rekisterin siivous

Voisiko joku kertoa mistä saisi ilmaisen hyvän rekisterin siivous ohjelman, koska kävin yhdellä sivulla ja latasin yhden jutun ja sen mukana tuli joku spyware, ja kone valittaa koko ajan et joku korruptoitunut rekisteri spyware.

 

tää saattaa auttaa?


-> Lataa Hijackthis: http://koti.mbnet.fi/pattaya1/HijackThis.exe
-> Tallenna hakemistoon C:\hjt
->Uudelleennimeä HijackThis.exe -> scanner.exe:ksi näin:
1. Klikkaa hiiren oikealla painikkeella HijackThis ikonia.


2. Valitse Uudelleennineä/ Rename.


3. Kirjoita scanner.exe

-> Käynnistä HijackThis ja klikkaa: do a system scan and save a logfile.
-> Lähetä ilmestynyt logisi tähän ketjuun

 

Logfile of HijackThis v1.99.1
Scan saved at 20:03:08, on 20.5.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\tcpipmon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\tcpipmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\hjt\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.freeze.com/?s=sharks&g=1&pc=&bd1=51&bd2=51&bd3=180&ipc=FI&sd1=54&sd2=75&sd3=207
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\System32\jnbjghtb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {ADE5DCCD-F3B2-41E5-B8F4-7BDA6598C897} - C:\WINDOWS\System32\pmkji.dll
O2 - BHO: (no name) - {CACA7731-9C77-464A-B1B7-462281DD8164} - C:\WINDOWS\System32\nnnmmmn.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\System32\ivgjqvkb.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{D62FCBB7-18BD-40C1-BD00-343339B58E59}: NameServer = 213.139.190.3 212.50.131.153
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: nnnmmmn - C:\WINDOWS\SYSTEM32\nnnmmmn.dll
O20 - Winlogon Notify: pmkji - C:\WINDOWS\System32\pmkji.dll
O20 - Winlogon Notify: wingsa32 - C:\WINDOWS\SYSTEM32\wingsa32.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

 

noniin. mitäs tuosta nyt niinku pitäs nähdä

 

Lataa SmitfraudFix (by S!Ri) työpöydällesi.

Tuplaklikkaa tiedostoa SmitfraudFix.exe

Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
Postita tämän tekstitiedoston sisältö viestiketjuusi.

**Jos työkalu ei käynnisty työpöydältä niin siirrä SmitfraudFix.exe suoraan järjestelmäaseman juureen (yleensä C:). Kokeile sitten käynnistää ohjelma uudestaan sieltä.

Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää.
http://www.beyondlogic.org/consulting/processutil/processutil.htm

==========

Printtaa ohjeet ulos tai tallenna nämä tekstitiedostoon.

Käynnistä koneesi vikasietotilaanja valitse tavallinen käyttäjätilisi.


Kun vikasietotilassa, tuplaklikkaa tiedostoa SmitfraudFix.exe
Valitse optio #2 - Clean kirjoittamalla 2 ja painamalla "Enter" poistaaksesi tarttuneet tiedostot.

Sinulta kysytään: "Registry cleaning - Do you want to clean the registry ?"; vastaa "Yes" kirjoittamalla Y ja paina "Enter" poistaaksesi työpöydän taustakuvan ja puhdistaaksesi tarttuneet rekisteriavaimet.

Työkalu tarkistaa jos wininet.dll on tarttunut. Sinua saatetaan pyytää korvaamaan tarttunut .dll (jos löytyy); vastaa "Yes" kirjoittamalla Y ja painamalla "Enter".

Työkalun saattaa tarvita käynnistää kone uudelleen; jos ei tee niin, käynnistä normaaliin Windowsiin.
Tekstitiedosto ilmestyy, puhdistusprosessin jäljiltä; kopioi & liitä tämän raportin tulokset vastaukseesi.
Raportti löytyy paikalliselta levyltäsi, useimmiten C:\rapport.txt.

=========0

Lataa VundoFix.exe työpöydällesi.
*Tupla-klikkaa VundoFix.exe ajaaksesi sen.
*Klikkaa Scan for Vundo valintaa.
*Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
*Sinulta kysytään haluatko poistaa filut - klikkaa YES.
*Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
*Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
*Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.


Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

========

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

==========

Uusi Hijackthis logi myös nii jatketaan

 

eikö ois helpompaa asentaa windows uudestaan näyttää aika monimutkaselta

 

Njaa, se on miten kukin asian näkee. Saatat oppia vaikka jotain uutta

 

tässä ton ensimmäisen kohdan loki


SmitFraudFix v2.183

Scan done at 22:03:45,71, su 20.05.2007
Run from C:\Documents and Settings\juhani.karjalainen\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\tcpipmon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\tcpipmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\tcpipmon.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\juhani.karjalainen


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\juhani.karjalainen\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JUHANI~1.KAR\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 192.168.62.1
DNS Server Search Order: 0.0.0.0

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 213.139.190.3
DNS Server Search Order: 212.50.131.153

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B5C7ADD6-6A89-44E1-90C3-8E8843F70092}: DhcpNameServer=192.168.62.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D62FCBB7-18BD-40C1-BD00-343339B58E59}: NameServer=213.139.190.3 212.50.131.153
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B5C7ADD6-6A89-44E1-90C3-8E8843F70092}: DhcpNameServer=192.168.62.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D62FCBB7-18BD-40C1-BD00-343339B58E59}: NameServer=213.139.190.3 212.50.131.153
HKLM\SYSTEM\CS2\Services\Tcpip\..\{B5C7ADD6-6A89-44E1-90C3-8E8843F70092}: DhcpNameServer=192.168.62.1 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D62FCBB7-18BD-40C1-BD00-343339B58E59}: NameServer=213.139.190.3 212.50.131.153
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.62.1 0.0.0.0


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End



=====

tässä toisen


SmitFraudFix v2.183

Scan done at 22:11:53,79, su 20.05.2007
Run from C:\Documents and Settings\juhani.karjalainen\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\tcpipmon.exe Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B5C7ADD6-6A89-44E1-90C3-8E8843F70092}: DhcpNameServer=192.168.62.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B5C7ADD6-6A89-44E1-90C3-8E8843F70092}: DhcpNameServer=192.168.62.1 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\..\{B5C7ADD6-6A89-44E1-90C3-8E8843F70092}: DhcpNameServer=192.168.62.1 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D62FCBB7-18BD-40C1-BD00-343339B58E59}: NameServer=213.139.190.3 212.50.131.153
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.62.1 0.0.0.0


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

=======


ja tässä vundon loki



VundoFix V6.3.23

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 22:15:47 20.5.2007

Listing files found while scanning....

C:\WINDOWS\system32\bkvqjgvi.ini
C:\WINDOWS\system32\ivgjqvkb.dll
C:\WINDOWS\system32\lpyhufyb.dll
C:\WINDOWS\System32\pmkji.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\bkvqjgvi.ini
C:\WINDOWS\system32\bkvqjgvi.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ivgjqvkb.dll
C:\WINDOWS\system32\ivgjqvkb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lpyhufyb.dll
C:\WINDOWS\system32\lpyhufyb.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\pmkji.dll
C:\WINDOWS\System32\pmkji.dll Has been deleted!

Performing Repairs to the registry.
Done!

====

ja tässä tuore hijack


Logfile of HijackThis v1.99.1
Scan saved at 22:27:31, on 20.5.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\hjt\scanner.exe.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3862467F-7460-43BE-A63E-E44BE0FEC8B7} - C:\WINDOWS\System32\pmkji.dll (file missing)
O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\System32\jnbjghtb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {CACA7731-9C77-464A-B1B7-462281DD8164} - C:\WINDOWS\System32\nnnmmmn.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\System32\ivgjqvkb.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{D62FCBB7-18BD-40C1-BD00-343339B58E59}: NameServer = 213.139.190.3 212.50.131.153
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: nnnmmmn - C:\WINDOWS\SYSTEM32\nnnmmmn.dll
O20 - Winlogon Notify: wingsa32 - C:\WINDOWS\SYSTEM32\wingsa32.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

 

Oli vähä ongelmaa ton viimesen jutun kans mut onnistu sitte. Eli nyt tämä viimenen loki.


"juhani.karjalainen" - 2007-05-20 22:29:53 Service Pack 1
ComboFix 07-05.21.2.V - Running from: "C:\Program Files\Mozilla Firefox\"

Rootkit driver xpdt is present. ... attempting disinfection
xpdt ...... driver unloaded successfully.
ADS removed - system32: deleted 78560 bytes in 1 streams.

(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\jnbjghtb.dll
C:\WINDOWS\system32\wingsa32.dll
C:\WINDOWS\system32\ijkmp.bak1
C:\WINDOWS\system32\ijkmp.ini
C:\WINDOWS\system32\nnnmmmn.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-20 ))))))))))))))))))))))))))))))))))


