Elikkäs f-secure löysi 3 virusta, mutta ei mitään hajua miten saisi ne koneelta pois. Voisiko täällä joku viisaampi kertoa mahdollisimman selvästi yksinkertaiselle tietokoneen peruskäyttäjälle kuinka päästä viruksista eroon. Tulos: 3 haittaohjelmaa löytyi Trojan.Java.ClassLoader.as (virus) * C:\Documents and Settings\Hannu\Application Data\Sun\Java\Deployment\cache\6.0\32\7836d960-1eb28c65\BnnnnBaa.class * C:\Documents and Settings\Hannu\Application Data\Sun\Java\Deployment\cache\6.0\32\7836d960-1eb28c65\VaannnaaBaa.class * C:\Documents and Settings\Hannu\Application Data\Sun\Java\Deployment\cache\6.0\32\7836d960-1eb28c65\Bnnnnn.class Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:26:10, on 21.4.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\PC Protection Plus\Common\FSM32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Creative\Shared Files\CamTray.exe C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe C:\Program Files\PC Protection Plus\Anti-Virus\fsgk32st.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\PC Protection Plus\Anti-Virus\FSGK32.EXE C:\Program Files\PC Protection Plus\Common\FSMA32.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\PC Protection Plus\Common\FSMB32.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\PC Protection Plus\Common\FCH32.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\PC Protection Plus\Anti-Virus\fsqh.exe C:\Program Files\PC Protection Plus\Common\FAMEH32.EXE C:\Program Files\PC Protection Plus\FSPC\fspc.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\PC Protection Plus\FSGUI\fsguidll.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Protection Plus\FSAUA\program\fsaua.exe C:\Program Files\PC Protection Plus\Anti-Virus\fssm32.exe C:\Program Files\PC Protection Plus\FWES\Program\fsdfwd.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\PC Protection Plus\FSAUA\program\fsus.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\PC Protection Plus\Anti-Virus\fsav32.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PC Protection Plus\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PC Protection Plus\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe" O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Protection Plus\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection Plus\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection Plus\FSPC\fspcmsie.dll O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1207856991359 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PC Protection Plus\Anti-Virus\fsgk32st.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\PC Protection Plus\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PC Protection Plus\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\PC Protection Plus\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 9555 bytes
Lataa Malwarebytes' Anti-Malware työpöydällesi. 1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman. 2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish. 3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version. 4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan. 5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset. 6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected. 7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt 8. Lähetä lokin sisältö seuraavassa viestissäsi.
Ohjelma ilmoitti, että haitallisia kohteita ei löytynyt. Malwarebytes' Anti-Malware 1.11 Tietokantaversio: 665 Tarkistustyyppi: Täysi tarkistus (C:\|) Tarkistetut kohteet: 216625 Kulunut aika: 2 hour(s), 17 minute(s), 34 second(s) Saastuneita muistiprosesseja: 0 Saastuneita muistimoduuleja: 0 Saastuneita rekisteriavaimia: 0 Saastuneita rekisteriarvoja: 0 Saastuneita rekisterikohteita: 0 Saastuneita hakemistoja: 0 Saastuneita tiedostoja: 0 Saastuneita muistiprosesseja: (Haitallisia kohteita ei löydetty) Saastuneita muistimoduuleja: (Haitallisia kohteita ei löydetty) Saastuneita rekisteriavaimia: (Haitallisia kohteita ei löydetty) Saastuneita rekisteriarvoja: (Haitallisia kohteita ei löydetty) Saastuneita rekisterikohteita: (Haitallisia kohteita ei löydetty) Saastuneita hakemistoja: (Haitallisia kohteita ei löydetty) Saastuneita tiedostoja: (Haitallisia kohteita ei löydetty)
mene ohjauspaneliin avaa java paina settings paina delete files sitten aukee pikkunen ikkuna niin kato että kahdessa kohtaan on täpit *Applications and Applets *Trace and Log Files Ja paina OK -nappia Klikkaa OK "Temporary Files Settings" -ikkunassasi. Klikkaa OK jättääksesi Java asetusikkunasi.
1.Lataa combofix.exe työpöydällesi yhdestä linkistä: combofix1 combofix2 2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia. 3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi. Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen. =============== Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi. Käynnistä koneesi vikasietotilaan: sammuta ja käynnistä käynnistyksen yhteydessä hakkaa F8 nappia valitse nuolinäppäimellä vikasietotila paina enter ja enter valitse käyttäjätilisi paina kyllä Jossakin koneissa hakataan F8:sin sijasta F5:tä " Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix. " Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman. " Paina Y käynnistääksesi skriptin. " Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot". " Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen. " Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta. " Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished". " Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle. " Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.
ComboFix 08-04-20.5 - Milla 2008-04-22 15:23:58.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.491 [GMT 3:00] Running from: C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Työpöytä\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . (((((((((((((((((((((((((((((((((((((( Muut poistot )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Hannu\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML . ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-03-22 to 2008-04-22 ))))))))))))))))) . 2008-04-22 15:23 . 2008-04-22 15:23 1,024 --ah----- C:\Documents and Settings\Default User.WINDOWS\ntuser.dat.LOG 2008-04-21 17:36 . 2008-04-21 17:36 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-04-21 17:36 . 2008-04-21 17:36 <KANSIO> d-------- C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Application Data\Malwarebytes 2008-04-21 17:36 . 2008-04-21 17:36 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes 2008-04-21 17:00 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-04-20 18:07 . 2008-04-20 18:07 <KANSIO> d-------- C:\Program Files\Trend Micro 2008-04-20 13:27 . 2008-04-20 13:27 <KANSIO> d-------- C:\Documents and Settings\Kirsi ja Hannu\Application Data\PC Suite 2008-04-19 18:19 . 2008-04-19 18:19 <KANSIO> d-------- C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Application Data\Nokia Multimedia Player 2008-04-19 17:58 . 2008-04-19 17:58 39,565 --a------ C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Application Data\NMM-MetaData.db 2008-04-19 17:47 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys 2008-04-19 17:47 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys 2008-04-19 17:47 . 2008-04-19 17:47 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-04-19 17:47 . 2008-04-19 17:47 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-04-19 17:45 . 2008-04-19 17:47 <KANSIO> d-------- C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Application Data\PC Suite 2008-04-19 17:45 . 2008-04-19 17:47 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Suite 2008-04-19 17:44 . 