Ongelmia tehtävänhallinnan ja automaattisten päivitysten kanssa - HJT-log liitetty

Ilmeisesti jonkinmoinen viirus tuolla koneessa jauhaa, kun ei anna asentaa ollenkaan XP SP2 pakettia, Tehtävienhallintaa ei saa käyttöön, eikä automaattiset päivityksetkään jää päälle koneen käynnistäessä.

Olisko jollain aikaa jeesata aloittelijaa ongelman kanssa.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:12:00, on 31.10.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\drivers\winlogon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\sistray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\nse\bin\NSESVC.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\Omistaja\Työpöytä\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\drivers\winlogon.exe
O4 - HKLM\..\Run: [winlogon.exe] C:\WINDOWS\system32\drivers\winlogon.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [VTkMgr.exe] C:\WINDOWS\pchealth\helpctr\binaries\VTkMgr.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1224607977859
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe


Kitos paljon jo etukäteen avusta!

 

Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä kone vikasietotilaan => OHJE
Laita piilotiedostot näkyviin =>vikasiedossa OHJE

Poista kansio/t:

- Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix.exe) työpöydälle. Tuplakilikkaa työpöydälle ilmestynyttä sdfix.exe tiedostoa. Tiedosto purkaantuu ja asentaa itsensä siihen levyasemaan, minne on käyttöjärjestelmä on asennettu ja juureen ilmestyy kansio SDFix, ESIM C:\SDFix
Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.cmd tai RunThis.bat käynnistääksesi ohjelman.
Paina Y käynnistääksesi skriptin.
Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.

Lopuksi avaa SDFix kansio ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis lokin kera.
D:

 

Kiitos nopeesta vastauksesta.. Ehdin tosin ajaa seuraavan ohjelman "Malwarebytes' Anti-Malware" ja näytti ainakin jonkunverran auttaneen. Mut tässä on tiedot molempien jälkeen.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:02:55, on 31.10.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\nse\bin\NSESVC.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\update\update.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\sistray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\Omistaja\Työpöytä\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1224607977859
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 4656 bytes








Ja täs olis SDFix log:





SDFix: Version 1.238
Run by Omistaja on pe 31.10.2008 at 22:52

Microsoft Windows XP [versio 5.1.2600]
Running From: C:\SDFix

Checking Services :


C:\WINDOWS\system32\Microsoft\backup.ftp Found

Checking files:

Genuine:
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\tftp.exe

Dummy:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\dllcache\ftp.exe

Files copied to SDFix\Backups

Restoring files if backups are found

Final Check:

