koneeseen hyökkäs joku antispyware virus piraatti versio.. se ohjelma aukee kun koneen käynnistää ja rupee muka heti jtn skannaamaan ja sitte heittelee koko ajan jtn erroreita ja tulee tämmöstä teksiä "YOUR COMPUTER IS INFECTED" ja tonne tehtäväpanelliin tuli 3 semmosta erilaista kuvaketta ja ne heittelee erroreita jossa lukee että koneellani on 2000 virusta... niin ja se muutti myös työpöydän tausakuvan siinä taustakuvassa lukee että "warning spyware detected on your computer install an antivirus or spyware to clean your computer. oon kokeillu puhistaa jo f-securella ja combofixillä....
täs tää combofix ¨ComboFix 08-08-12.01 - Sirkka 2008-08-13 9:08:22.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.385 [GMT 3:00] Running from: C:\Documents and Settings\Sirkka\Työpöytä\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . (((((((((((((((((((((((((((((((((((((( Muut poistot )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\Secure Solutions C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080812114041453.log C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080812140910109.log C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080813085326828.log C:\WINDOWS\BM7fc7938f.txt . ((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-07-13 to 2008-08-13 ))))))))))))))))) . 2008-08-12 11:39 . 2008-08-12 11:40 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\services 2008-08-12 11:37 . 2008-08-12 11:37 19,456 --a------ C:\WINDOWS\system32\drvgux.0ll 2008-08-12 11:37 . 2008-08-12 11:37 145 --a------ C:\WINDOWS\system32\winver.bat 2008-08-12 11:34 . 2008-08-12 11:34 32,768 --a------ C:\WINDOWS\system32\winkve32.dll 2008-08-04 15:58 . 2008-08-04 15:58 <KANSIO> d-------- C:\Documents and Settings\Sirkka\Application Data\Agency9 2008-07-17 18:42 . 2008-07-17 18:43 <KANSIO> d----c--- C:\3gptemp 2008-07-17 18:32 . 2008-07-17 18:32 <KANSIO> d-------- C:\Program Files\MIKSOFT 2008-07-17 16:03 . 2008-07-17 16:03 <KANSIO> d-------- C:\Program Files\AviSynth 2.5 2008-07-17 16:03 . 2004-02-22 10:11 719,872 --a------ C:\WINDOWS\system32\devil.dll 2008-07-17 16:03 . 2006-10-07 17:43 502,784 --a------ C:\WINDOWS\x2.64.exe 2008-07-17 16:03 . 2007-05-17 17:30 318,976 --a------ C:\WINDOWS\system32\avisynth.dll 2008-07-17 16:03 . 2005-02-28 13:16 240,128 --a------ C:\WINDOWS\system32\x.264.exe 2008-07-17 16:03 . 2006-04-12 09:47 217,073 --a------ C:\WINDOWS\meta4.exe 2008-07-17 16:03 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll 2008-07-17 16:03 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll 2008-07-17 16:03 . 2006-04-05 08:09 66,560 --a------ C:\WINDOWS\MOTA113.exe 2008-07-17 16:03 . 2005-07-14 12:31 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll 2008-07-17 16:01 . 2008-07-17 16:01 <KANSIO> d-------- C:\Program Files\eRightSoft 2008-07-16 15:08 . 2008-07-16 15:08 19,120 --a------ C:\Documents and Settings\Sirkka\Application Data\GDIPFONTCACHEV1.DAT . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-13 06:41 --------- d-----w C:\Program Files\Steam 2008-08-12 11:16 --------- d-----w C:\Program Files\Bersirc 2008-08-05 14:08 --------- d-----w C:\Program Files\PC Protection 2008-07-12 08:41 0 ----a-w C:\Documents and Settings\Sirkka\jagex_runescape_preferences.dat 2008-07-08 16:17 --------- d-----w C:\Documents and Settings\Sirkka\Application Data\Joost 2008-07-08 14:55 --------- d-----w C:\Program Files\TVUPlayer 2008-07-08 14:50 --------- d-----w C:\Program Files\Joost 2008-07-08 14:44 --------- d-----w C:\Documents and Settings\Sirkka\Application Data\TVU Networks 2008-07-08 14:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\TVU Networks 2008-07-08 14:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-07-06 17:30 --------- d-----w C:\Documents and Settings\Sirkka\Application Data\mIRC 2008-07-06 12:28 --------- d-----w C:\Documents and Settings\Sirkka\Application Data\RadLight Company 2008-07-06 12:24 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-07-05 09:52 --------- d-----w C:\Documents and Settings\Sirkka\Application Data\FrostWire 2008-07-05 09:24 --------- d-----w C:\Program Files\LimeWire 2008-07-05 09:24 --------- d-----w C:\Program Files\FrostWire 2008-07-05 09:22 --------- d-----w C:\Program Files\AskSBar 2008-07-05 09:13 --------- d-----w C:\Program Files\Incomplete 2008-06-25 15:10 --------- d-----w C:\Documents and Settings\Sirkka\Application Data\gtk-2.0 2008-06-21 09:25 --------- d-----w C:\Program Files\CamStudio 2008-06-20 17:41 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-20 07:54 164 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat 2008-06-20 07:54 1,615 ---ha-w C:\hpothb07.dat 2008-06-18 13:52 --------- d-----w C:\Program Files\FastStone Capture 2008-06-18 13:52 --------- d-----w C:\Documents and Settings\Sirkka\Application Data\FastStone 2008-06-14 17:59 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-14 11:28 --------- d-----w C:\Documents and Settings\Sirkka\Application Data\BSplayer 2008-06-02 17:42 125,952 ----a-w C:\WINDOWS\system32\feqvqqaq.dll 2007-12-29 09:08 1,147 ---ha-w C:\Documents and Settings\Sirkka\hpothb07.dat 2007-12-29 09:07 0 ---ha-w C:\Documents and Settings\Sirkka\Application Data\hpothb07.dat 2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll 2008-03-16 12:30 216,064 --sh--r C:\WINDOWS\system32\nbDX.dll . ((((((((((((((((((((((((((((( snapshot@2008-06-05_21.08.39.03 ))))))))))))))))))))))))))))))))))))))))) . + 2008-02-26 11:49:28 297,984 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll + 2007-03-06 01:31:09 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spmsg.dll + 2007-03-06 01:31:14 214,752 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spuninst.exe + 2007-03-06 01:31:07 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\spcustom.dll + 2007-03-06 01:31:32 717,536 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe + 2007-03-06 01:32:23 380,640 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\updspapi.dll + 2008-04-23 04:21:08 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\advpack.dll + 2008-04-23 04:21:08 347,136 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\dxtmsft.dll + 2008-04-23 04:21:08 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\dxtrans.dll + 2008-04-23 04:21:08 132,608 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\extmgr.dll + 2008-04-23 04:21:08 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\icardie.dll + 2008-04-22 08:02:19 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ie4uinit.exe + 2008-04-23 04:21:08 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieakeng.dll + 2008-04-23 04:21:08 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieaksie.dll + 2008-04-20 05:07:38 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieakui.dll + 