2008-04-19 17:58 <KANSIO> d-------- C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Application Data\Nokia 2008-04-19 17:43 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys 2008-04-19 17:42 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll 2008-04-19 17:42 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2008-04-19 17:42 . 2007-11-29 10:32 48,128 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2008-04-19 17:42 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys 2008-04-19 17:42 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys 2008-04-19 17:41 . 2008-04-19 17:41 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Installations 2008-04-14 10:33 . 2008-04-14 10:33 <KANSIO> d-------- C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Application Data\Creative 2008-04-14 01:51 . 2008-04-14 01:51 <KANSIO> d-------- C:\Documents and Settings\Kirsi ja Hannu\Application Data\F-Secure 2008-04-14 01:48 . 2008-04-16 15:15 <KANSIO> dr------- C:\Documents and Settings\Kirsi ja Hannu\Omat tiedostot 2008-04-14 01:47 . 2008-04-11 00:22 <KANSIO> d--h----- C:\Documents and Settings\Kirsi ja Hannu\Verkkoympäristö 2008-04-14 01:47 . 2008-04-10 21:32 <KANSIO> d-------- C:\Documents and Settings\Kirsi ja Hannu\Työpöytä 2008-04-14 01:47 . 2008-04-11 00:22 <KANSIO> d--h----- C:\Documents and Settings\Kirsi ja Hannu\Tulostinympäristö 2008-04-14 01:47 . 2008-04-14 01:48 <KANSIO> dr------- C:\Documents and Settings\Kirsi ja Hannu\Suosikit 2008-04-14 01:47 . 2008-04-10 21:28 <KANSIO> d--h----- C:\Documents and Settings\Kirsi ja Hannu\Mallit 2008-04-14 01:47 . 2008-04-11 00:22 <KANSIO> dr------- C:\Documents and Settings\Kirsi ja Hannu\Käynnistä-valikko 2008-04-14 01:47 . 2008-04-20 05:32 <KANSIO> d-------- C:\Documents and Settings\Kirsi ja Hannu 2008-04-14 01:47 . 2008-04-22 15:35 1,024 --ah----- C:\Documents and Settings\Kirsi ja Hannu\ntuser.dat.LOG 2008-04-12 18:18 . 2005-02-26 08:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll 2008-04-12 15:22 . 2004-09-15 15:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-04-12 11:23 . 2008-04-22 12:36 <KANSIO> d-------- C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Application Data\LimeWire 2008-04-11 19:40 . 2008-04-11 19:40 <KANSIO> d-------- C:\WINDOWS\OEM 2008-04-11 16:30 . 2008-04-11 16:30 0 --a------ C:\WINDOWS\nsreg.dat 2008-04-11 16:11 . 2008-04-11 16:20 <KANSIO> d-------- C:\Documents and Settings\Miia.RUMBIN-7CCF45A5 2008-04-11 12:33 . 2008-03-01 16:01 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-04-11 12:33 . 2007-07-01 06:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-04-11 12:33 . 2007-07-01 06:36 1,011,712 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-04-11 12:33 . 2008-03-01 16:01 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-04-11 12:33 . 2008-03-01 16:01 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-04-11 12:33 . 2008-03-01 16:01 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-04-11 12:33 . 2008-03-01 16:01 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-04-11 12:33 . 2008-03-01 16:01 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-04-11 12:33 . 2008-02-22 13:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-04-11 10:33 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-04-11 10:33 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-04-11 10:33 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-04-11 00:26 . 2004-09-14 19:11 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2008-04-11 00:26 . 2001-08-18 00:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys 2008-04-11 00:26 . 2001-08-18 00:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2008-04-11 00:25 . 2004-09-14 19:12 74,240 --a------ C:\WINDOWS\system32\usbui.dll 2008-04-11 00:25 . 2004-09-14 19:06 57,216 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2008-04-11 00:22 . 2008-04-11 00:22 <KANSIO> d--h----- C:\Documents and Settings\Default User.WINDOWS\Verkkoympäristö 2008-04-11 00:22 . 2008-04-10 21:32 <KANSIO> d-------- C:\Documents and Settings\Default User.WINDOWS\Työpöytä 2008-04-11 00:22 . 2008-04-11 00:22 <KANSIO> d--h----- C:\Documents and Settings\Default User.WINDOWS\Tulostinympäristö 2008-04-11 00:22 . 2008-04-11 00:22 <KANSIO> d-------- C:\Documents and Settings\Default User.WINDOWS\Suosikit 2008-04-11 00:22 . 2008-04-10 21:28 <KANSIO> d--h----- C:\Documents and Settings\Default User.WINDOWS\Mallit 2008-04-11 00:22 . 2008-04-11 00:22 <KANSIO> dr------- C:\Documents and Settings\Default User.WINDOWS\Käynnistä-valikko 2008-04-11 00:22 . 2008-04-21 17:36 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS\Työpöytä 2008-04-11 00:22 . 2008-04-12 18:36 <KANSIO> dr------- C:\Documents and Settings\All Users.WINDOWS\Tiedostot 2008-04-11 00:22 . 2008-04-11 00:22 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS\Suosikit 2008-04-11 00:22 . 2008-04-11 00:22 <KANSIO> d--h----- C:\Documents and Settings\All Users.WINDOWS\Mallit 2008-04-11 00:22 . 2008-04-10 21:58 <KANSIO> dr------- C:\Documents and Settings\All Users.WINDOWS\Käynnistä-valikko 2008-04-11 00:21 . 2008-04-22 15:23 <KANSIO> d--h----- C:\Documents and Settings\Default User.WINDOWS 2008-04-11 00:21 . 2008-04-10 21:30 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS 2008-04-11 00:20 . 2008-04-10 21:35 237 --a------ C:\WINDOWS\system32\$winnt$.inf 2008-04-11 00:00 . 2004-03-09 11:39 8,704 --a------ C:\WINDOWS\system32\vidccleaner.exe 2008-04-10 23:59 . 1998-07-09 20:41 217,088 --a------ C:\WINDOWS\system32\skjpeg40.dll 2008-04-10 23:59 . 1998-03-04 11:40 83,968 --a------ C:\WINDOWS\system32\Skbase40.dll 2008-04-10 23:58 . 2008-04-10 23:58 <KANSIO> d-------- C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Application Data\InstallShield 2008-04-10 23:57 . 2008-04-10 23:57 <KANSIO> d-------- C:\Program Files\Xvid 2008-04-10 23:57 . 2006-11-01 15:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll 2008-04-10 23:57 . 2006-11-01 15:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll 2008-04-10 23:57 . 2006-11-01 16:26 77,824 --a------ C:\WINDOWS\system32\xvid.ax 2008-04-10 23:43 . 2003-06-12 23:25 7,062 --a------ C:\WINDOWS\system32\audiopid.vxd 2008-04-10 23:40 . 2006-04-01 18:16 162,176 -ra------ C:\WINDOWS\system32\drivers\V0260Vid.sys 2008-04-10 23:39 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe 2008-04-10 23:07 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-04-10 23:01 . 2008-04-10 23:42 <KANSIO> d-------- C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Contacts 2008-04-10 22:54 . 2008-04-10 22:54 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller 2008-04-10 22:52 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll 2008-04-10 22:52 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2008-04-10 22:52 . 2007-07-30 19:18 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2008-04-10 22:52 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-04-10 22:52 . 2007-07-30 19:18 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2008-04-10 22:36 . 2008-04-10 22:36 <KANSIO> d--hs---- C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\UserData 2008-04-10 22:28 . 2008-04-20 22:51 <KANSIO> d-------- C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Application Data\F-Secure 2008-04-10 22:20 . 2008-04-10 22:38 51,072 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys 2008-04-10 22:20 . 2008-04-10 22:38 30,016 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys 2008-04-10 22:19 . 2008-04-11 10:30 <KANSIO> d-------- C:\Program Files\PC Protection Plus 2008-04-10 22:19 . 2008-04-10 22:19 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure 2008-04-10 22:18 . 