2007-05-20 22:15 <DIR> d-------- C:\VundoFix Backups
2007-05-20 22:03 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-05-20 22:03 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-05-20 22:03 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-05-20 22:03 2,654 --a------ C:\WINDOWS\system32\tmp.reg
2007-05-20 20:01 <DIR> d-------- C:\hjt
2007-05-20 18:40 <DIR> d-------- C:\Program Files\ToniArts
2007-05-20 18:39 <DIR> d-------- C:\Program Files\Yahoo!
2007-05-20 18:38 <DIR> d-------- C:\Program Files\CCleaner
2007-05-20 18:31 <DIR> d-------- C:\Program Files\CleanMyPC
2007-05-20 18:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-05-20 18:30 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-05-20 18:30 <DIR> d-------- C:\Program Files\Lavasoft
2007-05-20 18:29 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-05-20 18:28 98,816 --a------ C:\WINDOWS\system32\dmstyle.dll
2007-05-20 18:28 974,848 --a------ C:\WINDOWS\system32\dxdiag.exe
2007-05-20 18:28 83,968 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2007-05-20 18:28 80,896 --a------ C:\WINDOWS\system32\dpvsetup.exe
2007-05-20 18:28 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll
2007-05-20 18:28 797,184 --a------ C:\WINDOWS\system32\d3dim700.dll
2007-05-20 18:28 79,360 --a------ C:\WINDOWS\system32\dpwsockx.dll
2007-05-20 18:28 77,824 --a------ C:\WINDOWS\system32\dpmodemx.dll
2007-05-20 18:28 76,800 --a------ C:\WINDOWS\system32\dmscript.dll
2007-05-20 18:28 733,184 --a------ C:\WINDOWS\system32\qedwipes.dll
2007-05-20 18:28 723,968 --a------ C:\WINDOWS\system32\dpnet.dll
2007-05-20 18:28 7,424 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2007-05-20 18:28 68,096 --a------ C:\WINDOWS\system32\dpnhupnp.dll
2007-05-20 18:28 64,512 --a------ C:\WINDOWS\system32\amstream.dll
2007-05-20 18:28 602,624 --a------ C:\WINDOWS\system32\dx7vb.dll
2007-05-20 18:28 58,368 --a------ C:\WINDOWS\system32\dmcompos.dll
2007-05-20 18:28 52,096 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2007-05-20 18:28 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys
2007-05-20 18:28 5,248 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2007-05-20 18:28 491,520 --a------ C:\WINDOWS\system32\dsdmoprp.dll
2007-05-20 18:28 48,512 --a------ C:\WINDOWS\system32\drivers\stream.sys
2007-05-20 18:28 470,528 --a------ C:\WINDOWS\system32\qdvd.dll
2007-05-20 18:28 47,104 --a------ C:\WINDOWS\system32\wstdecod.dll
2007-05-20 18:28 46,592 --a------ C:\WINDOWS\system32\dxdllreg.exe
2007-05-20 18:28 4,608 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2007-05-20 18:28 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-05-20 18:28 4,096 --a------ C:\WINDOWS\system32\drivers\swenum.sys
2007-05-20 18:28 381,952 --a------ C:\WINDOWS\system32\dsound.dll
2007-05-20 18:28 381,952 --a------ C:\WINDOWS\system32\dpvoice.dll
2007-05-20 18:28 354,816 --a------ C:\WINDOWS\system32\psisdecd.dll
2007-05-20 18:28 34,304 --a------ C:\WINDOWS\system32\mciqtz32.dll
2007-05-20 18:28 33,280 --a------ C:\WINDOWS\system32\dmloader.dll
2007-05-20 18:28 324,096 --a------ C:\WINDOWS\system32\mswebdvd.dll
2007-05-20 18:28 32,768 --a------ C:\WINDOWS\system32\dpnhpast.dll
2007-05-20 18:28 316,928 --a------ C:\WINDOWS\system32\qdv.dll
2007-05-20 18:28 3,072 --a------ C:\WINDOWS\system32\dpnlobby.dll
2007-05-20 18:28 3,072 --a------ C:\WINDOWS\system32\dpnaddr.dll
2007-05-20 18:28 292,864 --a------ C:\WINDOWS\system32\ddraw.dll
2007-05-20 18:28 28,160 --a------ C:\WINDOWS\system32\dplaysvr.exe
2007-05-20 18:28 27,136 --a------ C:\WINDOWS\system32\dmband.dll
2007-05-20 18:28 257,024 --a------ C:\WINDOWS\system32\qcap.dll
2007-05-20 18:28 24,064 --a------ C:\WINDOWS\system32\ddrawex.dll
2007-05-20 18:28 230,400 --a------ C:\WINDOWS\system32\dplayx.dll
2007-05-20 18:28 19,968 --a------ C:\WINDOWS\system32\dpvacm.dll
2007-05-20 18:28 186,880 --a------ C:\WINDOWS\system32\dsdmo.dll
2007-05-20 18:28 181,248 --a------ C:\WINDOWS\system32\dmime.dll
2007-05-20 18:28 18,944 --a------ C:\WINDOWS\system32\encapi.dll
2007-05-20 18:28 18,688 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2007-05-20 18:28 18,432 --a------ C:\WINDOWS\system32\dswave.dll
2007-05-20 18:28 173,056 --a------ C:\WINDOWS\system32\qasf.dll
2007-05-20 18:28 16,896 --a------ C:\WINDOWS\system32\msyuv.dll
2007-05-20 18:28 16,896 --a------ C:\WINDOWS\system32\dpnsvr.exe
2007-05-20 18:28 16,384 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys
2007-05-20 18:28 15,104 --a------ C:\WINDOWS\system32\drivers\mpe.sys
2007-05-20 18:28 14,976 --a------ C:\WINDOWS\system32\drivers\streamip.sys
2007-05-20 18:28 132,608 --a------ C:\WINDOWS\system32\devenum.dll
2007-05-20 18:28 130,304 --a------ C:\WINDOWS\system32\drivers\ks.sys
2007-05-20 18:28 13,312 --a------ C:\WINDOWS\system32\msdmo.dll
2007-05-20 18:28 122,880 --a------ C:\WINDOWS\system32\dmusic.dll
2007-05-20 18:28 112,128 --a------ C:\WINDOWS\system32\dpvvox.dll
2007-05-20 18:28 11,392 --a------ C:\WINDOWS\system32\drivers\bdasup.sys
2007-05-20 18:28 100,864 --a------ C:\WINDOWS\system32\dmsynth.dll
2007-05-20 18:28 10,880 --a------ C:\WINDOWS\system32\drivers\slip.sys
2007-05-20 18:28 10,112 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2007-05-20 18:28 1,962,496 --a------ C:\WINDOWS\system32\quartz.dll
2007-05-20 18:28 1,798,144 --a------ C:\WINDOWS\system32\qedit.dll
2007-05-20 18:28 1,769,472 --a------ C:\WINDOWS\system32\dxdiagn.dll
2007-05-20 18:28 1,703,936 --a------ C:\WINDOWS\system32\d3d9.dll
2007-05-20 18:28 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll
2007-05-20 18:28 1,230,336 --a------ C:\WINDOWS\system32\msvidctl.dll
2007-05-20 18:28 1,201,152 --a------ C:\WINDOWS\system32\d3d8.dll
2007-05-20 18:28 1,189,888 --a------ C:\WINDOWS\system32\dx8vb.dll
2007-05-20 18:00 82,944 --a------ C:\intvuvmp.exe
2007-05-20 18:00 7,200 --a------ C:\mgvrprgl.exe
2007-05-20 18:00 48,128 --a------ C:\inlw.exe
2007-05-20 18:00 29,206 --------- C:\WINDOWS\system32\nnnmmmn.dll
2007-05-20 18:00 13,824 --a------ C:\WINDOWS\system32\max1d1641.exe
2007-05-19 10:26 <DIR> d-------- C:\WINDOWS\Profiles
2007-05-19 10:26 <DIR> d-------- C:\DOCUME~1\JUHANI~1.KAR\APPLIC~1\InterTrust
2007-05-11 17:04 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-05-11 17:03 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-05-11 17:02 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-05-11 17:00 <DIR> dr-h----- C:\MSOCache
2007-05-10 15:38 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-05-10 15:35 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-05-07 12:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
2007-05-07 12:52 <DIR> d-------- C:\Program Files\Knowledge Adventure
2007-05-05 10:58 <DIR> d-------- C:\Program Files\mIRC
2007-04-28 23:17 <DIR> d---s---- C:\Program Files\Xfire
2007-04-28 23:17 <DIR> d-------- C:\DOCUME~1\JUHANI~1.KAR\APPLIC~1\Xfire
2007-04-28 19:33 <DIR> d-------- C:\DOCUME~1\JUHANI~1.KAR\APPLIC~1\uTorrent
2007-04-27 21:38 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-04-27 21:38 249,856 --------- C:\WINDOWS\Setup1.exe
2007-04-27 21:38 <DIR> d-------- C:\Program Files\Areena 5
2007-04-27 21:38 <DIR> d-------- C:\DOCUME~1\JUHANI~1.KAR\APPLIC~1\WinRAR
2007-04-25 21:15 <DIR> d-------- C:\Program Files\HP
2007-04-25 21:14 306,688 --a------ C:\WINDOWS\IsUn040b.exe
2007-04-25 21:13 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-04-25 15:51 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2007-04-25 15:51 77,824 --a------ C:\WINDOWS\system32\MSBIND.DLL
2007-04-25 15:51 76,288 --a------ C:\WINDOWS\system32\SSFM1032.DLL
2007-04-25 15:51 734,504 --a------ C:\WINDOWS\system32\crviewer.dll
2007-04-25 15:51 671,801 --a------ C:\WINDOWS\system32\exlate32.dll
2007-04-25 15:51 622,592 --a------ C:\WINDOWS\system32\Crpaig80.dll
2007-04-25 15:51 5,206,077 --a------ C:\WINDOWS\system32\craxdrt.dll
2007-04-25 15:51 5,038,137 --a------ C:\WINDOWS\system32\crpe32.dll
2007-04-25 15:51 489,128 --a------ C:\WINDOWS\system32\tdbgpp7.dll
2007-04-25 15:51 397,312 --------- C:\WINDOWS\system32\MSRDO20.DLL
2007-04-25 15:51 389,120 --a------ C:\WINDOWS\system32\AXA32.DLL
2007-04-25 15:51 33,040 --a------ C:\WINDOWS\system32\dbmsspxn.dll
2007-04-25 15:51 33,040 --a------ C:\WINDOWS\system32\dbmsshrn.dll
2007-04-25 15:51 307,200 --a------ C:\WINDOWS\system32\p2sodbc.dll
2007-04-25 15:51 28,944 --a------ C:\WINDOWS\system32\dbmssocn.dll
2007-04-25 15:51 249,856 --a------ C:\WINDOWS\system32\todgub7.dll
2007-04-25 15:51 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-04-25 15:51 176,128 --a------ C:\WINDOWS\system32\CW3215.DLL
2007-04-25 15:51 17,920 --a------ C:\WINDOWS\system32\Implode.dll
2007-04-25 15:51 151,552 --a------ C:\WINDOWS\system32\rdocurs.dll
2007-04-25 15:51 14,336 --a------ C:\WINDOWS\system32\delphimm.dll
2007-04-25 15:51 123,392 --a------ C:\WINDOWS\system32\DZIP32.DLL
2007-04-25 15:51 119,056 --a------ C:\WINDOWS\system32\SQLSTR.DLL
2007-04-25 15:51 100,352 --a------ C:\WINDOWS\system32\pg32conv.dll
2007-04-25 15:51 100,352 --a------ C:\WINDOWS\system32\DUNZIP32.DLL
2007-04-25 15:51 1,167,360 --a------ C:\WINDOWS\system32\sscsdk80.dll
2007-04-25 15:51 <DIR> d-------- C:\WINDOWS\Crystal
2007-04-25 15:51 <DIR> d-------- C:\Program Files\Seagate Software
2007-04-25 15:51 <DIR> d-------- C:\Program Files\Common Files\Borland Shared
2007-04-25 15:51 <DIR> d-------- C:\Maa
2007-04-25 15:51 <DIR> d-------- C:\Bedriftw
2007-04-25 09:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Winferno
2007-04-25 07:50 <DIR> d-------- C:\Program Files\Freeze.com
2007-04-25 07:49 <DIR> d-------- C:\Program Files\Free Offers from Freeze.com
2007-04-23 07:40 28,672 --a------ C:\WINDOWS\system32\ssconfig.exe
2007-04-23 07:40 180,224 --a------ C:\WINDOWS\UninstallWSST.exe
2007-04-23 07:36 45,056 --a------ C:\WINDOWS\system32\sstunst3.exe
2007-04-22 22:38 <DIR> d-------- C:\Program Files\7art
2007-04-22 22:27 1,056,768 --a------ C:\WINDOWS\system32\FreeImage.dll
2007-04-22 22:27 <DIR> d-------- C:\Program Files\Astro Gemini Software
2007-04-21 20:50 56,576 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-04-21 20:50 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-04-21 20:50 24,960 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-04-21 20:50 23,070 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2007-04-21 20:50 20,480 --a------ C:\WINDOWS\system32\hidserv.dll
2007-04-21 20:49 4,736 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2007-04-21 20:48 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-04-21 20:48 9,008 --a------ C:\WINDOWS\system\VER.DLL
2007-04-21 20:48 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-04-21 20:48 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-04-21 20:48 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-04-21 20:48 71,168 --a------ C:\WINDOWS\system32\storprop.dll
2007-04-21 20:48 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-04-21 20:48 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-04-21 20:48 68,928 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-04-21 20:48 66,048 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-04-21 20:48 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-04-21 20:48 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-04-21 20:48 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-04-21 20:48 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-04-21 20:48 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-04-21 20:48 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-04-21 20:48 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-04-21 20:48 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-04-21 20:48 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-04-21 20:48 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-04-21 20:48 6,656 --a------ C:\WINDOWS\system32\batt.dll
2007-04-21 20:48 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-04-21 20:48 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-04-21 20:48 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-04-21 20:48 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-04-21 20:48 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-04-21 20:48 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-04-21 20:48 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-04-21 20:48 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-04-21 20:48 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-04-21 20:48 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-04-21 20:48 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-04-21 20:48 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-04-21 20:48 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-04-21 20:48 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-04-21 20:48 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-04-21 20:48 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-04-21 20:48 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-04-21 20:48 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-04-21 20:48 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-04-21 20:48 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-04-21 20:48 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-04-21 20:48 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-04-21 20:48 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-04-21 20:48 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-04-21 20:48 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-04-21 20:48 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-04-21 20:48 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-04-21 20:48 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-04-21 20:48 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-04-21 20:48 10,496 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-04-21 20:48 <DIR> dr------- C:\Program Files
2007-04-21 20:48 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-04-21 20:48 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-04-21 20:48 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-04-21 20:47 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-04-21 20:47 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-04-21 20:47 <DIR> d-------- C:\Documents and Settings
2007-04-21 20:43 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-04-21 20:43 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-04-21 20:43 <DIR> dr------- C:\WINDOWS\Web
2007-04-21 20:43 <DIR> d-a------ C:\WINDOWS\system32
2007-04-21 20:43 <DIR> d--h----- C:\WINDOWS\inf
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\WinSxS
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\twain_32
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\wins
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\spool
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\ras
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\npp
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\mui
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\IME
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\ias
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\export
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\config
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\3076
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\2052
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\1054
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\1042
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\1041
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\1037
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\1033
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\1031
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\1028
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\1025
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\security
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\Resources
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\repair
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\mui
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\msapps
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\msagent