Genuine:
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\tftp.exe

Dummy:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\dllcache\ftp.exe


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\Microsoft\backup.ftp - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-31 22:55:18
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\1394bus.sys 53248 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\4mmdat.sys 12288 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\61883.sys 48128 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\6to4svc.dll 100352 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ac97ali.sys 231552 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ac97via.sys 84480 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\access.cpl 70144 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\accwiz.exe 186368 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\acgenral.dll 1852416 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\aclayers.dll 450048 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\aclua.dll 137728 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\aclui.dll 114176 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\acpi.sys 187904 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\acspecfc.dll 244736 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\activ.htm 5523 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\activeds.dll 194048 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\activsvc.htm 8332 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\actlan.htm 4279 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\actshell.htm 89847 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\actxprxy.dll 101888 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\acxtrnal.dll 116224 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\adcjavas.inc 629 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\adcvbs.inc 622 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\adeskerr.htm 18387 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\admin.dll 20540 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\admin.exe 16439 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\admjoy.sys 10880 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\admparse.dll 61440 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\adojavas.inc 14610 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\adovbs.inc 14951 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\adsldp.dll 175616 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\adsldpc.dll 143360 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\adsmsext.dll 68096 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\adsnt.dll 263680 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\adv01nt5.dll 4255 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\adv02nt5.dll 3967 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\adv07nt5.dll 3647 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\adv08nt5.dll 3135 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\adv09nt5.dll 3711 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\adv11nt5.dll 3775 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\advapi32.dll 679936 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\advpack.dll 100864 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\aec.sys 142464 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\10
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\10\msft
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\10\msft\windows
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\10\msft\windows\gdiplus
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\10\msft\windows\gdiplus\gdiplus.cat 7431 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\10\msft\windows\gdiplus\gdiplus.dll 1712128 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\10\msft\windows\gdiplus\gdiplus.man 397 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\10\policy
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\10\policy\msft
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\10\policy\msft\windows
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\10\policy\msft\windows\gdiplus
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\10\policy\msft\windows\gdiplus\gdiplus.cat 7431 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\10\policy\msft\windows\gdiplus\gdiplus.man 605 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\51
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\51\msft
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\51\msft\windows
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\51\msft\windows\system
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\51\msft\windows\system\default
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\51\msft\windows\system\default\default.cat 7431 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\51\msft\windows\system\default\default.man 1237 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\51\policy
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\51\policy\msft
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\51\policy\msft\windows
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\51\policy\msft\windows\system
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\51\policy\msft\windows\system\default
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\51\policy\msft\windows\system\default\default.cat 7431 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\51\policy\msft\windows\system\default\default.man 623 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\52
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\52\msft
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\52\msft\windows
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\52\msft\windows\net
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\52\msft\windows\net\dxmrtp
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\52\msft\windows\net\dxmrtp\dxmrtp.cat 7429 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\52\msft\windows\net\dxmrtp\dxmrtp.dll 852992 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\52\msft\windows\net\dxmrtp\dxmrtp.man 1877 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\52\msft\windows\net\rtcdll
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\52\msft\windows\net\rtcdll\rtcdll.cat 7429 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\52\msft\windows\net\rtcdll\rtcdll.dll 991232 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\52\msft\windows\net\rtcdll\rtcdll.man 1177 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\52\msft\windows\net\rtcres
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\52\msft\windows\net\rtcres\rtcres.cat 7429 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\52\msft\windows\net\rtcres\rtcres.dll 133632 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\52\msft\windows\net\rtcres\rtcres.man 460 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\52\policy
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\52\policy\msft
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\52\policy\msft\windows
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\52\policy\msft\windows\networking
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\52\policy\msft\windows\networking\dxmrtp
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\52\policy\msft\windows\networking\dxmrtp\dxmrtp.cat 7429 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\52\policy\msft\windows\networking\dxmrtp\dxmrtp.man 641 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\52\policy\msft\windows\networking\rtcdll
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\52\policy\msft\windows\networking\rtcdll\rtcdll.cat 7429 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\52\policy\msft\windows\networking\rtcdll\rtcdll.man 641 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\60
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\60\msft
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\60\msft\windows
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\60\msft\windows\common
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\60\msft\windows\common\controls
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\60\msft\windows\common\controls\comctl32.dll 1050624 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\60\msft\windows\common\controls\controls.cat 7433 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\60\msft\windows\common\controls\controls.man 1862 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\60\policy
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\60\policy\60
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\60\policy\60\comctl
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\60\policy\60\comctl\comctl.cat 7429 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\60\policy\60\comctl\comctl.man 621 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\70
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\70\msft
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\70\msft\windows
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\70\msft\windows\mswincrt
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\70\msft\windows\mswincrt\msvcirt.dll 54784 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\70\msft\windows\mswincrt\msvcrt.dll 343040 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\70\msft\windows\mswincrt\mswincrt.cat 7433 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\70\msft\windows\mswincrt\mswincrt.man 500 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\70\policy
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\70\policy\msft
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\70\policy\msft\mswincrt
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\70\policy\msft\mswincrt\mswincrt.cat 7433 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\asms\70\policy\msft\mswincrt\mswincrt.man 623 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\actmovie.exe 4096 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\adv05nt5.dll 3615 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\backup\asms
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\backup\asms\60