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieapfltr.dat + 2008-04-23 04:21:08 383,488 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieapfltr.dll + 2008-04-23 04:21:08 388,608 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\iedkcs32.dll + 2008-04-23 04:21:08 6,068,224 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieframe.dll + 2008-04-23 04:21:08 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\iernonce.dll + 2008-04-23 04:21:08 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\iertutil.dll + 2008-04-22 08:02:19 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieudinit.exe + 2008-04-22 08:02:46 625,664 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\iexplore.exe + 2008-04-23 04:21:09 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\jsproxy.dll + 2008-04-23 04:21:09 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\msfeeds.dll + 2008-04-23 04:21:09 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\msfeedsbs.dll + 2008-04-23 04:21:09 3,593,728 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll + 2008-04-23 04:21:09 478,208 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\mshtmled.dll + 2008-04-23 04:21:09 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\msrating.dll + 2008-04-23 04:21:09 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\mstime.dll + 2008-04-23 04:21:09 102,912 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\occache.dll + 2008-04-23 04:21:09 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\pngfilt.dll + 2008-04-23 04:21:09 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\url.dll + 2008-04-23 04:21:10 1,162,752 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\urlmon.dll + 2008-04-23 04:21:10 233,472 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\webcheck.dll + 2008-04-23 04:21:10 827,392 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll + 2007-03-06 01:31:09 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\spmsg.dll + 2007-03-06 01:31:14 214,752 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\spuninst.exe + 2007-03-06 01:31:07 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\update\spcustom.dll + 2007-03-06 01:31:32 717,536 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\update\update.exe + 2007-03-06 01:32:23 380,640 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\update\updspapi.dll + 2007-11-30 12:39:27 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB950760\spmsg.dll + 2007-11-30 12:39:27 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB950760\spuninst.exe + 2007-11-30 12:39:27 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950760\update\spcustom.dll + 2007-11-30 12:39:27 757,112 ----a-w C:\WINDOWS\$hf_mig$\KB950760\update\update.exe + 2007-11-30 12:39:28 392,056 ----a-w C:\WINDOWS\$hf_mig$\KB950760\update\updspapi.dll + 2008-05-08 12:14:51 203,008 ----a-w C:\WINDOWS\$hf_mig$\KB950762\SP2QFE\rmcast.sys + 2008-05-08 14:02:52 203,136 ----a-w C:\WINDOWS\$hf_mig$\KB950762\SP3GDR\rmcast.sys + 2008-05-08 13:58:17 203,136 ----a-w C:\WINDOWS\$hf_mig$\KB950762\SP3QFE\rmcast.sys + 2007-11-30 12:39:27 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB950762\spmsg.dll + 2007-11-30 12:39:27 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB950762\spuninst.exe + 2007-11-30 12:39:27 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950762\update\spcustom.dll + 2007-11-30 12:39:27 757,112 ----a-w C:\WINDOWS\$hf_mig$\KB950762\update\update.exe + 2007-11-30 12:39:28 392,056 ----a-w C:\WINDOWS\$hf_mig$\KB950762\update\updspapi.dll + 2008-06-14 18:05:39 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP2QFE\bthport.sys + 2008-06-14 17:34:47 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP3GDR\bthport.sys + 2008-06-14 17:40:21 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP3QFE\bthport.sys + 2007-11-30 11:19:02 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\spmsg.dll + 2007-11-30 11:19:02 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\spuninst.exe + 2007-11-30 11:19:02 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\spcustom.dll + 2007-11-30 11:19:03 757,112 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe + 2007-11-30 11:19:03 392,056 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\updspapi.dll + 2008-04-14 16:17:07 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376\SP2QFE\bthport.sys + 2008-04-14 15:59:41 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376\SP3GDR\bthport.sys + 2008-04-14 16:22:36 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376\SP3QFE\bthport.sys + 2007-11-30 11:19:02 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951376\spmsg.dll + 2007-11-30 11:19:02 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB951376\spuninst.exe + 2007-11-30 11:19:02 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951376\update\spcustom.dll + 2007-11-30 11:19:03 757,112 ----a-w C:\WINDOWS\$hf_mig$\KB951376\update\update.exe + 2007-11-30 11:19:03 392,056 ----a-w C:\WINDOWS\$hf_mig$\KB951376\update\updspapi.dll + 2008-05-07 04:55:33 1,288,704 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP2QFE\quartz.dll + 2008-05-07 05:12:01 1,288,704 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll + 2008-05-07 05:04:48 1,288,704 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll + 2007-11-30 11:19:02 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll + 2007-11-30 11:19:02 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe + 2007-11-30 11:19:02 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll + 2007-11-30 12:39:27 757,112 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe + 2007-11-30 12:39:28 392,056 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll + 2006-08-16 12:14:20 100,352 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\6to4svc.dll + 2008-06-20 10:44:08 138,368 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys + 2008-06-20 17:37:17 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\dnsapi.dll + 2008-06-20 17:37:17 246,784 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll + 2008-06-20 10:44:42 360,960 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys + 2008-06-20 09:32:39 225,920 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip6.sys + 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys + 2008-06-20 17:47:56 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\dnsapi.dll + 2008-06-20 17:47:56 246,784 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll + 2008-06-20 11:51:12 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys + 2008-06-20 11:08:27 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip6.sys + 2008-06-20 11:48:03 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys + 2008-06-20 17:44:04 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\dnsapi.dll + 2008-06-20 17:44:04 246,784 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll + 2008-06-20 11:59:02 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys + 2008-06-20 11:16:44 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip6.sys + 2007-11-30 12:39:27 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spmsg.dll + 2007-11-30 12:39:27 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spuninst.exe + 2007-11-30 12:39:27 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\spcustom.dll + 2007-11-30 12:39:25 757,112 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\update.exe + 2007-11-30 12:39:25 392,056 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\updspapi.dll + 2004-09-15 12:00:00 294,400 -c----w C:\WINDOWS\$NtUninstallKB932823-v3$\msctf.dll + 2007-03-06 01:31:14 214,752 -c----w C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe + 2007-03-06 01:32:23 380,640 -c----w C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\updspapi.dll + 2007-11-30 12:39:27 232,824 -c----w C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe + 2007-11-30 12:39:28 392,056 -c----w C:\WINDOWS\$NtUninstallKB950760$\spuninst\updspapi.dll + 2006-07-13 08:48:58 202,240 -c----w C:\WINDOWS\$NtUninstallKB950762$\rmcast.sys + 2007-11-30 12:39:27 232,824 -c----w C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe + 2007-11-30 12:39:28 392,056 -c----w C:\WINDOWS\$NtUninstallKB950762$\spuninst\updspapi.dll + 2008-04-14 15:52:59 272,128 -c----w C:\WINDOWS\$NtUninstallKB951376-v2$\bthport.sys + 2007-11-30 11:19:02 232,824 -c----w C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe + 2007-11-30 11:19:03 392,056 -c----w C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\updspapi.dll + 2007-11-30 11:19:02 232,824 -c----w C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe + 2007-11-30 11:19:03 392,056 -c----w C:\WINDOWS\$NtUninstallKB951376$\spuninst\updspapi.dll + 2007-10-29 22:43:51 1,288,192 -c----w C:\WINDOWS\$NtUninstallKB951698$\quartz.dll + 2007-11-30 11:19:02 232,824 -c----w C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe + 2007-11-30 12:39:28 392,056 -c----w C:\WINDOWS\$NtUninstallKB951698$\spuninst\updspapi.dll + 2004-09-15 12:00:00 138,496 -c----w C:\WINDOWS\$NtUninstallKB951748$\afd.sys + 2008-02-20 05:38:03 148,992 -c----w C:\WINDOWS\$NtUninstallKB951748$\dnsapi.dll + 2004-09-15 12:00:00 246,784 -c----w C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll + 2007-11-30 12:39:27 232,824 -c----w C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe + 2007-11-30 12:39:25 392,056 -c----w C:\WINDOWS\$NtUninstallKB951748$\spuninst\updspapi.dll + 2007-10-30 17:20:55 360,064 -c----w C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys + 2006-08-16 09:37:30 225,664 -c----w C:\WINDOWS\$NtUninstallKB951748$\tcpip6.sys + 2008-07-12 08:41:02 315,392 ----a-w C:\WINDOWS\.jagex_cache_32\runescape\browsercontrol.dll - 2008-01-29 13:54:21 19,185 ----a-w C:\WINDOWS\.jagex_cache_32\runescape\game_unpacker.dat + 2008-07-15 17:06:45 19,767 ----a-w C:\WINDOWS\.jagex_cache_32\runescape\game_unpacker.dat + 2008-07-12 08:41:02 315,392 ----a-w C:\WINDOWS\.jagex_cache_32\runescape\jogl.dll + 2008-07-12 08:41:03 20,480 ----a-w C:\WINDOWS\.jagex_cache_32\runescape\jogl_awt.dll + 2008-06-14 17:59:49 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys + 2008-03-01 13:01:50 124,928 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll + 2008-03-01 13:01:50 347,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll + 2008-03-01 13:01:50 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll + 2008-03-01 13:01:50 133,120 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll + 2008-03-01 13:01:50 63,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll + 2008-02-29 08:55:56 70,656 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe + 2008-03-01 13:01:50 153,088 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll + 2008-03-01 13:01:50 230,400 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll + 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll + 2008-03-01 13:01:51 383,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll + 2008-03-01 13:01:51 384,512 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll + 2008-03-01 13:01:51 6,066,176 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll + 2008-03-01 13:01:51 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll + 2008-03-01 13:01:51 267,776 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll + 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe + 2008-02-29 08:56:25 625,664 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe + 2008-03-01 13:01:51 27,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll + 2008-03-01 13:01:52 459,264 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll + 2008-03-01 13:01:52 52,224 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll + 2008-03-01 15:31:54 3,591,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll + 2008-03-01 13:01:53 478,208 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll + 2008-03-01 13:01:53 193,024 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll + 2008-03-01 13:01:53 671,232 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll + 2008-03-01 13:01:53 102,912 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll + 2008-03-01 13:01:53 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll + 2007-03-06 01:31:14 214,752 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe + 2007-03-06 01:32:23 380,640 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll + 2008-03-01 13:01:53 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll + 2008-03-01 13:01:53 1,159,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll + 2008-03-01 13:01:53 233,472 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll + 2008-03-01 13:01:53 826,368 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll + 2008-06-08 16:31:40 10,134 ----a-r C:\WINDOWS\Installer\{DB5F474C-B584-417F-810B-DEBBC1893C2A}\ARPPRODUCTICON.exe + 1998-09-30 07:09:20 1,276,416 ----a-w C:\WINDOWS\lhsp\tv\tv_enua.dll + 1998-09-24 12:15:44 40,960 ----a-w C:\WINDOWS\lhsp\tv\tvenuax.dll - 2000-08-31 05:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe + 2000-08-31 05:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe + 1999-01-12 12:19:12 248,832 ----a-w C:\WINDOWS\speech\spchtel.dll + 1999-01-12 12:19:12 562,176 ----a-w C:\WINDOWS\speech\speech.dll + 1999-01-12 12:09:36 380,928 ----a-w C:\WINDOWS\speech\vcmd.exe + 1999-01-12 12:19:12 156,160 ----a-w C:\WINDOWS\speech\vcmshl.dll + 1999-01-12 12:19:12 179,712 ----a-w C:\WINDOWS\speech\Vdict.dll + 1999-01-12 08:35:30 53,760 ----a-w C:\WINDOWS\speech\WrapSAPI.dll + 1999-01-12 12:19:12 173,056 ----a-w C:\WINDOWS\speech\VText.dll + 1999-01-12 