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\Media
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\ime
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\Help
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\Debug
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\Cursors
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\Config
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\AppPatch
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\addins
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS
2007-04-21 19:08 <DIR> d-------- C:\Program Files\MSN Messenger
2007-04-21 19:04 <DIR> d-------- C:\Program Files\Betsson Poker
2007-04-21 16:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ubisoft
2007-04-21 16:57 <DIR> d-------- C:\directX
2007-04-21 16:56 <DIR> d-------- C:\Program Files\Webteh
2007-04-21 16:55 <DIR> d-------- C:\Program Files\ffdshow
2007-04-21 16:55 <DIR> d-------- C:\Program Files\AC3Filter
2007-04-21 16:54 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-04-21 16:54 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-04-21 16:54 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-04-21 16:53 <DIR> d---s---- C:\DOCUME~1\JUHANI~1.KAR\UserData
2007-04-21 16:52 22,016 --a------ C:\WINDOWS\system32\drivers\mouclass.sys
2007-04-21 16:52 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-04-21 16:52 <DIR> d-------- C:\Program Files\Microsoft IntelliPoint
2007-04-21 16:50 <DIR> d--hs---- C:\RECYCLER
2007-04-21 16:48 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-04-21 16:47 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-04-21 16:47 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-04-21 16:47 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-04-21 16:47 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-04-21 16:47 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-04-21 16:47 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-04-21 16:47 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-04-21 16:43 <DIR> d-------- C:\DOCUME~1\JUHANI~1.KAR\.musikproject
2007-04-21 16:42 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2007-04-21 16:42 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2007-04-21 16:42 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2007-04-21 16:42 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2007-04-21 16:42 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2007-04-21 16:42 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2007-04-21 16:42 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2007-04-21 16:42 0 --a------ C:\WINDOWS\nsreg.dat
2007-04-21 16:42 <DIR> d-------- C:\Program Files\Sygate
2007-04-21 16:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-21 16:41 99,970 --a------ C:\WINDOWS\UninstallFirefox.exe
2007-04-21 16:41 3,296 --a------ C:\WINDOWS\mozver.dat
2007-04-21 16:38 67,072 --a------ C:\WINDOWS\system32\usbui.dll
2007-04-21 16:38 62,976 --a------ C:\WINDOWS\system32\drivers\pci.sys
2007-04-21 16:38 51,968 --a------ C:\WINDOWS\system32\drivers\usbhub.sys
2007-04-21 16:38 35,840 --a------ C:\WINDOWS\system32\drivers\isapnp.sys
2007-04-21 16:38 3,328 --a------ C:\WINDOWS\system32\drivers\pciide.sys
2007-04-21 16:38 23,680 --a------ C:\WINDOWS\system32\drivers\pciidex.sys
2007-04-21 16:38 19,328 --a------ C:\WINDOWS\system32\drivers\usbuhci.sys
2007-04-21 16:38 135,552 --a------ C:\WINDOWS\system32\drivers\usbport.sys
2007-04-21 16:38 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-04-21 16:38 <DIR> d-------- C:\Program Files\Intel
2007-04-21 16:37 77,440 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-04-21 16:37 720,896 --a------ C:\WINDOWS\system32\a3d.dll
2007-04-21 16:37 57,856 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-04-21 16:37 56,832 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-04-21 16:37 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-04-21 16:37 539,008 --a------ C:\WINDOWS\system32\drivers\smwdm.sys
2007-04-21 16:37 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-04-21 16:37 5,888 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-04-21 16:37 45,056 --a------ C:\WINDOWS\system32\CleanUp.exe
2007-04-21 16:37 4,816 --a------ C:\WINDOWS\system32\drivers\aeaudio.sys
2007-04-21 16:37 36,864 --a------ C:\WINDOWS\system32\DSndUp.exe
2007-04-21 16:37 3,744 --a------ C:\WINDOWS\system32\drivers\smsens.sys
2007-04-21 16:37 2,816 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-04-21 16:37 159,360 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-04-21 16:37 142,208 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-04-21 16:37 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-04-21 16:37 <DIR> d-------- C:\Program Files\Analog Devices
2007-04-21 16:36 <DIR> d-------- C:\fsc.tmp
2007-04-21 16:32 176,128 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-04-21 16:32 <DIR> d-------- C:\WINDOWS\nview
2007-04-21 16:32 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-04-21 16:32 <DIR> d-------- C:\NVIDIA
2007-04-21 16:31 1,835,008 --ah----- C:\DOCUME~1\JUHANI~1.KAR\NTUSER.DAT
2007-04-21 16:29 233,472 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-04-21 16:29 233,472 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-04-21 16:29 <DIR> d--hs---- C:\System Volume Information
2007-04-21 16:29 <DIR> d-------- C:\WINDOWS\Prefetch
2007-04-21 16:11 233,472 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-04-21 16:11 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-04-21 16:11 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-04-21 16:09 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-04-21 16:08 68,608 --a------ C:\WINDOWS\system32\locator.exe
2007-04-21 16:08 67,584 --a------ C:\WINDOWS\system32\magnify.exe
2007-04-21 16:08 544,256 --a------ C:\WINDOWS\system32\crypt32.dll
2007-04-21 16:08 532,480 --a------ C:\WINDOWS\system32\rpcrt4.dll
2007-04-21 16:08 53,760 --a------ C:\WINDOWS\system32\cryptsvc.dll
2007-04-21 16:08 51,200 --a------ C:\WINDOWS\system32\narrator.exe
2007-04-21 16:08 37,888 --a------ C:\WINDOWS\system32\hhsetup.dll
2007-04-21 16:08 32,256 --a------ C:\WINDOWS\system32\msgsvc.dll
2007-04-21 16:08 316,928 --a------ C:\WINDOWS\system32\zipfldr.dll
2007-04-21 16:08 260,608 --a------ C:\WINDOWS\system32\rpcss.dll
2007-04-21 16:08 238,080 --a------ C:\WINDOWS\system32\newdev.dll
2007-04-21 16:08 226,816 --a------ C:\WINDOWS\system32\srrstr.dll
2007-04-21 16:08 212,480 --a------ C:\WINDOWS\system32\osk.exe
2007-04-21 16:08 179,200 --a------ C:\WINDOWS\system32\accwiz.exe
2007-04-21 16:08 125,440 --a------ C:\WINDOWS\system32\shmedia.dll
2007-04-21 16:08 122,368 --a------ C:\WINDOWS\system32\itss.dll
2007-04-21 16:08 10,752 --a------ C:\WINDOWS\hh.exe
2007-04-21 16:08 1,172,992 --a------ C:\WINDOWS\system32\ole32.dll
2007-04-21 16:08 <DIR> d--hs---- C:\WINDOWS\Installer
2007-04-21 16:08 <DIR> d-------- C:\WINDOWS\fsc
2007-04-21 16:08 <DIR> d-------- C:\AddOn
2007-04-21 16:07 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2007-04-21 16:07 0 -rahs---- C:\MSDOS.SYS
2007-04-21 16:07 0 -rahs---- C:\IO.SYS
2007-04-21 16:07 0 --a------ C:\CONFIG.SYS
2007-04-21 16:07 0 --a------ C:\AUTOEXEC.BAT
2007-04-21 16:06 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-04-21 16:05 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-04-21 16:05 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-04-21 16:05 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-04-21 16:05 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-04-21 16:04 9,728 --a------ C:\WINDOWS\system32\mstinit.exe
2007-04-21 16:04 77,824 --a------ C:\WINDOWS\system32\isign32.dll
2007-04-21 16:04 73,728 --a------ C:\WINDOWS\system32\ils.dll
2007-04-21 16:04 69,632 --a------ C:\WINDOWS\system32\icwdial.dll
2007-04-21 16:04 69,248 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-04-21 16:04 65,536 --a------ C:\WINDOWS\system32\msconf.dll
2007-04-21 16:04 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-04-21 16:04 63,488 --a------ C:\WINDOWS\system32\srclient.dll
2007-04-21 16:04 61,440 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-04-21 16:04 40,960 --a------ C:\WINDOWS\system32\safrslv.dll
2007-04-21 16:04 39,424 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-04-21 16:04 33,280 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-04-21 16:04 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-04-21 16:04 32,256 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-04-21 16:04 28,672 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-04-21 16:04 266,240 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-04-21 16:04 26,624 --a------ C:\WINDOWS\system32\safrdm.dll
2007-04-21 16:04 250,368 --a------ C:\WINDOWS\system32\mstask.dll
2007-04-21 16:04 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-04-21 16:04 221,696 --a------ C:\WINDOWS\system32\qmgr.dll
2007-04-21 16:04 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-04-21 16:04 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-04-21 16:04 159,232 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-04-21 16:04 158,720 --a------ C:\WINDOWS\system32\srsvc.dll
2007-04-21 16:04 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-04-21 16:04 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-04-21 16:04 <DIR> d---s---- C:\WINDOWS\Tasks
2007-04-21 16:04 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-04-21 16:04 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-04-21 16:04 <DIR> d-------- C:\WINDOWS\srchasst
2007-04-21 16:04 <DIR> d-------- C:\WINDOWS\PCHealth
2007-04-21 16:04 <DIR> d-------- C:\Program Files\Movie Maker
2007-04-21 16:04 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-04-21 16:03 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-04-21 16:03 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-04-21 16:03 489,984 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-04-21 16:03 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-04-21 16:03 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-04-21 16:03 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-04-21 16:03 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-21 16:03 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-04-21 16:03 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-04-21 16:03 124,416 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-04-21 16:03 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-04-21 16:03 <DIR> d-------- C:\WINDOWS\Registration
2007-04-21 16:03 <DIR> d-------- C:\Program Files\Online Services
2007-04-21 16:03 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2007-04-21 16:03 <DIR> d-------- C:\Program Files\Messenger
2007-04-21 16:02 98,816 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-04-21 16:02 9,728 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-04-21 16:02 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-04-21 16:02 9,216 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-04-21 16:02 9,216 --a------ C:\WINDOWS\system32\icaapi.dll
2007-04-21 16:02 88,064 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-04-21 16:02 869,376 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-04-21 16:02 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-04-21 16:02 83,968 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-04-21 16:02 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
2007-04-21 16:02 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-04-21 16:02 75,912 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-04-21 16:02 61,952 --a------ C:\WINDOWS\system32\rdshost.exe
2007-04-21 16:02 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-04-21 16:02 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-04-21 16:02 598,016 --a------ C:\WINDOWS\system32\mstscax.dll
2007-04-21 16:02 582,656 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-04-21 16:02 57,856 --a------ C:\WINDOWS\system32\licwmi.dll
2007-04-21 16:02 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-04-21 16:02 56,832 --a------ C:\WINDOWS\system32\colbact.dll
2007-04-21 16:02 56,320 --a------ C:\WINDOWS\system32\remotepg.dll
2007-04-21 16:02 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-04-21 16:02 54,784 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-04-21 16:02 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-04-21 16:02 534,016 --a------ C:\WINDOWS\system32\spider.exe
2007-04-21 16:02 53,248 --a------ C:\WINDOWS\system32\servdeps.dll
2007-04-21 16:02 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-04-21 16:02 495,616 --a------ C:\WINDOWS\system32\comuid.dll
2007-04-21 16:02 468,480 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-04-21 16:02 44,032 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-04-21 16:02 40,960 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-04-21 16:02 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-04-21 16:02 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-04-21 16:02 388,608 --a------ C:\WINDOWS\system32\mstsc.exe
2007-04-21 16:02 38,024 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-04-21 16:02 359,936 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-04-21 16:02 339,968 --a------ C:\WINDOWS\system32\mspaint.exe
2007-04-21 16:02 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-04-21 16:02 32,768 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-04-21 16:02 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-04-21 16:02 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-04-21 16:02 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-04-21 16:02 215,040 --a------ C:\WINDOWS\system32\catsrv.dll
2007-04-21 16:02 200,192 --a------ C:\WINDOWS\system32\termsrv.dll
2007-04-21 16:02 20,992 --a------ C:\WINDOWS\system32\msg.exe
2007-04-21 16:02 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-04-21 16:02 20,232 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-04-21 16:02 182,400 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-04-21 16:02 18,432 --a------ C:\WINDOWS\system32\qprocess.exe
2007-04-21 16:02 174,592 --a------ C:\WINDOWS\system32\cmprops.dll
2007-04-21 16:02 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-04-21 16:02 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-04-21 16:02 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-04-21 16:02 16,384 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-04-21 16:02 151,040 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-04-21 16:02 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-04-21 16:02 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-04-21 16:02 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2007-04-21 16:02 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-04-21 16:02 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-04-21 16:02 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2007-04-21 16:02 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2007-04-21 16:02 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-04-21 16:02 135,680 --a------ C:\WINDOWS\system32\rdchost.dll
2007-04-21 16:02 129,024 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-04-21 16:02 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-04-21 16:02 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-04-21 16:02 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-04-21 16:02 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-04-21 16:02 116,736 --a------ C:\WINDOWS\system32\mplay32.exe
2007-04-21 16:02 115,976 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-04-21 16:02 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-04-21 16:02 11,144 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-04-21 16:02 100,864 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-04-21 16:02 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-04-21 16:02 1,172,992 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-04-21 16:02 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-04-21 16:02 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-04-21 16:02 <DIR> d-------- C:\WINDOWS\system32\Com
2007-04-21 16:02 <DIR> d-------- C:\Program Files\Windows NT