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\hscsp_p3.cab 307091 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\nabtsfec.inf 8200 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\sdbus.inf 7256 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\accessor.inf 52478 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\acpi.inf 9456 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\agp.inf 7982 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\au.inf 12184 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\battery.inf 10856 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\bda.inf 19852 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\biosinfo.inf 48046 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\ccdecode.inf 7558 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\cdrom.inf 70898 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\cpu.inf 16266 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\defltp.inf 25384 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\devxprop.inf 79060 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\disk.inf 10654 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\dpcdll.dll 97280 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\dpup.inf 19385 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\drvindex.inf 67816 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\fltmgr.inf 2474 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\hiddigi.inf 7504 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\hidserv.inf 8868 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\ie.inf 108378 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\ieaccess.inf 1658 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\iis.inf 139434 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\ims.inf 98362 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\input.inf 106304 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\intl.inf 852152 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\keyboard.inf 62782 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\ks.inf 74868 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\kscaptur.inf 48142 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\ksfilter.inf 19880 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\layout.inf 384809 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\machine.inf 171158 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\mchgr.inf 32400 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\mdac.inf 23586 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\mpe.inf 6712 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\mshdc.inf 55228 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\msoe50.inf 37034 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\mstape.inf 33944 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\multimed.inf 11720 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\ndisip.inf 13514 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\netfw.inf 1394 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\netip6.inf 12224 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\netmscli.inf 23462 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\netoc.inf 18664 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\netrass.inf 78288 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\nettcpip.inf 48436 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\netupnph.inf 6480 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\netwzc.inf 7978 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\nt5inf.cat 523682 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\ntprint.inf 1498958 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\oobe.inf 12694 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\p2p.inf 13298 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\pchealth.inf 9850 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\pidgen.dll 24064 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\pnpscsi.inf 106464 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\sceregvl.inf 36564 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\scsi.inf 21648 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\secrecs.inf 16482 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\sffdisk.inf 5296 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\shell.inf 52960 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\shl_img.inf 13062 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\slip.inf 7204 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\smartcrd.inf 47428 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\startoc.cat 168806 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\startoc.dll 22016 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\startoc.inf 109098 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\streamip.inf 11774 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\swflash.inf 3728 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\sysoc.inf 3430 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\syssetup.inf 70172 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\tape.inf 67212 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\tsoc.inf 229566 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\update1p.chm 67901 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\usbport.inf 47374 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\usbvideo.inf 24086 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\wordpad.inf 16188 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\wstcodec.inf 7230 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\xpsp1res.dll 186368 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\ic\xpsp2res.dll 2897920 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\imjpdct.exe 307257 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\pintlgd.imd 825038 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\chajei.ime 78336 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\chtmbx.dll 97792 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\chtskdic.dll 56320 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\chtskf.dll 173568 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\cintime.dll 198656 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\cintlgnt.ime 21504 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\cintsetp.exe 480256 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\cplexe.exe 57399 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\dayi.ime 78848 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\imekr61.ime 94720 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\imekrcic.dll 106496 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\imekrmbx.dll 86016 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\imjp81.ime 340023 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\imjp81k.dll 811064 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\imjpcd.dic 110637 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\imjpcic.dll 368696 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\imjpcus.dll 716856 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\imjpdct.dll 81976 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\imjpdsvr.exe 155705 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\imjpinst.exe 196665 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\imjpinst.ini 9605 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\imjpmig.exe 208952 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\imjprw.exe 233527 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\imjputy.exe 262200 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\imjputyc.dll 274489 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\imlang.dll 102456 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\imscinst.exe 59392 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\miniime.tpl 11776 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\padrs404.dll 15872 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\padrs804.dll 15360 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\phon.ime 79360 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\pintlcsa.dll 175104 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\pintlcsd.dic 174803 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\pintlcsd.dll 53760 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\pintlcsk.dic 487472 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\pintlgc.imd 188140 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\pintlgdx.imd 867242 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\pintlgi.imd 948656 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\pintlgix.imd 1004904 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\pintlgl.imd 208744 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\pintlgne.chm 114148 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\pintlgnt.chm 96585 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\pintlgnt.ime 482304 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\pintlgr.imd 733292 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\pintlgs.imd 10011497 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\pintlphr.exe 70144 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\pmigrate.dll 67584 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\quick.ime 77824 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\romanime.ime 26112 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\tintlgnt.ime 571392 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\tintlphr.exe 44032 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\tintsetp.exe 455168 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\tmigrate.dll 10240 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\unicdime.ime 65024 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\uniime.dll 76288 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\voicepad.dll 426041 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\voicesub.dll 86073 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\winar30.ime 79360 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\winime.ime 65536 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\winpy.ime 156672 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\winsp.ime 156672 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\lang\winzm.ime 156672 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\new\secupd.dat 4569 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\new\secupd.sig 7208 bytes
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\root\cmpnents
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\root\cmpnents\tabletpc
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\root\cmpnents\tabletpc\i386
C:\WINDOWS\SoftwareDistribution\Download\2b94449f421467d120753dd55090b2ec\root\cmpnents\tabletpc\i386\viewer.htm 2869 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 277