12:19:12 128,000 ----a-w C:\WINDOWS\speech\Xcommand.dll + 1999-01-12 12:19:12 208,896 ----a-w C:\WINDOWS\speech\Xlisten.dll + 1999-01-12 12:19:12 203,776 ----a-w C:\WINDOWS\speech\XTel.Dll + 1999-01-12 12:19:12 195,584 ----a-w C:\WINDOWS\speech\Xvoice.dll - 2008-03-01 13:01:50 124,928 ----a-w C:\WINDOWS\system32\advpack.dll + 2008-04-23 04:16:41 124,928 ----a-w C:\WINDOWS\system32\advpack.dll - 2008-03-01 13:01:50 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll + 2008-04-23 04:16:41 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll - 2004-09-15 12:00:00 138,496 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys + 2008-06-20 10:44:38 138,368 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys + 2008-06-14 17:59:49 272,128 -c----w C:\WINDOWS\system32\dllcache\bthport.sys - 2008-02-20 05:38:03 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll + 2008-06-20 17:41:09 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll - 2008-03-01 13:01:50 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll + 2008-04-23 04:16:42 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll - 2008-03-01 13:01:50 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll + 2008-04-23 04:16:42 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll - 2008-03-01 13:01:50 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll + 2008-04-23 04:16:42 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll - 2008-03-01 13:01:50 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll + 2008-04-23 04:16:42 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll - 2008-02-29 08:55:56 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe + 2008-04-22 07:41:08 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe - 2008-03-01 13:01:50 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll + 2008-04-23 04:16:42 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll - 2008-03-01 13:01:50 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll + 2008-04-23 04:16:42 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll - 2008-02-15 05:44:25 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll + 2008-04-20 05:07:51 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll - 2008-03-01 13:01:51 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll + 2008-04-23 04:16:42 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll - 2008-03-01 13:01:51 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll + 2008-04-23 04:16:42 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll - 2008-03-01 13:01:51 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll + 2008-04-23 04:16:42 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll - 2008-03-01 13:01:51 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll + 2008-04-23 04:16:42 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll - 2008-03-01 13:01:51 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll + 2008-04-23 04:16:42 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll - 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe + 2008-04-22 07:39:58 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe - 2008-02-29 08:56:25 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe + 2008-04-22 07:41:30 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe - 2008-03-01 13:01:51 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll + 2008-04-23 04:16:42 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll - 2004-09-15 12:00:00 294,400 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll + 2008-02-26 12:00:47 294,912 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll - 2008-03-01 13:01:52 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll + 2008-04-23 04:16:42 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll - 2008-03-01 13:01:52 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll + 2008-04-23 04:16:42 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll - 2008-03-01 15:31:54 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll + 2008-04-23 19:16:44 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll - 2008-03-01 13:01:53 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll + 2008-04-23 04:16:42 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll - 2008-03-01 13:01:53 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll + 2008-04-23 04:16:42 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll - 2008-03-01 13:01:53 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll + 2008-04-23 04:16:42 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll - 2004-09-15 12:00:00 246,784 -c--a-w C:\WINDOWS\system32\dllcache\mswsock.dll + 2008-06-20 17:41:09 246,784 -c--a-w C:\WINDOWS\system32\dllcache\mswsock.dll - 2008-03-01 13:01:53 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll + 2008-04-23 04:16:42 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll - 2008-03-01 13:01:53 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll + 2008-04-23 04:16:42 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll - 2007-10-29 22:43:51 1,288,192 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll + 2008-05-07 05:15:43 1,288,192 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll - 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys + 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys - 2007-10-30 17:20:55 360,064 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys + 2008-06-20 10:45:13 360,320 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys - 2006-08-16 09:37:30 225,664 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys + 2008-06-20 09:52:06 225,920 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys - 2008-03-01 13:01:53 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll + 2008-04-23 04:16:42 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll - 2008-03-01 13:01:53 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll + 2008-04-23 04:16:43 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll - 2008-03-01 13:01:53 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll + 2008-04-23 04:16:43 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll - 2008-03-01 13:01:53 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll + 2008-04-23 04:16:43 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll - 2008-02-20 05:38:03 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll + 2008-06-20 17:41:09 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll - 2006-07-13 08:48:58 202,240 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys + 2008-05-08 12:28:49 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys - 2008-03-01 13:01:50 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll + 2008-04-23 04:16:42 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll - 2008-03-01 13:01:50 