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))



(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 10:28]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 16:39]
{3862467F-7460-43BE-A63E-E44BE0FEC8B7}=C:\WINDOWS\System32\pmkji.dll []
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{CACA7731-9C77-464A-B1B7-462281DD8164}=C:\WINDOWS\system32\nnnmmmn.dll [2007-05-20 18:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-02-24 07:32]
"nwiz"="nwiz.exe" [2005-02-24 07:32 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-02-24 07:32]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-06-10 12:21]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 15:42]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 18:37]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2003-03-31 15:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2005-08-13 22:32]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 15:08]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 01:29]
"Registry Cleaner Scheduler"="C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" [2007-05-11 07:31]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{CACA7731-9C77-464A-B1B7-462281DD8164}"="C:\WINDOWS\system32\nnnmmmn.dll" [2007-05-20 18:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnmmmn]
nnnmmmn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wingsa32]
wingsa32.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


Contents of the 'Scheduled Tasks' folder
2007-05-16 06:00:00 C:\WINDOWS\tasks\rpc.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-20 22:36:21
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\combofix]
"ImagePath"="C:\WINDOWS\system32\cmd.exe /c start /i /dC:\ComboFix\ C:\WINDOWS\system32\cmd.exe /c Sys.bat /\v@"

Completion time: 2007-05-20 22:36:45
C:\ComboFix-quarantined-files.txt ... 2007-05-20 22:36


--- E O F ---


===

ja uusin hijack



Logfile of HijackThis v1.99.1
Scan saved at 22:38:20, on 20.5.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\imapi.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\hjt\scanner.exe.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3862467F-7460-43BE-A63E-E44BE0FEC8B7} - C:\WINDOWS\System32\pmkji.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {CACA7731-9C77-464A-B1B7-462281DD8164} - C:\WINDOWS\system32\nnnmmmn.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{D62FCBB7-18BD-40C1-BD00-343339B58E59}: NameServer = 213.139.190.3 212.50.131.153
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: nnnmmmn - C:\WINDOWS\SYSTEM32\nnnmmmn.dll
O20 - Winlogon Notify: wingsa32 - wingsa32.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe



toivottavasti kaikki meni oikeen ja saat jotain selvääkin.