2008-04-10 22:18 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\fssg 2008-04-10 22:12 . 2008-04-10 22:12 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\nView_Profiles 2008-04-10 22:00 . 2005-06-30 09:27 100,992 -ra------ C:\WINDOWS\system32\drivers\nvtcp.sys 2008-04-10 21:57 . 2002-11-21 10:57 204,800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll 2008-04-10 21:57 . 2002-11-21 10:57 200,704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll 2008-04-10 21:57 . 2002-11-21 10:57 192,512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll 2008-04-10 21:57 . 2002-11-21 10:57 192,512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll 2008-04-10 21:57 . 2002-11-21 10:57 188,416 --a------ C:\WINDOWS\system32\IVIresizePX.dll 2008-04-10 21:57 . 2002-11-21 10:57 20,480 --a------ C:\WINDOWS\system32\IVIresize.dll 2008-04-10 21:56 . 2008-04-10 21:56 <KANSIO> d-------- C:\Program Files\NVIDIA Corporation 2008-04-10 21:56 . 2008-04-10 21:56 1,024 --a------ C:\.rnd 2008-04-10 21:56 . 2008-04-10 21:56 22 --a------ C:\WINDOWS\FileName 2008-04-10 21:54 . 2005-09-28 11:10 16,359,522 -ra------ C:\WINDOWS\0.swf 2008-04-10 21:54 . 2005-04-12 16:45 656,896 -ra------ C:\WINDOWS\fsc-scr.scr 2008-04-10 21:54 . 2005-09-28 11:14 180 -ra------ C:\WINDOWS\Option.ini 2008-04-10 21:51 . 2006-06-14 12:00 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys 2008-04-10 21:51 . 2006-06-14 12:00 82,944 --a--c--- C:\WINDOWS\system32\dllcache\wdmaud.sys 2008-04-10 21:51 . 2004-08-03 23:07 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys 2008-04-10 21:51 . 2004-08-03 23:07 52,864 --a--c--- C:\WINDOWS\system32\dllcache\dmusic.sys 2008-04-10 21:51 . 2008-04-10 21:51 16,151 --a------ C:\WINDOWS\wizard.log_20080410_22_01_34 2008-04-10 21:51 . 2006-06-14 11:47 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2008-04-10 21:51 . 2006-06-14 11:47 6,400 --a--c--- C:\WINDOWS\system32\dllcache\splitter.sys 2008-04-10 21:49 . 2005-06-30 09:27 283,136 -ra------ C:\WINDOWS\system32\drivers\nvnrm.sys 2008-04-10 21:48 . 2005-11-22 16:38 18,776,064 -ra------ C:\WINDOWS\system32\ALSNDMGR.CPL 2008-04-10 21:40 . 2008-04-11 00:22 <KANSIO> d--h----- C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Verkkoympäristö 2008-04-10 21:40 . 2008-04-22 15:09 <KANSIO> d-------- C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Työpöytä 2008-04-10 21:40 . 2008-04-11 00:22 <KANSIO> d--h----- C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Tulostinympäristö 2008-04-10 21:40 . 2008-04-11 15:11 <KANSIO> dr------- C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Suosikit 2008-04-10 21:40 . 2008-04-17 15:30 <KANSIO> dr------- C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Omat tiedostot . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-21 14:00 --------- d-----w C:\Program Files\Java 2008-04-19 14:43 --------- d-----w C:\Program Files\PC Connectivity Solution 2008-04-19 14:43 --------- d-----w C:\Program Files\DIFX 2008-04-17 16:55 --------- d-----w C:\Program Files\EA GAMES 2008-04-12 14:18 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-04-12 10:58 --------- d-----w C:\Program Files\LimeWire 2008-04-10 20:04 --------- d-----w C:\Program Files\Google 2008-04-10 18:57 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-10 18:57 --------- d-----w C:\Program Files\InterVideo 2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-18 21:41 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-03-18 12:44 --------- d-----w C:\Program Files\Morpheus 2008-03-18 08:10 --------- d-----w C:\Program Files\PC Protection 2008-03-06 08:14 831,048 ----a-w C:\WINDOWS\system32\WudfUpdate_01005.dll 2008-03-01 19:15 --------- d-----w C:\Documents and Settings\Hannu\Application Data\Winamp 2008-03-01 19:06 --------- d--h--r C:\Documents and Settings\Hannu\Application Data\SecuROM 2008-03-01 13:01 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-27 22:47 --------- d-----w C:\Program Files\Windows Live 2008-02-25 09:49 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-23 22:24 --------- d-----w C:\Program Files\SopCast 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-01 08:17 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR . (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-30 18:10 68856] "Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CamTray.exe" [2005-10-27 13:00 299008] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896] "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-03-28 11:20 1079296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-01 15:02 7311360] "nwiz"="nwiz.exe" [2005-12-01 15:02 1519616 C:\WINDOWS\system32\nwiz.exe] "nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-07-18 17:08 270336] "SoundMan"="SOUNDMAN.EXE" [2005-11-11 16:07 90112 C:\WINDOWS\SOUNDMAN.EXE] "F-Secure Manager"="C:\Program Files\PC Protection Plus\Common\FSM32.exe" [2007-04-26 20:12 183208] "F-Secure TNB"="C:\Program Files\PC Protection Plus\FSGUI\TNBUtil.exe" [2007-04-26 20:10 740208] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-04-10 22:38] R0 nvata;nvata;C:\WINDOWS\system32\DRIVERS\nvata.sys [2005-08-18 18:52] R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\PC Protection Plus\HIPS\fshs.sys [2008-04-10 22:35] R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM);C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2005-07-18 17:06] R2 ForcewareWebInterface;Forceware Web Interface;"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice [] R2 FSMA;F-Secure Management Agent;"C:\Program Files\PC Protection Plus\Common\FSMA32.EXE" [2007-04-26 20:12] R2 nSvcIp;ForceWare IP service;C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2005-07-18 17:03] R2 nSvcLog;ForceWare user log service;C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2005-07-18 17:03] R2 NVSvc;NVIDIA Display Driver Service;C:\WINDOWS\system32\nvsvc32.exe [2005-12-01 15:02] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\PC Protection Plus\Anti-Virus\minifilter\fsgk.sys [2007-04-26 20:07] R3 FSAUA;F-Secure Automatic Update Agent;"C:\Program Files\PC Protection Plus\FSAUA\program\fsaua.exe" [2007-04-26 20:05] R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon;"C:\Program Files\PC Protection Plus\FWES\Program\fsdfwd.exe" [2007-04-26 20:09] R3 ServiceLayer;ServiceLayer;"C:\Program Files\PC Connectivity Solution\ServiceLayer.exe" [2008-04-07 09:17] R3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-04-01 18:16] S3 NdisIP;Microsoft TV/Video Connection;C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 23:10] S3 nmwcd;Nokia USB Phone Parent;C:\WINDOWS\system32\drivers\ccdcmb.sys [2007-11-29 10:39] S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53] S3 SLIP;BDA Slip De-Framer;C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 23:10] S3 upperdev;upperdev;C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 10:39] S3 usbser;USB Modem Driver;C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-03 23:08] S3 Wdf01000;Wdf01000;C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 07:22] S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\PC Protection Plus\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 20:08] S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\PC Protection Plus\Anti-Virus\Win2K\FSrec.sys [2007-04-26 20:08] *Newly Created Service* - CATCHME . 'Ajoitetut tehtävät'-kansion sisältö "2008-04-22 09:24:07 C:\WINDOWS\Tasks\Scheduled scanning task.job" - C:\PROGRA~1\PCPROT~2\ANTI-V~1\fsav.exeQ /HARD /POLICY /SCHED /NOBREAK /REPORT=C:\PROGRA~1\PCPROT~2\ANTI-V~1\report.txt "2008-04-22 12:31:03 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-22 15:36:24 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 3 ************************************************************************** . Completion time: 2008-04-22 15:37:58 ComboFix-quarantined-files.txt 2008-04-22 12:37:54 Pre-Run: 197,701,877,760 tavua vapaana Post-Run: 198,870,233,088 tavua vapaana 243 --- E O F --- 2008-04-13 16:27:25
Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-22 16:57:06 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 3 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000" Remaining Files : File Backups: - C:\DOCUME~1\MILLA~2.RUM\TYPYT~1\SDFix\backups\backups.zip Files with Hidden Attributes : Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" Sun 27 Aug 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Sat 23 Feb 2008 196 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti72.tmp" Fri 16 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp" Sat 12 Apr 2008 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv01.tmp" Fri 11 Apr 2008 14,736,928 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b7e6c7771d289926881287eb0ecc2a85\BITA9.tmp" Sun 27 Aug 2006 4,348 ...H. --- "C:\Documents and Settings\Milla\Omat tiedostot\Omat musiikkitiedostot\K„ytt”oikeuden varmuuskopio\drmv1key.bak" Wed 10 Jan 2007 20 A..H. --- "C:\Documents and Settings\Milla\Omat tiedostot\Omat musiikkitiedostot\K„ytt”oikeuden varmuuskopio\drmv1lic.bak" Sun 27 Aug 2006 400 A.SH. --- "C:\Documents and Settings\Milla\Omat tiedostot\Omat musiikkitiedostot\K„ytt”oikeuden varmuuskopio\drmv2key.bak" Finished! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:06:34, on 22.4.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\PC Protection Plus\Anti-Virus\fsgk32st.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\PC Protection Plus\Anti-Virus\FSGK32.EXE C:\Program Files\PC Protection Plus\Common\FSMA32.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\PC Protection Plus\Common\FSMB32.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\Program Files\PC Protection Plus\Common\FCH32.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\PC Protection Plus\Common\FAMEH32.EXE C:\Program Files\PC Protection Plus\Anti-Virus\fsqh.exe C:\Program Files\PC Protection Plus\FSPC\fspc.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\PC Protection Plus\FSAUA\program\fsaua.exe C:\Program Files\PC Protection Plus\Anti-Virus\fssm32.exe C:\Program Files\PC Protection Plus\FWES\Program\fsdfwd.exe C:\Program Files\PC Protection Plus\FSAUA\program\fsus.exe C:\Program Files\PC Protection Plus\Anti-Virus\fsav32.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\PC Protection Plus\Common\FSM32.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Creative\Shared Files\CamTray.exe C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe C:\Program Files\PC Protection Plus\FSGUI\fsguidll.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PC Protection Plus\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PC Protection Plus\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe" O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Protection Plus\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection Plus\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection Plus\FSPC\fspcmsie.dll O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1207856991359 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PC Protection Plus\Anti-Virus\fsgk32st.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\PC Protection Plus\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PC Protection Plus\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\PC Protection Plus\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 9550 bytes F-secure sanoo edelleen, että samat kolme virusta on koneella.
Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-22 16:57:06 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 3 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000" Remaining Files : File Backups: - C:\DOCUME~1\MILLA~2.RUM\TYPYT~1\SDFix\backups\backups.zip Files with Hidden Attributes : Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" Sun 27 Aug 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Sat 23 Feb 2008 196 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti72.tmp" Fri 16 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp" Sat 12 Apr 2008 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv01.tmp" Fri 11 Apr 2008 14,736,928 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b7e6c7771d289926881287eb0ecc2a85\BITA9.tmp" Sun 27 Aug 2006 4,348 ...H. --- "C:\Documents and Settings\Milla\Omat tiedostot\Omat musiikkitiedostot\K„ytt”oikeuden varmuuskopio\drmv1key.bak" Wed 10 Jan 2007 20 A..H. --- "C:\Documents and Settings\Milla\Omat tiedostot\Omat musiikkitiedostot\K„ytt”oikeuden varmuuskopio\drmv1lic.bak" Sun 27 Aug 2006 400 A.SH. --- "C:\Documents and Settings\Milla\Omat tiedostot\Omat musiikkitiedostot\K„ytt”oikeuden varmuuskopio\drmv2key.bak" Finished! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:06:34, on 22.4.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\PC Protection Plus\Anti-Virus\fsgk32st.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\PC Protection Plus\Anti-Virus\FSGK32.EXE C:\Program Files\PC Protection Plus\Common\FSMA32.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\PC Protection Plus\Common\FSMB32.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\Program Files\PC Protection Plus\Common\FCH32.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\PC Protection Plus\Common\FAMEH32.EXE C:\Program Files\PC Protection Plus\Anti-Virus\fsqh.exe C:\Program Files\PC Protection Plus\FSPC\fspc.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\PC Protection Plus\FSAUA\program\fsaua.exe C:\Program Files\PC Protection Plus\Anti-Virus\fssm32.exe C:\Program Files\PC Protection Plus\FWES\Program\fsdfwd.exe C:\Program Files\PC Protection Plus\FSAUA\program\fsus.exe C:\Program Files\PC Protection Plus\Anti-Virus\fsav32.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\PC Protection Plus\Common\FSM32.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Creative\Shared Files\CamTray.exe C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe C:\Program Files\PC Protection Plus\FSGUI\fsguidll.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PC Protection Plus\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PC Protection Plus\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe" O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Protection Plus\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection Plus\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection Plus\FSPC\fspcmsie.dll O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1207856991359 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PC Protection Plus\Anti-Virus\fsgk32st.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\PC Protection Plus\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PC Protection Plus\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\PC Protection Plus\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 9550 bytes F-secure sanoo edelleen, että samat kolme virusta on koneella.
Lataa Deckard's System Scanner Työpöydällesi. Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman. [*]Sulje kaikki avoimet ikkunat ja ohjelmat. [*]Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita. [*]Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt [*]Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V ) [*]kopioi ja liitä main.txt ja extra.txt sisältö seuraavaan vastaukseesi.