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll + 2008-04-23 04:16:42 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll - 2008-03-01 13:01:50 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll + 2008-04-23 04:16:42 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll - 2008-03-01 13:01:50 63,488 ----a-w C:\WINDOWS\system32\icardie.dll + 2008-04-23 04:16:42 63,488 ----a-w C:\WINDOWS\system32\icardie.dll - 2008-02-29 08:55:56 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe + 2008-04-22 07:41:08 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe - 2008-03-01 13:01:50 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll + 2008-04-23 04:16:42 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll - 2008-03-01 13:01:50 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll + 2008-04-23 04:16:42 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll - 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll + 2008-04-20 05:07:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll - 2008-03-01 13:01:51 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll + 2008-04-23 04:16:42 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll - 2008-03-01 13:01:51 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll + 2008-04-23 04:16:42 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll - 2008-03-01 13:01:51 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll + 2008-04-23 04:16:42 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll - 2008-03-01 13:01:51 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll + 2008-04-23 04:16:42 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll - 2008-03-01 13:01:51 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll + 2008-04-23 04:16:42 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll - 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe + 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe - 2008-03-01 13:01:51 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll + 2008-04-23 04:16:42 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll - 2003-03-18 20:20:00 1,060,864 ----a-w C:\WINDOWS\system32\MFC71.dll + 2003-03-19 06:20:00 1,060,864 ----a-w C:\WINDOWS\system32\MFC71.dll - 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe + 2008-06-25 16:15:46 17,972,344 ----a-w C:\WINDOWS\system32\MRT.exe - 2004-09-15 12:00:00 294,400 ----a-w C:\WINDOWS\system32\MSCTF.dll + 2008-02-26 12:00:47 294,912 ----a-w C:\WINDOWS\system32\msctf.dll - 2008-03-01 13:01:52 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll + 2008-04-23 04:16:42 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll - 2008-03-01 13:01:52 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll + 2008-04-23 04:16:42 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll - 2008-03-01 15:31:54 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll + 2008-04-23 19:16:44 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll - 2008-03-01 13:01:53 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll + 2008-04-23 04:16:42 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll - 2008-03-01 13:01:53 193,024 ----a-w C:\WINDOWS\system32\msrating.dll + 2008-04-23 04:16:42 193,024 ----a-w C:\WINDOWS\system32\msrating.dll - 2008-03-01 13:01:53 671,232 ----a-w C:\WINDOWS\system32\mstime.dll + 2008-04-23 04:16:42 671,232 ----a-w C:\WINDOWS\system32\mstime.dll - 2003-03-18 18:14:52 499,712 ------w C:\WINDOWS\system32\msvcp71.dll + 2003-03-19 05:14:52 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll - 2008-03-01 13:01:53 102,912 ----a-w C:\WINDOWS\system32\occache.dll + 2008-04-23 04:16:42 102,912 ----a-w C:\WINDOWS\system32\occache.dll - 2008-03-01 13:01:53 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll + 2008-04-23 04:16:42 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll - 2007-10-29 22:43:51 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll + 2008-05-07 05:15:43 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll - 2006-09-25 14:58:48 14,640 ------w C:\WINDOWS\system32\spmsg.dll + 2007-11-30 12:39:27 17,272 ------w C:\WINDOWS\system32\spmsg.dll - 2008-03-01 13:01:53 105,984 ----a-w C:\WINDOWS\system32\url.dll + 2008-04-23 04:16:42 105,984 ----a-w C:\WINDOWS\system32\url.dll - 2008-03-01 13:01:53 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll + 2008-04-23 04:16:43 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll - 2008-03-01 13:01:53 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll + 2008-04-23 04:16:43 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll - 2008-03-01 13:01:53 826,368 ----a-w C:\WINDOWS\system32\wininet.dll + 2008-04-23 04:16:43 826,368 ----a-w C:\WINDOWS\system32\wininet.dll + 2008-08-13 06:26:00 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_2b8.dat . -- Snapshot reset to current date -- . (((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„ [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360] "Steam"="c:\program files\steam\steam.exe" [2008-03-29 21:01 1271032] "OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-05-28 16:59 95800] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "F-Secure Manager"="C:\Program Files\PC Protection\Common\FSM32.EXE" [2007-11-01 14:42 182936] "F-Secure TNB"="C:\Program Files\PC Protection\FSGUI\TNBUtil.exe" [2007-11-01 14:42 739936] "News Service"="C:\Program Files\PC Protection\FSGUI\ispnews.exe" [2005-05-31 15:45 356352] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-03-12 23:43 81920] "RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768] "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 10:33 892928] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22 86016] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "SoundMan"="SOUNDMAN.EXE" [2006-10-26 12:19 55296 C:\WINDOWS\SOUNDMAN.EXE] "nwiz"="nwiz.exe" [2006-10-22 13:22 1622016 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winkve32] 2008-08-12 11:34 32768 C:\WINDOWS\system32\winkve32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i420vfw.dll "msacm.avis"= ff_acm.acm "vidc.yv12"= yv12vfw.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "C:\\StubInstaller.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Steam\\Steam.exe"= "C:\\Program Files\\Steam\\SteamApps\\hencka666\\counter-strike\\hl.exe"= "C:\\Program Files\\Steam\\SteamApps\\hencka666\\condition zero deleted scenes\\hl.exe"= "C:\\Program Files\\Steam\\SteamApps\\hencka666\\condition zero\\hl.exe"= "C:\\Program Files\\Steam\\SteamApps\\danc3\\counter-strike\\hl.exe"= "C:\\Program Files\\Steam\\SteamApps\\hencka666\\deathmatch classic\\hl.exe"= "C:\\Program Files\\Steam\\SteamApps\\hencka666\\source sdk base\\hl2.exe"= "C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"= "C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"= "C:\\Program Files\\Bersirc\\Bersirc.exe"= "C:\\WINDOWS\\system32\\winver.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "11396:TCP"= 11396:TCP:BitComet 11396 TCP "11396:UDP"= 11396:UDP:BitComet 11396 UDP R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys [2004-03-12 23:41] R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys [2004-03-12 23:41] R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-03-17 16:58] R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\PC Protection\HIPS\fshs.sys [2008-02-13 17:06] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\PC Protection\Anti-Virus\minifilter\fsgk.sys [2007-11-01 14:42] R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2004-03-03 10:50] S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2006-03-29 22:06] S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\PC Protection\Anti-Virus\Win2K\FSfilter.sys [2007-11-01 14:42] S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\PC Protection\Anti-Virus\Win2K\FSrec.sys [2007-11-01 14:42] . 'Ajoitetut teht„v„t'-kansion sis„lt” 2008-08-09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [] 2007-02-09 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1161929320.job - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 17:56] 2008-08-13 C:\WINDOWS\Tasks\Scheduled scanning task.job - C:\PROGRA~1\PCPROT~1\ANTI-V~1\fsav.exe [2007-11-01 14:42] . - - - - ORPHANS REMOVED - - - - BHO-{3b2b6430-1eb5-4188-80d7-484dc65fa924} - C:\WINDOWS\system32\diqowhhc.dll HKLM-Run-NBKeyScan - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe HKLM-Run-PWRISOVM.EXE - C:\Documents and Settings\Sirkka\Työpöytä\PowerISO\PWRISOVM.EXE HKLM-Run-AdVantage Setup - H:\BSplayer\AdVantageSetup.exe HKLM-Run-BM7fc7938f - C:\WINDOWS\system32\vtbyclsy.dll HKLM-Run-MSDisp32 - C:\WINDOWS\system32\drvgux.dll HKLM-Run-Windows UDP Control - winudspm.exe Notify-iifebCtQ - iifebCtQ.dll . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Sirkka\Application Data\Mozilla\Firefox\Profiles\r8hi25a1.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - kuukle.fi FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-13 09:32:10 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\winkve32.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\PC Protection\Anti-Virus\fsgk32st.exe C:\Program Files\PC Protection\Common\FSMA32.EXE C:\Program Files\PC Protection\Anti-Virus\fsgk32.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\PC Protection\Common\FSMB32.EXE C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\PC Protection\Common\FCH32.EXE C:\Program Files\PC Protection\Common\FAMEH32.EXE C:\Program Files\PC Protection\Anti-Virus\fsqh.exe C:\Program Files\PC Protection\FSPC\fspc.exe C:\Program Files\PC Protection\FSAUA\program\fsaua.exe C:\Program Files\PC Protection\FWES\program\fsdfwd.exe C:\Program Files\PC Protection\Anti-Virus\fssm32.exe C:\Program Files\PC Protection\FSAUA\program\fsus.exe C:\Program Files\PC Protection\Anti-Virus\fsav32.exe C:\PROGRA~1\PCPROT~1\Common\FSM32.EXE C:\Program Files\PC Protection\FSGUI\fsguidll.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe . ************************************************************************** . Completion time: 2008-08-13 10:06:47 - machine was rebooted [Sirkka] ComboFix-quarantined-files.txt 2008-08-13 07:05:23 ComboFix2.txt 2008-06-05 18:12:00 Pre-Run: 3,785,699,328 tavua vapaana Post-Run: 4,537,847,808 tavua vapaana 546 --- E O F --- 2008-07-10 06:00:54
Hijackthis ohje. Eli tuon ohjeen mukaan pistä tänne hijackthis loki. Lataa Malwarebytes' Anti-Malware työpöydällesi. * Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman. * Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta. * Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version. * Kun ohjelma on latautunut, valitse Suorita täysi tarkistus ja klikkaa Tarkista. * Kun skanni on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset. * Varmistu, että kaikki on merkitty ja klikkaa Poista valitut. * Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt * Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.
HJT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:27:33, on 13.8.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\PC Protection\Common\FSM32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\rhcvbgj0e9fv\rhcvbgj0e9fv.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\system32\pphcrbgj0e9fv.exe C:\Program Files\PC Protection\Anti-Virus\fsgk32st.exe C:\Program Files\PC Protection\Common\FSMA32.EXE C:\Program Files\PC Protection\Anti-Virus\FSGK32.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\PC Protection\Common\FSMB32.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\PC Protection\Common\FCH32.EXE C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\PC Protection\Common\FAMEH32.EXE C:\Program Files\PC Protection\Anti-Virus\fsqh.exe C:\Program Files\PC Protection\FSPC\fspc.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\PC Protection\FSAUA\program\fsaua.exe C:\Program Files\PC Protection\FSGUI\fsguidll.exe C:\Program Files\PC Protection\Anti-Virus\fssm32.exe C:\Program Files\PC Protection\FWES\Program\fsdfwd.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\PC Protection\FSAUA\program\fsus.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\PC Protection\Anti-Virus\fsav32.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\SoftwareDistribution\Download\Install\windows-kb890830-v2.1-delta.exe c:\82a4add97d4d9ad489bd8f\mrtstub.exe C:\WINDOWS\system32\MRT.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O2 - BHO: LogicFunctions module - {18CB1A7B-94CD-4582-8022-ADA16851E44B} - C:\Documents and Settings\All Users\Application Data\services\services.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Documents and Settings\Sirkka\Työpöytä\Sälää\BitComet\tools\BitCometBHO_1.1.3.19.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PC Protection\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PC Protection\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [News Service] "C:\Program Files\PC Protection\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -noicon O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [lphcrbgj0e9fv] C:\WINDOWS\system32\lphcrbgj0e9fv.exe O4 - HKLM\..\Run: [SMrhcvbgj0e9fv] C:\Program Files\rhcvbgj0e9fv\rhcvbgj0e9fv.exe O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvcod.dll,startup O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart O4 - HKCU\..\Run: [s9201] "C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe" /autorun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Help.lnk = C:\Program Files\Postal2\Help.htm O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Lataa FlashGetillä - C:\Documents and Settings\Sirkka\Työpöytä\Sälää\Flashget\jc_link.htm O8 - Extra context menu item: &Lataa kaikki FlashGetillä - C:\Documents and Settings\Sirkka\Työpöytä\Sälää\Flashget\jc_all.htm O8 - Extra context menu item: &Search - ?p=ZCfox000 O8 - Extra context menu item: Download all links using BitComet - res://C:\Documents and Settings\Sirkka\Työpöytä\Sälää\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Documents and Settings\Sirkka\Työpöytä\Sälää\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Documents and Settings\Sirkka\Työpöytä\Sälää\BitComet\BitComet.exe/AddLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{23098351-E36E-41E5-9A04-485F15E6C60B}: NameServer = 212.116.32.218 212.116.32.222 O17 - HKLM\System\CS1\Services\Tcpip\..\{23098351-E36E-41E5-9A04-485F15E6C60B}: NameServer = 212.116.32.218 212.116.32.222 O17 - HKLM\System\CS2\Services\Tcpip\..\{23098351-E36E-41E5-9A04-485F15E6C60B}: NameServer = 212.116.32.218 212.116.32.222 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - Winlogon Notify: winkve32 - winkve32.dll (file missing) O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PC Protection\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\PC Protection\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PC Protection\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\PC Protection\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe (file missing) -- End of file - 11478 bytes
tässä tämä malwarebytes Malwarebytes' Anti-Malware 1.24 Tietokantaversio: 1048 Windows 5.1.2600 Service Pack 2 20:05:39 13.8.2008 mbam-log-8-13-2008 (20-05-39).txt Tarkistustyyppi: Täysi tarkistus (C:\|D:\|) Tarkistetut kohteet: 119662 Kulunut aika: 2 hour(s), 24 minute(s), 51 second(s) Saastuneita muistiprosesseja: 3 Saastuneita muistimoduuleja: 7 Saastuneita rekisteriavaimia: 24 Saastuneita rekisteriarvoja: 7 Saastuneita rekisterikohteita: 2 Saastuneita hakemistoja: 18 Saastuneita tiedostoja: 42 Saastuneita muistiprosesseja: C:\Program Files\rhcvbgj0e9fv\rhcvbgj0e9fv.exe (Rogue.Multiple) -> Unloaded process successfully. C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe (Rogue.Multiple) -> Unloaded process successfully. C:\WINDOWS\system32\pphcrbgj0e9fv.exe (Trojan.FakeAlert) -> Unloaded process successfully. Saastuneita muistimoduuleja: C:\WINDOWS\system32\drvcod.dll (Trojan.Fakealert) -> Delete on reboot. C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll (Trojan.Agent) -> Delete on reboot. C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL (Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Delete on reboot. C:\Program Files\rhcvbgj0e9fv\MFC71.dll (Rogue.Multiple) -> Delete on reboot. C:\Program Files\rhcvbgj0e9fv\msvcp71.dll (Rogue.Multiple) -> Delete on reboot. C:\Program Files\rhcvbgj0e9fv\msvcr71.dll (Rogue.Multiple) -> Delete on reboot. Saastuneita rekisteriavaimia: HKEY_CLASSES_ROOT\TypeLib\{f0d4b230-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f0d4b23a-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f0d4b23c-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b15fd82e-85bc-430d-90cb-65db1b030510} (Adware.AskSBAR) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\logicfunctions.logicfunctions (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{8b8df25f-2c47-4473-8e1c-7f54ac7ef481} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{18cb1a7b-94cd-4582-8022-ada16851e44b} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18cb1a7b-94cd-4582-8022-ada16851e44b} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\logicfunctions.logicfunctions.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Secure Solutions (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcvbgj0e9fv (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\rhcvbgj0e9fv (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winkve32 (Dialer) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\LogicFunctions (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataDisp32 (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\HID_Layer (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. Saastuneita rekisteriarvoja: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msdisp32 (Trojan.Fakealert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhcvbgj0e9fv (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\s9201 (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcrbgj0e9fv (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully. Saastuneita rekisterikohteita: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Saastuneita hakemistoja: C:\Program Files\rhcvbgj0e9fv (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Secure Solutions (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\BASE (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Sirkka\Application Data\rhcvbgj0e9fv (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Sirkka\Application Data\rhcvbgj0e9fv\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Sirkka\Application Data\rhcvbgj0e9fv\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Sirkka\Application Data\rhcvbgj0e9fv\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Sirkka\Application Data\rhcvbgj0e9fv\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Sirkka\Application Data\rhcvbgj0e9fv\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Sirkka\Application Data\rhcvbgj0e9fv\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Sirkka\Application Data\rhcvbgj0e9fv\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Sirkka\Application Data\rhcvbgj0e9fv\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Sirkka\Application Data\rhcvbgj0e9fv\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Sirkka\Application Data\rhcvbgj0e9fv\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully. Saastuneita tiedostoja: C:\WINDOWS\system32\drvcod.dll (Trojan.Fakealert) -> Delete on reboot. C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll (Trojan.Agent) -> Delete on reboot. C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL (Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Delete on reboot. C:\Documents and Settings\All Users\Application Data\services\services.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\dci.0xe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\dciz.0xe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F119F07B-E1E8-40BD-A01E-F98F9CE36A03}\RP280\A0550824.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\winudspm.0xe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drvgux.0ll (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\gos13C.tmp (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\WINDOWS\system32\ataljooa.