 

[*]Tupla-klikkaa VundoFix.exe ajaaksesi sen.
[*]Kun Vundofix uudelleenaukeaa, klikkaa Scan for Vundo valintaa.
[*]Kun skannaus on valmis, oikea-klikkaa kyseisen listaboksin sisällä (valkoinen laatikko jossa on löydetyt tiedostot listattu) ja valitse Add more files
[*]Kopioi ja liitä seuraavat 3 riviä kolmeen ylimmäiseen boksiin
[*]C:\WINDOWS\System32\jnbjghtb.dll
[*]C:\WINDOWS\System32\nnnmmmn.dll
[*]C:\WINDOWS\SYSTEM32\wingsa32.dll


[*]Klikkaa Add Files ja sitten klikkaa Close Window.

[*]Klikkaa Remove Vundo valintaa.
[*]Saat viestin jossa kysytään haluatko poistaa valitut tiedostot, klikkaa YES.
[*]Kun klikkaat yes, työpöytäsi tyhjenee kun työkalu alkaa poistamaan Vundoa.
[*]Kun valmis, saat viestin jossa pyydetään sammuttamaan tietokone, klikkaa OK.
[*]Käynnistä koneesi uudelleen.
[*]Postita C:\vundofix.txt lokin sisältö tuoreen HijackThis lokin kera.

========

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

Myös uusi hjtlogi

 

vundossa ei löytynyt mitään, tässä hjt loki

Logfile of HijackThis v1.99.1
Scan saved at 23:05:47, on 20.5.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hjt\scanner.exe.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {23A95D33-7457-47D8-BD40-159966583FCB} - C:\WINDOWS\System32\ddaby.dll
O2 - BHO: (no name) - {3862467F-7460-43BE-A63E-E44BE0FEC8B7} - C:\WINDOWS\System32\pmkji.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {CACA7731-9C77-464A-B1B7-462281DD8164} - C:\WINDOWS\system32\nnnmmmn.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\System32\rglpbrew.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{D62FCBB7-18BD-40C1-BD00-343339B58E59}: NameServer = 213.139.190.3 212.50.131.153
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ddaby - C:\WINDOWS\System32\ddaby.dll
O20 - Winlogon Notify: wingsa32 - wingsa32.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

 

Ja tässä combon loki

2007-05-20 23:07:57 Service Pack 1
ComboFix 07-05.21.3.V - Running from: "C:\Program Files\Mozilla Firefox\"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\ddaby.dll
C:\WINDOWS\system32\jkkll.dll
C:\WINDOWS\system32\ighukyfu.dll
C:\WINDOWS\system32\qcoyoamh.dll
C:\WINDOWS\system32\rglpbrew.dll
C:\WINDOWS\system32\nnnmmmn.dll
C:\WINDOWS\system32\ybadd.bak1
C:\WINDOWS\system32\ybadd.ini
C:\WINDOWS\system32\llkkj.ini
C:\WINDOWS\system32\werbplgr.ini
C:\WINDOWS\system32\ybadd.bak1
C:\WINDOWS\system32\ybadd.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\max1d1641.exe


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\combofix


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-20 ))))))))))))))))))))))))))))))))))