Remaining Services :




Authorized Application Key Export:

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip


The following Winrar archives contain Backdoor IRC Worms!

C:\Documents and Settings\All Users\Tiedostot\Leffoja\Tekstej„\Sarjat\Babylon 5\Babylon.5.Season.4.divxfinland.org.v1.1.rar\ffogpwW.exe
C:\Documents and Settings\All Users\Tiedostot\Leffoja\Tekstej„\Sarjat\TOS\Season 1\Star Trek - The Original Series 1966 - 1967 _25fps.rar\s13x4U6.exe
C:\Documents and Settings\All Users\Tiedostot\Leffoja\Tekstej„\Sarjat\voyager\Star Trek Voyager Season 2 english subtitles srt.rar\RPpNpiq.exe
C:\Documents and Settings\All Users\Tiedostot\Leffoja\Tekstej„\Sarjat\voyager\Star.Trek.Voyager.Season.1.DVDRip.English.subtitles srt.rar\P7R45Kp.exe

Note - SDFix does not repair these files!

Files with Hidden Attributes :


Finished!




Jäiköhän sinne jäljelle vielä jotain soopaa?

 

Siirrä HijackThis.exe hakemistoon C:\HJT\

Hiiren oikealla napilla pääset nimeämään HijackThis.exe uudelleen vaikka hoojiitee.exe
Scannaa koneesi sillä ja lähetä logi tänne.

-----------------------------------------------

Poista kansio:
C:\SDFix\

---------------------------

Laita logit hoojiiteellä tehty.
ja Malware Byteksen logi jonka ajoit.
=>

 

Moro,

Tässä uusin logi HJT:llä

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:04:59, on 4.11.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\DC++\DCPlusPlus.exe
C:\Norman\nse\bin\NSESVC.EXE
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\HJT\hoojiitee.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1224607977859
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 5397 bytes





Ja sitten tuolla Malwarella ajettu olis tälläänen:


Malwarebytes' Anti-Malware 1.30
Tietokantaversio: 1345
Windows 5.1.2600 Service Pack 3

4.11.2008 21:52:34
mbam-log-2008-11-04 (21-52-34).txt

Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 121044
Kulunut aika: 43 minute(s), 45 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)



Tällästä löyty..

 

Hienoa päivitit Winukan !!!

4. Asenna uusin Java päivitys seuraavasta linkistä..

http://java.sun.com/javase/downloads/index.jsp

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6 Update 10

Paina Download

Valitse Platform -kohtaan käyttöjärjestelmäsi Windows.

Ruksaa I agree to the Java SE Runtime Environment 6 License Agreement.

Paina Continue.

Paina Windows Offline Installation:in alapuolelta jre-6u10-windows-i586-p.exe.

Tallenna tiedosto vaikka työpöydälle ja asenna se.

5. Käynnistä kone uudelleen asennuksen jälkeen.

6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).

7. General-välilehdellä klikkaa Settings. Vedä liukusäädintä (Disk Space) pienemmälle.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Klikkaa Delete Files -nappia. Varmista että kaikki kaksi valintaa ovat rastitettuja:

* Applications and Applets

* Trace and Log Files


Ja paina OK -nappia
Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA.

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.

10. Välilehti Update: ota ruksi pois kohdasta Check for Updates automatically

Valitse Never check

11. Klikkaa Apply ja OK jättääksesi Java asetusikkunasi.

-------------------------------------------------------------------------

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
*
* Kuinka kone toimii nyt ???
.

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:47:35, on 5.11.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\nse\bin\NSESVC.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\BIN\NIP.EXE
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\hoojiitee.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1224607977859
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 5410 bytes



Tällaista tällä kertaa..

 

Niin ja kone toimii niinkuin junan vessa. Kiitokset siitä sinulle!

 

OK D: