoittuvuuksista -> CERT-FI Jos tulevaisuudessa tulee haittaohjelmien kanssa ongelmia, älä epäröi laittaa Hijackthis-logia tarkistettavaksi!