2007-05-20 22:36 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-20 22:15 <DIR> d-------- C:\VundoFix Backups
2007-05-20 22:03 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-05-20 22:03 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-05-20 22:03 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-05-20 22:03 2,654 --a------ C:\WINDOWS\system32\tmp.reg
2007-05-20 20:01 <DIR> d-------- C:\hjt
2007-05-20 18:40 <DIR> d-------- C:\Program Files\ToniArts
2007-05-20 18:39 <DIR> d-------- C:\Program Files\Yahoo!
2007-05-20 18:38 <DIR> d-------- C:\Program Files\CCleaner
2007-05-20 18:31 <DIR> d-------- C:\Program Files\CleanMyPC
2007-05-20 18:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-05-20 18:30 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-05-20 18:30 <DIR> d-------- C:\Program Files\Lavasoft
2007-05-20 18:29 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-05-20 18:28 98,816 --a------ C:\WINDOWS\system32\dmstyle.dll
2007-05-20 18:28 974,848 --a------ C:\WINDOWS\system32\dxdiag.exe
2007-05-20 18:28 83,968 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2007-05-20 18:28 80,896 --a------ C:\WINDOWS\system32\dpvsetup.exe
2007-05-20 18:28 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll
2007-05-20 18:28 797,184 --a------ C:\WINDOWS\system32\d3dim700.dll
2007-05-20 18:28 79,360 --a------ C:\WINDOWS\system32\dpwsockx.dll
2007-05-20 18:28 77,824 --a------ C:\WINDOWS\system32\dpmodemx.dll
2007-05-20 18:28 76,800 --a------ C:\WINDOWS\system32\dmscript.dll
2007-05-20 18:28 733,184 --a------ C:\WINDOWS\system32\qedwipes.dll
2007-05-20 18:28 723,968 --a------ C:\WINDOWS\system32\dpnet.dll
2007-05-20 18:28 7,424 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2007-05-20 18:28 68,096 --a------ C:\WINDOWS\system32\dpnhupnp.dll
2007-05-20 18:28 64,512 --a------ C:\WINDOWS\system32\amstream.dll
2007-05-20 18:28 602,624 --a------ C:\WINDOWS\system32\dx7vb.dll
2007-05-20 18:28 58,368 --a------ C:\WINDOWS\system32\dmcompos.dll
2007-05-20 18:28 52,096 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2007-05-20 18:28 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys
2007-05-20 18:28 5,248 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2007-05-20 18:28 491,520 --a------ C:\WINDOWS\system32\dsdmoprp.dll
2007-05-20 18:28 48,512 --a------ C:\WINDOWS\system32\drivers\stream.sys
2007-05-20 18:28 470,528 --a------ C:\WINDOWS\system32\qdvd.dll
2007-05-20 18:28 47,104 --a------ C:\WINDOWS\system32\wstdecod.dll
2007-05-20 18:28 46,592 --a------ C:\WINDOWS\system32\dxdllreg.exe
2007-05-20 18:28 4,608 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2007-05-20 18:28 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-05-20 18:28 4,096 --a------ C:\WINDOWS\system32\drivers\swenum.sys
2007-05-20 18:28 381,952 --a------ C:\WINDOWS\system32\dsound.dll
2007-05-20 18:28 381,952 --a------ C:\WINDOWS\system32\dpvoice.dll
2007-05-20 18:28 354,816 --a------ C:\WINDOWS\system32\psisdecd.dll
2007-05-20 18:28 34,304 --a------ C:\WINDOWS\system32\mciqtz32.dll
2007-05-20 18:28 33,280 --a------ C:\WINDOWS\system32\dmloader.dll
2007-05-20 18:28 324,096 --a------ C:\WINDOWS\system32\mswebdvd.dll
2007-05-20 18:28 32,768 --a------ C:\WINDOWS\system32\dpnhpast.dll
2007-05-20 18:28 316,928 --a------ C:\WINDOWS\system32\qdv.dll
2007-05-20 18:28 3,072 --a------ C:\WINDOWS\system32\dpnlobby.dll
2007-05-20 18:28 3,072 --a------ C:\WINDOWS\system32\dpnaddr.dll
2007-05-20 18:28 292,864 --a------ C:\WINDOWS\system32\ddraw.dll
2007-05-20 18:28 28,160 --a------ C:\WINDOWS\system32\dplaysvr.exe
2007-05-20 18:28 27,136 --a------ C:\WINDOWS\system32\dmband.dll
2007-05-20 18:28 257,024 --a------ C:\WINDOWS\system32\qcap.dll
2007-05-20 18:28 24,064 --a------ C:\WINDOWS\system32\ddrawex.dll
2007-05-20 18:28 230,400 --a------ C:\WINDOWS\system32\dplayx.dll
2007-05-20 18:28 19,968 --a------ C:\WINDOWS\system32\dpvacm.dll
2007-05-20 18:28 186,880 --a------ C:\WINDOWS\system32\dsdmo.dll
2007-05-20 18:28 181,248 --a------ C:\WINDOWS\system32\dmime.dll
2007-05-20 18:28 18,944 --a------ C:\WINDOWS\system32\encapi.dll
2007-05-20 18:28 18,688 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2007-05-20 18:28 18,432 --a------ C:\WINDOWS\system32\dswave.dll
2007-05-20 18:28 173,056 --a------ C:\WINDOWS\system32\qasf.dll
2007-05-20 18:28 16,896 --a------ C:\WINDOWS\system32\msyuv.dll
2007-05-20 18:28 16,896 --a------ C:\WINDOWS\system32\dpnsvr.exe
2007-05-20 18:28 16,384 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys
2007-05-20 18:28 15,104 --a------ C:\WINDOWS\system32\drivers\mpe.sys
2007-05-20 18:28 14,976 --a------ C:\WINDOWS\system32\drivers\streamip.sys
2007-05-20 18:28 132,608 --a------ C:\WINDOWS\system32\devenum.dll
2007-05-20 18:28 130,304 --a------ C:\WINDOWS\system32\drivers\ks.sys
2007-05-20 18:28 13,312 --a------ C:\WINDOWS\system32\msdmo.dll
2007-05-20 18:28 122,880 --a------ C:\WINDOWS\system32\dmusic.dll
2007-05-20 18:28 112,128 --a------ C:\WINDOWS\system32\dpvvox.dll
2007-05-20 18:28 11,392 --a------ C:\WINDOWS\system32\drivers\bdasup.sys
2007-05-20 18:28 100,864 --a------ C:\WINDOWS\system32\dmsynth.dll
2007-05-20 18:28 10,880 --a------ C:\WINDOWS\system32\drivers\slip.sys
2007-05-20 18:28 10,112 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2007-05-20 18:28 1,962,496 --a------ C:\WINDOWS\system32\quartz.dll
2007-05-20 18:28 1,798,144 --a------ C:\WINDOWS\system32\qedit.dll
2007-05-20 18:28 1,769,472 --a------ C:\WINDOWS\system32\dxdiagn.dll
2007-05-20 18:28 1,703,936 --a------ C:\WINDOWS\system32\d3d9.dll
2007-05-20 18:28 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll
2007-05-20 18:28 1,230,336 --a------ C:\WINDOWS\system32\msvidctl.dll
2007-05-20 18:28 1,201,152 --a------ C:\WINDOWS\system32\d3d8.dll
2007-05-20 18:28 1,189,888 --a------ C:\WINDOWS\system32\dx8vb.dll
2007-05-20 18:00 82,944 --a------ C:\intvuvmp.exe
2007-05-20 18:00 7,200 --a------ C:\mgvrprgl.exe
2007-05-20 18:00 48,128 --a------ C:\inlw.exe
2007-05-19 10:26 <DIR> d-------- C:\WINDOWS\Profiles
2007-05-19 10:26 <DIR> d-------- C:\DOCUME~1\JUHANI~1.KAR\APPLIC~1\InterTrust
2007-05-11 17:04 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-05-11 17:03 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-05-11 17:02 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-05-11 17:00 <DIR> dr-h----- C:\MSOCache
2007-05-10 15:38 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-05-10 15:35 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-05-07 12:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
2007-05-07 12:52 <DIR> d-------- C:\Program Files\Knowledge Adventure
2007-05-05 10:58 <DIR> d-------- C:\Program Files\mIRC
2007-04-28 23:17 <DIR> d---s---- C:\Program Files\Xfire
2007-04-28 23:17 <DIR> d-------- C:\DOCUME~1\JUHANI~1.KAR\APPLIC~1\Xfire
2007-04-28 19:33 <DIR> d-------- C:\DOCUME~1\JUHANI~1.KAR\APPLIC~1\uTorrent
2007-04-27 21:38 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-04-27 21:38 249,856 --------- C:\WINDOWS\Setup1.exe
2007-04-27 21:38 <DIR> d-------- C:\Program Files\Areena 5
2007-04-27 21:38 <DIR> d-------- C:\DOCUME~1\JUHANI~1.KAR\APPLIC~1\WinRAR
2007-04-25 21:15 <DIR> d-------- C:\Program Files\HP
2007-04-25 21:14 306,688 --a------ C:\WINDOWS\IsUn040b.exe
2007-04-25 21:13 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-04-25 15:51 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2007-04-25 15:51 77,824 --a------ C:\WINDOWS\system32\MSBIND.DLL
2007-04-25 15:51 76,288 --a------ C:\WINDOWS\system32\SSFM1032.DLL
2007-04-25 15:51 734,504 --a------ C:\WINDOWS\system32\crviewer.dll
2007-04-25 15:51 671,801 --a------ C:\WINDOWS\system32\exlate32.dll
2007-04-25 15:51 622,592 --a------ C:\WINDOWS\system32\Crpaig80.dll
2007-04-25 15:51 5,206,077 --a------ C:\WINDOWS\system32\craxdrt.dll
2007-04-25 15:51 5,038,137 --a------ C:\WINDOWS\system32\crpe32.dll
2007-04-25 15:51 489,128 --a------ C:\WINDOWS\system32\tdbgpp7.dll
2007-04-25 15:51 397,312 --------- C:\WINDOWS\system32\MSRDO20.DLL
2007-04-25 15:51 389,120 --a------ C:\WINDOWS\system32\AXA32.DLL
2007-04-25 15:51 33,040 --a------ C:\WINDOWS\system32\dbmsspxn.dll
2007-04-25 15:51 33,040 --a------ C:\WINDOWS\system32\dbmsshrn.dll
2007-04-25 15:51 307,200 --a------ C:\WINDOWS\system32\p2sodbc.dll
2007-04-25 15:51 28,944 --a------ C:\WINDOWS\system32\dbmssocn.dll
2007-04-25 15:51 249,856 --a------ C:\WINDOWS\system32\todgub7.dll
2007-04-25 15:51 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-04-25 15:51 176,128 --a------ C:\WINDOWS\system32\CW3215.DLL
2007-04-25 15:51 17,920 --a------ C:\WINDOWS\system32\Implode.dll
2007-04-25 15:51 151,552 --a------ C:\WINDOWS\system32\rdocurs.dll
2007-04-25 15:51 14,336 --a------ C:\WINDOWS\system32\delphimm.dll
2007-04-25 15:51 123,392 --a------ C:\WINDOWS\system32\DZIP32.DLL
2007-04-25 15:51 119,056 --a------ C:\WINDOWS\system32\SQLSTR.DLL
2007-04-25 15:51 100,352 --a------ C:\WINDOWS\system32\pg32conv.dll
2007-04-25 15:51 100,352 --a------ C:\WINDOWS\system32\DUNZIP32.DLL
2007-04-25 15:51 1,167,360 --a------ C:\WINDOWS\system32\sscsdk80.dll
2007-04-25 15:51 <DIR> d-------- C:\WINDOWS\Crystal
2007-04-25 15:51 <DIR> d-------- C:\Program Files\Seagate Software
2007-04-25 15:51 <DIR> d-------- C:\Program Files\Common Files\Borland Shared
2007-04-25 15:51 <DIR> d-------- C:\Maa
2007-04-25 15:51 <DIR> d-------- C:\Bedriftw
2007-04-25 09:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Winferno
2007-04-25 07:50 <DIR> d-------- C:\Program Files\Freeze.com
2007-04-25 07:49 <DIR> d-------- C:\Program Files\Free Offers from Freeze.com
2007-04-23 07:40 28,672 --a------ C:\WINDOWS\system32\ssconfig.exe
2007-04-23 07:40 180,224 --a------ C:\WINDOWS\UninstallWSST.exe
2007-04-23 07:36 45,056 --a------ C:\WINDOWS\system32\sstunst3.exe
2007-04-22 22:38 <DIR> d-------- C:\Program Files\7art
2007-04-22 22:27 1,056,768 --a------ C:\WINDOWS\system32\FreeImage.dll
2007-04-22 22:27 <DIR> d-------- C:\Program Files\Astro Gemini Software
2007-04-21 20:50 56,576 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-04-21 20:50 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-04-21 20:50 24,960 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-04-21 20:50 23,070 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2007-04-21 20:50 20,480 --a------ C:\WINDOWS\system32\hidserv.dll
2007-04-21 20:49 4,736 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2007-04-21 20:48 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-04-21 20:48 9,008 --a------ C:\WINDOWS\system\VER.DLL
2007-04-21 20:48 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-04-21 20:48 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-04-21 20:48 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-04-21 20:48 71,168 --a------ C:\WINDOWS\system32\storprop.dll
2007-04-21 20:48 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-04-21 20:48 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-04-21 20:48 68,928 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-04-21 20:48 66,048 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-04-21 20:48 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-04-21 20:48 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-04-21 20:48 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-04-21 20:48 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-04-21 20:48 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-04-21 20:48 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-04-21 20:48 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-04-21 20:48 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-04-21 20:48 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-04-21 20:48 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-04-21 20:48 6,656 --a------ C:\WINDOWS\system32\batt.dll
2007-04-21 20:48 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-04-21 20:48 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-04-21 20:48 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-04-21 20:48 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-04-21 20:48 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-04-21 20:48 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-04-21 20:48 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-04-21 20:48 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-04-21 20:48 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-04-21 20:48 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-04-21 20:48 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-04-21 20:48 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-04-21 20:48 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-04-21 20:48 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-04-21 20:48 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-04-21 20:48 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-04-21 20:48 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-04-21 20:48 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-04-21 20:48 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-04-21 20:48 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-04-21 20:48 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-04-21 20:48 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-04-21 20:48 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-04-21 20:48 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-04-21 20:48 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-04-21 20:48 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-04-21 20:48 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-04-21 20:48 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-04-21 20:48 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-04-21 20:48 10,496 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-04-21 20:48 <DIR> dr------- C:\Program Files
2007-04-21 20:48 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-04-21 20:48 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-04-21 20:48 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-04-21 20:47 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-04-21 20:47 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-04-21 20:47 <DIR> d-------- C:\Documents and Settings
2007-04-21 20:43 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-04-21 20:43 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-04-21 20:43 <DIR> dr------- C:\WINDOWS\Web
2007-04-21 20:43 <DIR> d-a------ C:\WINDOWS\system32
2007-04-21 20:43 <DIR> d--h----- C:\WINDOWS\inf
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\WinSxS
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\twain_32
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\wins
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\spool
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\ras
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\npp
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\mui
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\IME
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\ias
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\export
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\config
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\3076
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\2052
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\1054
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\1042
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\1041
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\1037
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\1033
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\1031
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\1028
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system32\1025
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\system
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\security
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\Resources
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\repair
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\mui
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\msapps
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\msagent