Deckard's System Scanner v20071014.68 Run by Milla on 2008-04-22 17:29:04 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 11: 2008-04-22 14:29:08 UTC - RP48 - Deckard's System Scanner Restore Point 10: 2008-04-22 12:22:56 UTC - RP47 - ComboFix created restore point 9: 2008-04-21 13:57:41 UTC - RP46 - Installed Java(TM) 6 Update 5 8: 2008-04-21 13:45:46 UTC - RP45 - Removed Java(TM) 6 Update 5 7: 2008-04-21 13:43:38 UTC - RP44 - Removed Java(TM) 6 Update 4 -- First Restore Point -- 1: 2008-04-20 08:39:35 UTC - RP38 - Järjestelmän tarkistuspiste Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Milla.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:29:33, on 22.4.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\PC Protection Plus\Anti-Virus\fsgk32st.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\PC Protection Plus\Anti-Virus\FSGK32.EXE C:\Program Files\PC Protection Plus\Common\FSMA32.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\PC Protection Plus\Common\FSMB32.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\Program Files\PC Protection Plus\Common\FCH32.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\PC Protection Plus\Common\FAMEH32.EXE C:\Program Files\PC Protection Plus\Anti-Virus\fsqh.exe C:\Program Files\PC Protection Plus\FSPC\fspc.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\PC Protection Plus\FSAUA\program\fsaua.exe C:\Program Files\PC Protection Plus\Anti-Virus\fssm32.exe C:\Program Files\PC Protection Plus\FWES\Program\fsdfwd.exe C:\Program Files\PC Protection Plus\FSAUA\program\fsus.exe C:\Program Files\PC Protection Plus\Anti-Virus\fsav32.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\PC Protection Plus\Common\FSM32.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Creative\Shared Files\CamTray.exe C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe C:\Program Files\PC Protection Plus\FSGUI\fsguidll.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Työpöytä\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Milla.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PC Protection Plus\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PC Protection Plus\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe" O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Protection Plus\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection Plus\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection Plus\FSPC\fspcmsie.dll O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1207856991359 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PC Protection Plus\Anti-Virus\fsgk32st.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\PC Protection Plus\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PC Protection Plus\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\PC Protection Plus\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 9498 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 FSFW (F-Secure Firewall Driver) - c:\windows\system32\drivers\fsdfw.sys <Not Verified; F-Secure Corporation; F-Secure Internet Shield> R1 F-Secure HIPS - c:\program files\pc protection plus\hips\fshs.sys R3 catchme - c:\docume~1\milla~2.rum\locals~1\temp\catchme.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 ForceWare Intelligent Application Manager (IAM) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcappflt.exe <Not Verified; ; app_filter Module> R2 ForcewareWebInterface (Forceware Web Interface) - "c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server> R2 nSvcIp (ForceWare IP service) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcip.exe <Not Verified; NVIDIA; NVIDIA nSvcIp> R2 nSvcLog (ForceWare user log service) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvclog.exe <Not Verified; NVIDIA; NVIDIA nSvcLog> R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A} Description: Nokia 6080 Device ID: ROOT\WPD\0000 Manufacturer: Nokia Name: Nokia 6080 PNP Device ID: ROOT\WPD\0000 Service: WUDFRd -- Scheduled Tasks ------------------------------------------------------------- 2008-04-22 15:31:03 254 --a------ C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job 2008-04-22 12:24:07 550 --a------ C:\WINDOWS\Tasks\Scheduled scanning task.job -- Files created between 2008-03-22 and 2008-04-22 ----------------------------- 2008-04-22 16:33:09 0 d-------- C:\WINDOWS\ERUNT 2008-04-22 16:29:23 0 d-------- C:\WINDOWS\pss 2008-04-22 15:12:04 68096 --a------ C:\WINDOWS\zip.exe 2008-04-22 15:12:04 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor> 2008-04-22 15:12:03 98816 --a------ C:\WINDOWS\sed.exe 2008-04-22 15:12:03 80412 --a------ C:\WINDOWS\grep.exe 2008-04-22 15:12:02 49152 --a------ C:\WINDOWS\VFind.exe 2008-04-22 15:12:02 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-04-22 15:12:01 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists> 2008-04-22 15:12:01 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller> 2008-04-21 17:36:27 0 d-------- C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Application Data\Malwarebytes 2008-04-21 17:36:15 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes 2008-04-21 17:36:09 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-04-20 18:07:48 0 d-------- C:\Program Files\Trend Micro 2008-04-20 14:13:34 0 d-------- C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Application Data\Sun 2008-04-20 13:27:52 0 d-------- C:\Documents and Settings\Kirsi ja Hannu\Application Data\PC Suite 2008-04-19 18:19:28 0 d-------- C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Application Data\Nokia Multimedia Player 2008-04-19 17:45:34 0 d-------- C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Application Data\PC Suite 2008-04-19 17:45:33 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Suite 2008-04-19 17:44:31 0 d-------- C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Application Data\Nokia 2008-04-19 17:41:35 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Installations 2008-04-14 10:33:02 0 d-------- C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Application Data\Creative 2008-04-14 02:02:30 0 d-------- C:\Documents and Settings\Kirsi ja Hannu\Application Data\Macromedia 2008-04-14 02:02:30 0 d-------- C:\Documents and Settings\Kirsi ja Hannu\Application Data\Adobe 2008-04-14 02:00:02 0 d-------- C:\Documents and Settings\Kirsi ja Hannu\Application Data\Mozilla 2008-04-14 01:54:09 0 d-------- C:\Documents and Settings\Kirsi ja Hannu\Application Data\Google 2008-04-14 01:51:39 0 d-------- C:\Documents and Settings\Kirsi ja Hannu\Application Data\F-Secure 2008-04-14 01:48:08 0 d-------- C:\Documents and Settings\Kirsi ja Hannu\Application Data\Identities 2008-04-14 01:48:02 0 dr------- C:\Documents and Settings\Kirsi ja Hannu\Omat tiedostot 2008-04-14 01:47:56 0 d--hs---- C:\Documents and Settings\Kirsi ja Hannu\Cookies 2008-04-14 01:47:56 0 dr-h----- C:\Documents and Settings\Kirsi ja Hannu\Application Data 2008-04-14 01:47:56 0 d---s---- C:\Documents and Settings\Kirsi ja Hannu\Application Data\Microsoft 2008-04-14 01:47:55 0 d--h----- C:\Documents and Settings\Kirsi ja Hannu\Verkkoympäristö 2008-04-14 01:47:55 0 d-------- C:\Documents and Settings\Kirsi ja Hannu\Työpöytä 2008-04-14 01:47:55 0 d--h----- C:\Documents and Settings\Kirsi ja Hannu\Tulostinympäristö 2008-04-14 01:47:55 0 dr------- C:\Documents and Settings\Kirsi ja Hannu\Suosikit 2008-04-14 01:47:55 0 dr-h----- C:\Documents and Settings\Kirsi ja Hannu\SendTo 2008-04-14 01:47:55 0 dr-h----- C:\Documents and Settings\Kirsi