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\WINDOWS\system32\gevmwang.exe.vir (Trojan.LowZones) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\WINDOWS\system32\hpbxnfpq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\WINDOWS\system32\hwmtjaxc.exe.vir (Trojan.LowZones) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\WINDOWS\system32\iehxqdec.exe.vir (Trojan.LowZones) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\WINDOWS\system32\vpfeoucj.exe.vir (Trojan.LowZones) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\WINDOWS\system32\wfaerifq.exe.vir (Trojan.LowZones) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\WINDOWS\system32\xbbcmovb.exe.vir (Trojan.LowZones) -> Quarantined and deleted successfully. C:\Program Files\rhcvbgj0e9fv\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\rhcvbgj0e9fv\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\rhcvbgj0e9fv\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\rhcvbgj0e9fv\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\rhcvbgj0e9fv\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\rhcvbgj0e9fv\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\rhcvbgj0e9fv\rhcvbgj0e9fv.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\rhcvbgj0e9fv\rhcvbgj0e9fv.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\rhcvbgj0e9fv\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080813105845203.log (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080813110443890.log (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080813171209828.log (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\winkve32.dll (Dialer) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Työpöytä\Antivirus XP 2008.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully. C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\blphcrbgj0e9fv.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lphcrbgj0e9fv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\phcrbgj0e9fv.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pphcrbgj0e9fv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Sirkka\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
no nyt se lähti! todella paljo kiitoksia! 10 pistettä ja virtuaalikeksi sinulle tässä kuitenkin se loki vielä kun pyysit Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:18:52, on 13.8.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\PC Protection\Common\FSM32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\PC Protection\Anti-Virus\fsgk32st.exe C:\Program Files\PC Protection\Common\FSMA32.EXE C:\Program Files\PC Protection\Anti-Virus\FSGK32.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\PC Protection\Common\FSMB32.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\PC Protection\Common\FCH32.EXE C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\PC Protection\Common\FAMEH32.EXE C:\Program Files\PC Protection\Anti-Virus\fsqh.exe C:\Program Files\PC Protection\FSPC\fspc.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\PC Protection\FSAUA\program\fsaua.exe C:\Program Files\PC Protection\Anti-Virus\fssm32.exe C:\Program Files\PC Protection\FWES\Program\fsdfwd.exe C:\Program Files\PC Protection\FSGUI\fsguidll.exe C:\Program Files\PC Protection\FSAUA\program\fsus.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\PC Protection\Anti-Virus\fsav32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Documents and Settings\Sirkka\Työpöytä\Sälää\BitComet\tools\BitCometBHO_1.1.3.19.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PC Protection\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PC Protection\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [News Service] "C:\Program Files\PC Protection\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -noicon O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Help.lnk = C:\Program Files\Postal2\Help.htm O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Lataa FlashGetillä - C:\Documents and Settings\Sirkka\Työpöytä\Sälää\Flashget\jc_link.htm O8 - Extra context menu item: &Lataa kaikki FlashGetillä - C:\Documents and Settings\Sirkka\Työpöytä\Sälää\Flashget\jc_all.htm O8 - Extra context menu item: &Search - ?p=ZCfox000 O8 - Extra context menu item: Download all links using BitComet - res://C:\Documents and Settings\Sirkka\Työpöytä\Sälää\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Documents and Settings\Sirkka\Työpöytä\Sälää\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Documents and Settings\Sirkka\Työpöytä\Sälää\BitComet\BitComet.exe/AddLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{23098351-E36E-41E5-9A04-485F15E6C60B}: NameServer = 212.116.32.218 212.116.32.222 O17 - HKLM\System\CS1\Services\Tcpip\..\{23098351-E36E-41E5-9A04-485F15E6C60B}: NameServer = 212.116.32.218 212.116.32.222 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PC Protection\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\PC Protection\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PC Protection\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\PC Protection\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe (file missing) -- End of file - 10034 bytes
Fixaa seuraavat rivit Hijackthis:llä R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) Päivitetään viellä java vieraile myös http://windowsupdate.microsoft.com/ sivostolla jonka avulla voit päivittää windowsiisi uusimmat päivitykset. Javan päivitys ja välimuistin tyhjennys: 1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa. (Windows Vista: Käynnistä -> [kirjoita hakukenttään] Ohjelmat ja toiminnot ja Enter) 2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... ) Niissä pitäisi olla seuraava kuva vieressä: 3. Valitse kaikki entiset Java versiosi ja valitse Poista. 4. Asenna uusin Java päivitys seuraavasta linkistä.. http://java.sun.com/javase/downloads/index.jsp Rullaa alas kohteeseen Java Runtime Environment (JRE) 6 Update 7 Paina Download Valitse Platform -kohtaan käyttöjärjestelmäsi Windows. Ruksaa I agree to the Java SE Runtime Environment 6 License Agreement. Paina Continue. Paina Windows Offline Installation:in alapuolelta jre-6u7-windows-i586-p.exe. Tallenna tiedosto vaikka työpöydälle ja asenna se. 5. Käynnistä kone uudelleen asennuksen jälkeen. 6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi). 7. General-välilehdellä klikkaa Settings. Vedä liukusäädintä (Disk Space) pienemmälle. (Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa. Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle). 8. Klikkaa Delete Files -nappia. Varmista että kaikki kaksi valintaa ovat rastitettuja: Applications and Applets Trace and Log Files Ja paina OK -nappia Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA. 9. Klikkaa OK "Temporary Files Settings" -ikkunassasi. 10. Välilehti Update: ota ruksi pois kohdasta Check for Updates automatically Valitse Never check 11. Klikkaa Apply ja OK jättääksesi Java asetusikkunasi.