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\Media
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\ime
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\Help
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\Debug
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\Cursors
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\Config
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\AppPatch
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS\addins
2007-04-21 20:43 <DIR> d-------- C:\WINDOWS
2007-04-21 19:08 <DIR> d-------- C:\Program Files\MSN Messenger
2007-04-21 19:04 <DIR> d-------- C:\Program Files\Betsson Poker
2007-04-21 16:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ubisoft
2007-04-21 16:57 <DIR> d-------- C:\directX
2007-04-21 16:56 <DIR> d-------- C:\Program Files\Webteh
2007-04-21 16:55 <DIR> d-------- C:\Program Files\ffdshow
2007-04-21 16:55 <DIR> d-------- C:\Program Files\AC3Filter
2007-04-21 16:54 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-04-21 16:54 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-04-21 16:54 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-04-21 16:53 <DIR> d---s---- C:\DOCUME~1\JUHANI~1.KAR\UserData
2007-04-21 16:52 22,016 --a------ C:\WINDOWS\system32\drivers\mouclass.sys
2007-04-21 16:52 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-04-21 16:52 <DIR> d-------- C:\Program Files\Microsoft IntelliPoint
2007-04-21 16:50 <DIR> d--hs---- C:\RECYCLER
2007-04-21 16:48 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-04-21 16:47 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-04-21 16:47 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-04-21 16:47 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-04-21 16:47 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-04-21 16:47 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-04-21 16:47 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-04-21 16:47 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-04-21 16:43 <DIR> d-------- C:\DOCUME~1\JUHANI~1.KAR\.musikproject
2007-04-21 16:42 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2007-04-21 16:42 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2007-04-21 16:42 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2007-04-21 16:42 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2007-04-21 16:42 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2007-04-21 16:42 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2007-04-21 16:42 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2007-04-21 16:42 0 --a------ C:\WINDOWS\nsreg.dat
2007-04-21 16:42 <DIR> d-------- C:\Program Files\Sygate
2007-04-21 16:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-21 16:41 99,970 --a------ C:\WINDOWS\UninstallFirefox.exe
2007-04-21 16:41 3,296 --a------ C:\WINDOWS\mozver.dat
2007-04-21 16:38 67,072 --a------ C:\WINDOWS\system32\usbui.dll
2007-04-21 16:38 62,976 --a------ C:\WINDOWS\system32\drivers\pci.sys
2007-04-21 16:38 51,968 --a------ C:\WINDOWS\system32\drivers\usbhub.sys
2007-04-21 16:38 35,840 --a------ C:\WINDOWS\system32\drivers\isapnp.sys
2007-04-21 16:38 3,328 --a------ C:\WINDOWS\system32\drivers\pciide.sys
2007-04-21 16:38 23,680 --a------ C:\WINDOWS\system32\drivers\pciidex.sys
2007-04-21 16:38 19,328 --a------ C:\WINDOWS\system32\drivers\usbuhci.sys
2007-04-21 16:38 135,552 --a------ C:\WINDOWS\system32\drivers\usbport.sys
2007-04-21 16:38 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-04-21 16:38 <DIR> d-------- C:\Program Files\Intel
2007-04-21 16:37 77,440 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-04-21 16:37 720,896 --a------ C:\WINDOWS\system32\a3d.dll
2007-04-21 16:37 57,856 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-04-21 16:37 56,832 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-04-21 16:37 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-04-21 16:37 539,008 --a------ C:\WINDOWS\system32\drivers\smwdm.sys
2007-04-21 16:37 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-04-21 16:37 5,888 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-04-21 16:37 45,056 --a------ C:\WINDOWS\system32\CleanUp.exe
2007-04-21 16:37 4,816 --a------ C:\WINDOWS\system32\drivers\aeaudio.sys
2007-04-21 16:37 36,864 --a------ C:\WINDOWS\system32\DSndUp.exe
2007-04-21 16:37 3,744 --a------ C:\WINDOWS\system32\drivers\smsens.sys
2007-04-21 16:37 2,816 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-04-21 16:37 159,360 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-04-21 16:37 142,208 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-04-21 16:37 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-04-21 16:37 <DIR> d-------- C:\Program Files\Analog Devices
2007-04-21 16:36 <DIR> d-------- C:\fsc.tmp
2007-04-21 16:32 176,128 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-04-21 16:32 <DIR> d-------- C:\WINDOWS\nview
2007-04-21 16:32 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-04-21 16:32 <DIR> d-------- C:\NVIDIA
2007-04-21 16:31 1,835,008 --ah----- C:\DOCUME~1\JUHANI~1.KAR\NTUSER.DAT
2007-04-21 16:29 233,472 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-04-21 16:29 233,472 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-04-21 16:29 <DIR> d--hs---- C:\System Volume Information
2007-04-21 16:29 <DIR> d-------- C:\WINDOWS\Prefetch
2007-04-21 16:11 233,472 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-04-21 16:11 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-04-21 16:11 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-04-21 16:09 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-04-21 16:08 68,608 --a------ C:\WINDOWS\system32\locator.exe
2007-04-21 16:08 67,584 --a------ C:\WINDOWS\system32\magnify.exe
2007-04-21 16:08 544,256 --a------ C:\WINDOWS\system32\crypt32.dll
2007-04-21 16:08 532,480 --a------ C:\WINDOWS\system32\rpcrt4.dll
2007-04-21 16:08 53,760 --a------ C:\WINDOWS\system32\cryptsvc.dll
2007-04-21 16:08 51,200 --a------ C:\WINDOWS\system32\narrator.exe
2007-04-21 16:08 37,888 --a------ C:\WINDOWS\system32\hhsetup.dll
2007-04-21 16:08 32,256 --a------ C:\WINDOWS\system32\msgsvc.dll
2007-04-21 16:08 316,928 --a------ C:\WINDOWS\system32\zipfldr.dll
2007-04-21 16:08 260,608 --a------ C:\WINDOWS\system32\rpcss.dll
2007-04-21 16:08 238,080 --a------ C:\WINDOWS\system32\newdev.dll
2007-04-21 16:08 226,816 --a------ C:\WINDOWS\system32\srrstr.dll
2007-04-21 16:08 212,480 --a------ C:\WINDOWS\system32\osk.exe
2007-04-21 16:08 179,200 --a------ C:\WINDOWS\system32\accwiz.exe
2007-04-21 16:08 125,440 --a------ C:\WINDOWS\system32\shmedia.dll
2007-04-21 16:08 122,368 --a------ C:\WINDOWS\system32\itss.dll
2007-04-21 16:08 10,752 --a------ C:\WINDOWS\hh.exe
2007-04-21 16:08 1,172,992 --a------ C:\WINDOWS\system32\ole32.dll
2007-04-21 16:08 <DIR> d--hs---- C:\WINDOWS\Installer
2007-04-21 16:08 <DIR> d-------- C:\WINDOWS\fsc
2007-04-21 16:08 <DIR> d-------- C:\AddOn
2007-04-21 16:07 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2007-04-21 16:07 0 -rahs---- C:\MSDOS.SYS
2007-04-21 16:07 0 -rahs---- C:\IO.SYS
2007-04-21 16:07 0 --a------ C:\CONFIG.SYS
2007-04-21 16:07 0 --a------ C:\AUTOEXEC.BAT
2007-04-21 16:06 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-04-21 16:05 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-04-21 16:05 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-04-21 16:05 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-04-21 16:05 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-04-21 16:04 9,728 --a------ C:\WINDOWS\system32\mstinit.exe
2007-04-21 16:04 77,824 --a------ C:\WINDOWS\system32\isign32.dll
2007-04-21 16:04 73,728 --a------ C:\WINDOWS\system32\ils.dll
2007-04-21 16:04 69,632 --a------ C:\WINDOWS\system32\icwdial.dll
2007-04-21 16:04 69,248 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-04-21 16:04 65,536 --a------ C:\WINDOWS\system32\msconf.dll
2007-04-21 16:04 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-04-21 16:04 63,488 --a------ C:\WINDOWS\system32\srclient.dll
2007-04-21 16:04 61,440 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-04-21 16:04 40,960 --a------ C:\WINDOWS\system32\safrslv.dll
2007-04-21 16:04 39,424 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-04-21 16:04 33,280 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-04-21 16:04 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-04-21 16:04 32,256 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-04-21 16:04 28,672 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-04-21 16:04 266,240 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-04-21 16:04 26,624 --a------ C:\WINDOWS\system32\safrdm.dll
2007-04-21 16:04 250,368 --a------ C:\WINDOWS\system32\mstask.dll
2007-04-21 16:04 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-04-21 16:04 221,696 --a------ C:\WINDOWS\system32\qmgr.dll
2007-04-21 16:04 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-04-21 16:04 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-04-21 16:04 159,232 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-04-21 16:04 158,720 --a------ C:\WINDOWS\system32\srsvc.dll
2007-04-21 16:04 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-04-21 16:04 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-04-21 16:04 <DIR> d---s---- C:\WINDOWS\Tasks
2007-04-21 16:04 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-04-21 16:04 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-04-21 16:04 <DIR> d-------- C:\WINDOWS\srchasst
2007-04-21 16:04 <DIR> d-------- C:\WINDOWS\PCHealth
2007-04-21 16:04 <DIR> d-------- C:\Program Files\Movie Maker
2007-04-21 16:04 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-04-21 16:03 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-04-21 16:03 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-04-21 16:03 489,984 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-04-21 16:03 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-04-21 16:03 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-04-21 16:03 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-04-21 16:03 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-21 16:03 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-04-21 16:03 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-04-21 16:03 124,416 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-04-21 16:03 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-04-21 16:03 <DIR> d-------- C:\WINDOWS\Registration
2007-04-21 16:03 <DIR> d-------- C:\Program Files\Online Services
2007-04-21 16:03 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2007-04-21 16:03 <DIR> d-------- C:\Program Files\Messenger
2007-04-21 16:02 98,816 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-04-21 16:02 9,728 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-04-21 16:02 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-04-21 16:02 9,216 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-04-21 16:02 9,216 --a------ C:\WINDOWS\system32\icaapi.dll
2007-04-21 16:02 88,064 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-04-21 16:02 869,376 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-04-21 16:02 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-04-21 16:02 83,968 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-04-21 16:02 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
2007-04-21 16:02 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-04-21 16:02 75,912 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-04-21 16:02 61,952 --a------ C:\WINDOWS\system32\rdshost.exe
2007-04-21 16:02 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-04-21 16:02 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-04-21 16:02 598,016 --a------ C:\WINDOWS\system32\mstscax.dll
2007-04-21 16:02 582,656 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-04-21 16:02 57,856 --a------ C:\WINDOWS\system32\licwmi.dll
2007-04-21 16:02 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-04-21 16:02 56,832 --a------ C:\WINDOWS\system32\colbact.dll
2007-04-21 16:02 56,320 --a------ C:\WINDOWS\system32\remotepg.dll
2007-04-21 16:02 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-04-21 16:02 54,784 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-04-21 16:02 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-04-21 16:02 534,016 --a------ C:\WINDOWS\system32\spider.exe
2007-04-21 16:02 53,248 --a------ C:\WINDOWS\system32\servdeps.dll
2007-04-21 16:02 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-04-21 16:02 495,616 --a------ C:\WINDOWS\system32\comuid.dll
2007-04-21 16:02 468,480 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-04-21 16:02 44,032 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-04-21 16:02 40,960 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-04-21 16:02 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-04-21 16:02 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-04-21 16:02 388,608 --a------ C:\WINDOWS\system32\mstsc.exe
2007-04-21 16:02 38,024 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-04-21 16:02 359,936 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-04-21 16:02 339,968 --a------ C:\WINDOWS\system32\mspaint.exe
2007-04-21 16:02 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-04-21 16:02 32,768 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-04-21 16:02 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-04-21 16:02 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-04-21 16:02 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-04-21 16:02 215,040 --a------ C:\WINDOWS\system32\catsrv.dll
2007-04-21 16:02 200,192 --a------ C:\WINDOWS\system32\termsrv.dll
2007-04-21 16:02 20,992 --a------ C:\WINDOWS\system32\msg.exe
2007-04-21 16:02 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-04-21 16:02 20,232 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-04-21 16:02 182,400 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-04-21 16:02 18,432 --a------ C:\WINDOWS\system32\qprocess.exe
2007-04-21 16:02 174,592 --a------ C:\WINDOWS\system32\cmprops.dll
2007-04-21 16:02 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-04-21 16:02 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-04-21 16:02 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-04-21 16:02 16,384 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-04-21 16:02 151,040 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-04-21 16:02 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-04-21 16:02 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-04-21 16:02 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2007-04-21 16:02 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-04-21 16:02 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-04-21 16:02 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2007-04-21 16:02 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2007-04-21 16:02 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-04-21 16:02 135,680 --a------ C:\WINDOWS\system32\rdchost.dll
2007-04-21 16:02 129,024 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-04-21 16:02 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-04-21 16:02 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-04-21 16:02 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-04-21 16:02 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-04-21 16:02 116,736 --a------ C:\WINDOWS\system32\mplay32.exe
2007-04-21 16:02 115,976 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-04-21 16:02 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-04-21 16:02 11,144 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-04-21 16:02 100,864 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-04-21 16:02 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-04-21 16:02 1,172,992 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-04-21 16:02 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-04-21 16:02 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-04-21 16:02 <DIR> d-------- C:\WINDOWS\system32\Com
2007-04-21 16:02 <DIR> d-------- C:\Program Files\Windows NT