ja Hannu\Recent 2008-04-14 01:47:55 1310720 --ah----- C:\Documents and Settings\Kirsi ja Hannu\NTUSER.DAT 2008-04-14 01:47:55 0 d--h----- C:\Documents and Settings\Kirsi ja Hannu\Mallit 2008-04-14 01:47:55 0 d--h----- C:\Documents and Settings\Kirsi ja Hannu\Local Settings 2008-04-14 01:47:55 0 dr------- C:\Documents and Settings\Kirsi ja Hannu\Käynnistä-valikko 2008-04-12 18:18:28 442368 -ra------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6> 2008-04-12 15:19:19 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage 2008-04-12 11:23:53 0 d-------- C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Application Data\LimeWire 2008-04-12 10:29:17 0 d-------- C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Application Data\Adobe 2008-04-12 10:22:19 0 d-------- C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Application Data\Mozilla 2008-04-11 19:40:47 0 d-------- C:\WINDOWS\OEM 2008-04-11 16:30:35 0 --a------ C:\WINDOWS\nsreg.dat 2008-04-11 00:22:11 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\Verkkoympäristö 2008-04-11 00:22:11 0 d-------- C:\Documents and Settings\Default User.WINDOWS\Työpöytä 2008-04-11 00:22:11 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\Tulostinympäristö 2008-04-11 00:22:11 0 d-------- C:\Documents and Settings\Default User.WINDOWS\Suosikit 2008-04-11 00:22:11 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\SendTo 2008-04-11 00:22:11 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\Recent 2008-04-11 00:22:11 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\Mallit 2008-04-11 00:22:11 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\Local Settings 2008-04-11 00:22:11 0 dr------- C:\Documents and Settings\Default User.WINDOWS\Käynnistä-valikko 2008-04-11 00:22:11 0 d---s---- C:\Documents and Settings\Default User.WINDOWS\Cookies 2008-04-11 00:22:11 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Työpöytä 2008-04-11 00:22:11 0 dr------- C:\Documents and Settings\All Users.WINDOWS\Tiedostot 2008-04-11 00:22:11 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Suosikit 2008-04-11 00:22:11 0 d--h----- C:\Documents and Settings\All Users.WINDOWS\Mallit 2008-04-11 00:22:11 0 dr------- C:\Documents and Settings\All Users.WINDOWS\Käynnistä-valikko 2008-04-11 00:21:55 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\Application Data 2008-04-11 00:21:55 0 d---s---- C:\Documents and Settings\Default User.WINDOWS\Application Data\Microsoft 2008-04-11 00:21:54 0 dr-h----- C:\Documents and Settings\All Users.WINDOWS\Application Data 2008-04-11 00:21:54 0 d---s---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft 2008-04-11 00:00:47 8704 --a------ C:\WINDOWS\system32\vidccleaner.exe <Not Verified; ; vidccleaner Application> 2008-04-10 23:59:32 217088 --a------ C:\WINDOWS\system32\skjpeg40.dll <Not Verified; STOIK Software; STOIK Software skjpeg> 2008-04-10 23:59:23 83968 --a------ C:\WINDOWS\system32\Skbase40.dll <Not Verified; STOIK Software Ltd.; STOIK Software Ltd. skbase> 2008-04-10 23:58:43 0 d-------- C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Application Data\InstallShield 2008-04-10 23:57:59 765952 --a------ C:\WINDOWS\system32\xvidcore.dll 2008-04-10 23:57:57 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll 2008-04-10 23:57:57 0 d-------- C:\Program Files\Xvid 2008-04-10 23:41:55 41984 -----n--- C:\WINDOWS\Ctregrun.exe <Not Verified; Creative Technology Ltd; Creative On-line Registration System> 2008-04-10 23:39:27 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller> 2008-04-10 23:04:49 0 d-------- C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Application Data\Google 2008-04-10 23:04:37 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google 2008-04-10 23:01:50 0 d-------- C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Contacts 2008-04-10 22:54:04 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller 2008-04-10 22:36:36 0 d--hs---- C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\UserData 2008-04-10 22:28:52 0 d-------- C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Application Data\F-Secure 2008-04-10 22:20:01 30016 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys <Not Verified; F-Secure Corporation; F-Secure Internet Shield> 2008-04-10 22:20:01 51072 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys <Not Verified; F-Secure Corporation; F-Secure Internet Shield> 2008-04-10 22:19:05 0 d-------- C:\Program Files\PC Protection Plus 2008-04-10 22:19:01 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure 2008-04-10 22:18:51 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\fssg 2008-04-10 22:12:34 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\nView_Profiles 2008-04-10 22:03:31 0 d-------- C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Application Data\Macromedia 2008-04-10 21:59:06 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe 2008-04-10 21:57:19 204800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll 2008-04-10 21:57:19 188416 --a------ C:\WINDOWS\system32\IVIresizePX.dll 2008-04-10 21:57:19 192512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll 2008-04-10 21:57:19 192512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll 2008-04-10 21:57:19 200704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll 2008-04-10 21:57:19 20480 --a------ C:\WINDOWS\system32\IVIresize.dll 2008-04-10 21:56:14 22 --a------ C:\WINDOWS\FileName 2008-04-10 21:56:06 0 d-------- C:\Program Files\NVIDIA Corporation 2008-04-10 21:54:45 656896 -ra------ C:\WINDOWS\fsc-scr.scr <Not Verified; Neoaspire.com; Flash 2 Screensaver> 2008-04-10 21:40:28 0 d-------- C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Application Data\Identities 2008-04-10 21:40:23 0 dr------- C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Omat tiedostot 2008-04-10 21:40:20 0 d--h----- C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Verkkoympäristö 2008-04-10 21:40:20 0 d-------- C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Työpöytä 2008-04-10 21:40:20 0 d--h----- C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Tulostinympäristö 2008-04-10 21:40:20 0 dr------- C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Suosikit 2008-04-10 21:40:20 0 dr-h----- C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\SendTo 2008-04-10 21:40:20 0 dr-h----- C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Recent 2008-04-10 21:40:20 2359296 --ah----- C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\NTUSER.DAT 2008-04-10 21:40:20 0 d--h----- C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Mallit 2008-04-10 21:40:20 0 d--h----- C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Local Settings 2008-04-10 21:40:20 0 dr------- C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Käynnistä-valikko 2008-04-10 21:40:20 0 d--hs---- C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Cookies 2008-04-10 21:40:20 0 d--h----- C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Application Data 2008-04-10 21:36:43 229376 --ah----- C:\Documents and Settings\LocalService.NT-HALLINTA.000\NTUSER.DAT 2008-04-10 21:36:43 0 d--h----- C:\Documents and Settings\LocalService.NT-HALLINTA.000\Local Settings 2008-04-10 21:36:43 0 d--hs---- C:\Documents and Settings\LocalService.NT-HALLINTA.000\Cookies 2008-04-10 21:36:43 0 d-------- C:\Documents and Settings\LocalService.NT-HALLINTA.000\Application Data 2008-04-10 21:36:43 0 d---s---- C:\Documents and Settings\LocalService.NT-HALLINTA.000\Application Data\Microsoft 