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))



(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 10:28]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 16:39]
{3862467F-7460-43BE-A63E-E44BE0FEC8B7}=C:\WINDOWS\System32\pmkji.dll []
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-02-24 07:32]
"nwiz"="nwiz.exe" [2005-02-24 07:32 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-02-24 07:32]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-06-10 12:21]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 15:42]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 18:37]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2003-03-31 15:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2005-08-13 22:32]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 15:08]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 01:29]
"Registry Cleaner Scheduler"="C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" [2007-05-11 07:31]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wingsa32]
wingsa32.dll


Contents of the 'Scheduled Tasks' folder
2007-05-16 06:00:00 C:\WINDOWS\tasks\rpc.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-20 23:09:46
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-20 23:10:17 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-20 23:10


--- E O F ---



====


ja tuore hjt



Logfile of HijackThis v1.99.1
Scan saved at 23:12:52, on 20.5.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hjt\scanner.exe.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3862467F-7460-43BE-A63E-E44BE0FEC8B7} - C:\WINDOWS\System32\pmkji.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{D62FCBB7-18BD-40C1-BD00-343339B58E59}: NameServer = 213.139.190.3 212.50.131.153
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: wingsa32 - wingsa32.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

 

on siel roskaa paljon, jatk näin.

Tallena nämä ohjeet teksitiedostoon sillä et voi lukea niitä muuten vikasietotilassa.

==========

Avaa hijackthis merkkaa seuraavat rivi(t) ja paina fix checked, sulje muut ohjelmat siksi aikaa

O2 - BHO: (no name) - {3862467F-7460-43BE-A63E-E44BE0FEC8B7} - C:\WINDOWS\System32\pmkji.dll (file missing)
O20 - Winlogon Notify: wingsa32 - wingsa32.dll (file missing)

Tässä ohje miten merkataan:



==========

1,Lataa AVG Anti-Spyware 7.5 ja tallenna ohjelma työpöydällesi. Jos sinulla on jo kyseinen ohjelma siirry suoraan kohtaan 2!

[*]Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
[*]Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.

2. [*]Käynnistä AVG Anti-Spyware.
[*]Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.
[*]Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.
[*]Paina hetken kuluttua uudestaan "Start Update" , jos päivitykset eivät heti onnistu
[*]Jos automaattipäivitys ei jostain syystä toimi, niin tunnisteet voi ladata manuaalisesti http://www.ewido.net/en/download/updates/ -linkin takaa.
[*]Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
[*]Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
[*]Sitten "Reports" valikon alta:a
[*]Laita täppi kohtaan "Automatically generate report after every scan"
[*]Ota täppi pois kohdasta"Only if threats were found"
[*]Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
[*]"Resident shield is", muuta tila active:sta inactive:ksi
[*]Sulje ohjelma, ÄLÄ skannaa vielä.

Käynnistä tietokoneesi vikasietotilaan

HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.
[*]Kun vikasietotilassa, käynnistä AVG Anti-Spyware.
[*]Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
[*]AVG aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.
Kun skannaus on valmis:
TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
[*]Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
[*]Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"

[*]Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
[*]Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
[*]Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestiketjuusi.

==========

Avaa Oma tietokone
-> Tee seuraava toimenpide kaikille Paikallisille levyille


==========

Lataa CCleaner ja asenna se:
Avaa "Options", sieltä "Language" ja valitse "Suomi (Finnish)"

Avaa "Virheet" kohta, paina "Etsi rekisterin virheitä", paina "Korjaa valitut rekisterin virheet..". Paina "Kyllä", kun ohjelma kysyy "Haluatko varmuuskopioida muutokset rekisteriin", tallenna tiedosto esim. työpöydälle.

Avaa "Puhdistaja", paina "Tutki" ja tämän jälkeen "Aja Ccleaner". Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.

==========

Jos sinulla ei ole tätä java versiota (6.1):

Javan päivitys ja välimuistin tyhjennys:

1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä:
3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..
5. Käynnistä kone uudelleen asennuksen jälkeen:

http://java.sun.com/javase/downloads/index.jsp

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u1

Paina Download

Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se.

6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).

7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Varmista että kaikki kaksi valintaa ovat rastitettuja:

*Applications and Applets

*Trace and Log Files


Ja paina OK -nappia

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.

10. Klikkaa OK jättääksesi Java asetusikkunasi.

==========

Uusi Hijackthis logi ja onko ongelmia?

 

tässä avg loki

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:26:41 21.5.2007

+ Scan result:



HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\max1d1641.exe.vir -> Dialer.GBDialer.i : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8732D574-DAD5-458B-A3D2-DC519A957785}\RP45\A0007974.exe -> Dialer.GBDialer.i : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8732D574-DAD5-458B-A3D2-DC519A957785}\RP42\A0005646.exe/keygen.exe -> Downloader.LoadAdv : Cleaned with backup (quarantined).
D:\Asennukset\WarezP2P.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\mgvrprgl.exe -> Downloader.Small.cwj : Cleaned with backup (quarantined).
D:\pelit\warcraft 3 - frozen throne\dev-ft-keygen.exe -> Dropper.PT : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8732D574-DAD5-458B-A3D2-DC519A957785}\RP45\A0006820.exe -> Hijacker.Agent.is : Cleaned with backup (quarantined).
C:\inlw.exe -> Hijacker.Agent.is : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\catchme2007-05-20_223621.28.zip/xpdt.sys -> Hijacker.Costrat.at : Cleaned with backup (quarantined).
C:\intvuvmp.exe -> Hijacker.Costrat.at : Cleaned with backup (quarantined).
C:\Documents and Settings\juhani.karjalainen\Cookies\juhani.karjalainen@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\juhani.karjalainen\Cookies\juhani.karjalainen@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.25:C:\Documents and Settings\juhani.karjalainen\Application Data\Mozilla\Firefox\Profiles\rgoce7mf.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\juhani.karjalainen\Cookies\juhani.karjalainen@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\juhani.karjalainen\Cookies\juhani.karjalainen@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.8:C:\Documents and Settings\juhani.karjalainen\Application Data\Mozilla\Firefox\Profiles\rgoce7mf.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
C:\Documents and Settings\juhani.karjalainen\Cookies\juhani.karjalainen@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned.
:mozilla.23:C:\Documents and Settings\juhani.karjalainen\Application Data\Mozilla\Firefox\Profiles\rgoce7mf.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.24:C:\Documents and Settings\juhani.karjalainen\Application Data\Mozilla\Firefox\Profiles\rgoce7mf.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.28:C:\Documents and Settings\juhani.karjalainen\Application Data\Mozilla\Firefox\Profiles\rgoce7mf.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.29:C:\Documents and Settings\juhani.karjalainen\Application Data\Mozilla\Firefox\Profiles\rgoce7mf.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\juhani.karjalainen\Desktop\tgbdue-7_2053-0_96\devices\tbr_dll.dll -> Trojan.Gologger.10.d : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8732D574-DAD5-458B-A3D2-DC519A957785}\RP42\A0005707.dll -> Trojan.Gologger.10.d : Cleaned with backup (quarantined).


::Report end

===


ja tässä hjt kaiken jälkeen (levyä en eheyttänyt)


Logfile of HijackThis v1.99.1
Scan saved at 8:47:37, on 21.5.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\msiexec.exe
C:\hjt\scanner.exe.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{D62FCBB7-18BD-40C1-BD00-343339B58E59}: NameServer = 213.139.190.3 212.50.131.153
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

 

Tässä välissä kysäsin että missä virustorjuntaohjelma on koneelta?

 

Toki minulla on sygate palomuurina ja tuolla avg:llä aina tarkistan silloin tällöin + adaware löytyy

 

Koneella pitää olla myös reealiaikainen virussuoja kuten Antivir.

 

aijaa no jos viitit laittaa linkin et mistä saan.

 

http://www.download.fi/tyopoytaohjelmat/haittaohjelmien_poisto/antivir.cfm

Tuoss on vaikka joku

=========

Skannaa koneesi Kaspersky Online Skannerilla
Käytä Internet Explorer
Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.

• Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
• Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
• Klikkaa nyt asetuksia, Scan Settings
• Tarkista asetuksista, että seuraavat ovat valittuina:
  
  o Scan using the following Anti-Virus database:
  
  + Extended (Jos valittavissa, muuten valitse Standard)
  
  o Scan Options:
  
  + Scan Archives
  + Scan Mail Bases
  
• Klikkaa OK
• Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
• Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
• Klikkaa nyt Save as Text-painiketta.
• Tallenna tiedosto työpöydällesi.
• Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi.

 

Tota mistä sen oma tietokoneen voi valita? siis että se skannais sen?