2008-04-10 21:36:15 229376 --ah----- C:\Documents and Settings\NetworkService.NT-HALLINTA.000\NTUSER.DAT 2008-04-10 21:36:15 0 d--h----- C:\Documents and Settings\NetworkService.NT-HALLINTA.000\Local Settings 2008-04-10 21:36:15 0 d---s---- C:\Documents and Settings\NetworkService.NT-HALLINTA.000\Cookies 2008-04-10 21:36:15 0 d-------- C:\Documents and Settings\NetworkService.NT-HALLINTA.000\Application Data 2008-04-10 21:36:15 0 d---s---- C:\Documents and Settings\NetworkService.NT-HALLINTA.000\Application Data\Microsoft 2008-04-10 21:32:43 229376 ---h----- C:\Documents and Settings\Default User.WINDOWS\NTUSER.DAT 2008-04-10 21:30:14 0 d--hs---- C:\Documents and Settings\All Users.WINDOWS\DRM 2008-04-10 21:28:50 21672 --a------ C:\WINDOWS\system32\emptyregdb.dat 2008-04-10 20:06:47 0 d-------- C:\Documents and Settings\Milla.RUMBIN\Application Data\Identities 2008-04-10 20:06:31 0 dr------- C:\Documents and Settings\Milla.RUMBIN\Omat tiedostot 2008-04-10 20:06:27 0 d--h----- C:\Documents and Settings\Milla.RUMBIN\Verkkoympäristö 2008-04-10 20:06:27 0 d-------- C:\Documents and Settings\Milla.RUMBIN\Työpöytä 2008-04-10 20:06:27 0 d--h----- C:\Documents and Settings\Milla.RUMBIN\Tulostinympäristö 2008-04-10 20:06:27 0 dr------- C:\Documents and Settings\Milla.RUMBIN\Suosikit 2008-04-10 20:06:27 0 dr-h----- C:\Documents and Settings\Milla.RUMBIN\SendTo 2008-04-10 20:06:27 0 dr-h----- C:\Documents and Settings\Milla.RUMBIN\Recent 2008-04-10 20:06:27 786432 --ah----- C:\Documents and Settings\Milla.RUMBIN\NTUSER.DAT 2008-04-10 20:06:27 0 d--h----- C:\Documents and Settings\Milla.RUMBIN\Mallit 2008-04-10 20:06:27 0 d--h----- C:\Documents and Settings\Milla.RUMBIN\Local Settings 2008-04-10 20:06:27 0 dr------- C:\Documents and Settings\Milla.RUMBIN\Käynnistä-valikko 2008-04-10 20:06:27 0 d---s---- C:\Documents and Settings\Milla.RUMBIN\Cookies 2008-04-10 20:06:27 0 dr-h----- C:\Documents and Settings\Milla.RUMBIN\Application Data 2008-04-10 20:06:27 0 d---s---- C:\Documents and Settings\Milla.RUMBIN\Application Data\Microsoft 2008-04-10 20:04:17 233472 --ah----- C:\Documents and Settings\LocalService.NT-HALLINTA\NTUSER.DAT 2008-04-10 20:04:17 0 d--h----- C:\Documents and Settings\LocalService.NT-HALLINTA\Local Settings 2008-04-10 20:04:17 0 d---s---- C:\Documents and Settings\LocalService.NT-HALLINTA\Cookies 2008-04-10 20:04:17 0 d-------- C:\Documents and Settings\LocalService.NT-HALLINTA\Application Data 2008-04-10 20:04:17 0 d---s---- C:\Documents and Settings\LocalService.NT-HALLINTA\Application Data\Microsoft 2008-04-10 20:03:54 233472 --ah----- C:\Documents and Settings\NetworkService.NT-HALLINTA\NTUSER.DAT 2008-04-10 20:03:54 0 d--h----- C:\Documents and Settings\NetworkService.NT-HALLINTA\Local Settings 2008-04-10 20:03:54 0 d---s---- C:\Documents and Settings\NetworkService.NT-HALLINTA\Cookies 2008-04-10 20:03:54 0 d-------- C:\Documents and Settings\NetworkService.NT-HALLINTA\Application Data 2008-04-10 20:03:54 0 d---s---- C:\Documents and Settings\NetworkService.NT-HALLINTA\Application Data\Microsoft 2008-04-10 19:58:00 0 d-------- C:\WINDOWS\fsc 2008-04-10 19:57:56 0 d-------- C:\AddOn -- Find3M Report --------------------------------------------------------------- 2008-04-22 16:56:57 388270 --a------ C:\WINDOWS\system32\perfh00B.dat 2008-04-22 16:56:57 80612 --a------ C:\WINDOWS\system32\perfc00B.dat 2008-04-21 17:00:42 0 d-------- C:\Program Files\Java 2008-04-19 17:58:09 39565 --a------ C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Application Data\NMM-MetaData.db 2008-04-19 17:43:15 0 d-------- C:\Program Files\DIFX 2008-04-19 17:43:06 0 d-------- C:\Program Files\PC Connectivity Solution 2008-04-17 19:55:46 0 d-------- C:\Program Files\EA GAMES 2008-04-12 17:18:54 0 d-------- C:\Program Files\Windows Live Safety Center 2008-04-12 13:58:12 0 d-------- C:\Program Files\LimeWire 2008-04-11 15:28:28 0 d-------- C:\Program Files\Messenger 2008-04-11 00:22:11 62 --ahs---- C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Application Data\desktop.ini 2008-04-10 23:04:40 0 d-------- C:\Program Files\Google 2008-04-10 21:57:15 0 d-------- C:\Program Files\InterVideo 2008-04-10 21:57:14 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-03-18 16:25:07 0 d-------- C:\Program Files\Common Files 2008-03-18 15:44:51 0 d-------- C:\Program Files\Morpheus 2008-03-18 11:10:35 0 d-------- C:\Program Files\PC Protection 2008-02-28 01:47:22 0 d-------- C:\Program Files\Windows Live 2008-02-25 12:49:22 0 d-------- C:\Program Files\Common Files\Adobe 2008-02-24 01:24:31 0 d-------- C:\Program Files\SopCast 2008-02-01 11:17:36 586752 --a------ C:\WINDOWS\WLXPGSS.SCR <Not Verified; Microsoft Corporation; Windows Liven valokuvavalikoima> -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [01.12.2005 15:02] "nwiz"="nwiz.exe" [01.12.2005 15:02 C:\WINDOWS\system32\nwiz.exe] "nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [18.07.2005 17:08] "SoundMan"="SOUNDMAN.EXE" [11.11.2005 16:07 C:\WINDOWS\SOUNDMAN.EXE] "F-Secure Manager"="C:\Program Files\PC Protection Plus\Common\FSM32.exe" [26.04.2007 20:12] "F-Secure TNB"="C:\Program Files\PC Protection Plus\FSGUI\TNBUtil.exe" [26.04.2007 20:10] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22.02.2008 04:25] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [15.09.2004 15:00] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18.10.2007 12:34] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [30.01.2008 18:10] "Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CamTray.exe" [27.10.2005 13:00] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [26.03.2008 18:41] "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [28.03.2008 11:20] C:\Documents and Settings\All Users.WINDOWS\K„ynnist„-valikko\Ohjelmat\K„ynnistys\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23.9.2005 22:05:26] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=1 (0x1) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=1 (0x1) "HideStartupScripts"=0 (0x0) -- End of Deckard's System Scanner: finished at 2008-04-22 17:30:48 ------------ Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: Other (040B) - see http://preview.tinyurl.com/mhhp6 CPU 0: AMD Sempron(tm) Processor 3200+ Percentage of Memory in Use: 48% Physical Memory (total/avail): 1023.48 MiB / 528.81 MiB Pagefile Memory (total/avail): 2461.99 MiB / 2007.91 MiB Virtual Memory (total/avail): 2047.88 MiB / 1872.56 MiB C: is Fixed (NTFS) - 232.88 GiB total, 188.92 GiB free. D: is CDROM (No Media) E: is Removable (No Media) F: is Removable (No Media) G: is Removable (No Media) H: is Removable (No Media) I: is Removable (No Media) \\.\PHYSICALDRIVE0 - ST3250823AS - 232.88 GiB - 1 partition \PARTITION0 (bootable) - Asennettava tiedostojärjestelmä - 232.88 GiB - C: \\.\PHYSICALDRIVE1 - Generic STORAGE DEVICE USB Device \\.\PHYSICALDRIVE2 - Generic STORAGE DEVICE USB Device \\.\PHYSICALDRIVE3 - Generic STORAGE DEVICE USB Device \\.\PHYSICALDRIVE4 - Generic STORAGE DEVICE USB Device \\.\PHYSICALDRIVE5 - Generic STORAGE DEVICE USB Device -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is disabled. FirstRunDisabled is set. FW: F-Secure PC Protection Plus 7.00 v7.00 (F-Secure Corporation) FW: NVIDIA Firewall v1.0 (NVIDIA Corporation) AV: F-Secure PC Protection Plus 7.00 v7.00 (F-Secure Corporation) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS APPDATA=C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Application Data CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=RUMBIN-7CCF45A5 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Milla.RUMBIN-7CCF45A5 LOGONSERVER=\\RUMBIN-7CCF45A5 NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\PC Connectivity Solution PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 2, AuthenticAMD PROCESSOR_LEVEL=15 PROCESSOR_REVISION=2f02 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\MILLA~2.RUM\LOCALS~1\Temp TMP=C:\DOCUME~1\MILLA~2.RUM\LOCALS~1\Temp USERDOMAIN=RUMBIN-7CCF45A5 USERNAME=Milla USERPROFILE=C:\Documents and Settings\Milla.RUMBIN-7CCF45A5 windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Milla.RUMBIN-7CCF45A5 (admin) Miia.RUMBIN-7CCF45A5 (admin) Kirsi ja Hannu -- Add/Remove Programs --------------------------------------------------------- --> "C:\Program Files\PC Protection Plus\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner" --> "C:\Program Files\PC Protection Plus\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware" --> "C:\Program Files\PC Protection Plus\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer" --> "C:\Program Files\PC Protection Plus\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus" --> "C:\Program Files\PC Protection Plus\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent" --> "C:\Program Files\PC Protection Plus\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS" --> "C:\Program Files\PC Protection Plus\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics" --> "C:\Program Files\PC Protection Plus\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning" --> "C:\Program Files\PC Protection Plus\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES" --> "C:\Program Files\PC Protection Plus\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface" --> "C:\Program Files\PC Protection Plus\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini" --> "C:\Program Files\PC Protection Plus\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI" --> "C:\Program Files\PC Protection Plus\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help" --> "C:\Program Files\PC Protection Plus\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS" --> "C:\Program Files\PC Protection Plus\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield" --> "C:\Program Files\PC Protection Plus\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API" --> "C:\Program Files\PC Protection Plus\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent" --> "C:\Program Files\PC Protection Plus\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine" --> "C:\Program Files\PC Protection Plus\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner" --> "C:\Program Files\PC Protection Plus\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control" --> "C:\Program Files\PC Protection Plus\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner" --> "C:\Program Files\PC Protection Plus\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB" --> "C:\Program Files\PC Protection Plus\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall" --> "C:\Program Files\PC Protection Plus\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Web Filter" --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EAF97B2C-0B9B-403C-829C-EF8099237DA9}\setup.exe" -l0x9 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 7.0.5 - Suomi --> MsiExec.exe /I{AC76BA86-7AD7-1035-7B44-A70500000002} Automaattiset valikot (Windows Live Toolbar) --> MsiExec.exe /X{B01DC672-EA23-4FF8-BA22-F622AAF00EAD} Creative Live! Cam Vista IM Driver (1.00.07.0401) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0260.uns -unsext NT -plugin V0260Pin.dll -pluginres CtCamPin.crl Creative Live! Cam Vista IM User's Guide (English) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Creative Live! Cam Vista IM\Creative Live! Cam Vista IM User's Guide\English\CTManual.isu" Creative Software AutoUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove Creative WebCam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9 /remove F-Secure PC Protection Plus --> "C:\Program Files\PC Protection Plus\FSGUI\PostInstall.exe" /tUnInstall Get Yahoo! Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EAF97B2C-0B9B-403C-829C-EF8099237DA9}\setup.exe" -l0x9 /remove Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll" High Definition Audio Driver Package - KB888111 --> HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix-päivitys Windows XP:lle (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe" Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Korostuksen katselu (Windows Live Toolbar) --> MsiExec.exe /X{90E65178-09D9-44DB-9506-361FD59B731B} LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe" Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46} Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe" Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe" Mozilla Firefox (2.0.0.14) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe MSVC80_x86 --> MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27} Nokia Connectivity Cable Driver --> MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1} Nokia PC Suite --> C:\Documents and Settings\All Users.WINDOWS\Application Data\Installations\{0FC76B71-2534-4354-B255-3468578E3F47}\Nokia_PC_Suite_rel_6_86_9_0_fin_web.exe Nokia PC Suite --> MsiExec.exe /I{0FC76B71-2534-4354-B255-3468578E3F47} NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI NVIDIA ForceWare Network Access Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033 PC Connectivity Solution --> MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930} Päivitys Windows XP:lle (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe" Realtek AC'97 Audio --> Alcrmv.exe -r -m Samsung Master --> C:\Program Files\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\Setup.exe -runfromtemp -l0x0009 -removeonly Samsung USB Driver --> "C:\Program Files\InstallShield Installation Information\{713E5AB1-2389-43A6-8313-CB4D3C44C4FA}\Setup.exe" -runfromtemp -l0x0009 anything -removeonly Suojauspäivitys ohjelmistolle Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe" The Sims 2 --> C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe The Sims 2 - Kauppa auki --> C:\Program Files\EA GAMES\The Sims 2 - Kauppa auki\EAUninstall.exe Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Live installer --> MsiExec.exe /X{5C29C5F5-A9C9-4E89-A606-13E165E7C55F} Windows Live Messenger --> MsiExec.exe /X{A9174A72-1B46-445B-B3CF-90ED2C63D83B} Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {3D24EE33-20D9-44A8-BFEE-5EEBC812E715} Windows Live Toolbar --> MsiExec.exe /X{3D24EE33-20D9-44A8-BFEE-5EEBC812E715} Windows Live Toolbarin laajennus (Windows Live Toolbar) --> MsiExec.exe /X{E3D1082C-6A34-46BC-88AD-2775C8035FB5} Windows Live Writer --> MsiExec.exe /X{126DA380-B8CF-4536-936A-6AF6386C99BA} Windows Liven kirjautumisavustaja --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986} Windows Liven valokuvavalikoima --> MsiExec.exe /X{A70186F8-F355-42A2-89B9-2C89B36E650E} Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windowsin ohjainpaketti - Nokia Modem (03/05/2008 3.7) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_635B28EFCFA9395123BB1C251595CB16129E2560\nokia_bluetooth.inf Windowsin ohjainpaketti - Nokia Modem (03/13/2008 6.86.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_28F2EAC406838DA65AFF6C6886FE9FE96AEF5186\nokbtmdm.inf Windowsin ohjainpaketti - Nokia pccsmcfd (10/12/2007 6.85.4.0) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf Xvid 1.1.2 final uninstall --> "C:\Program Files\Xvid\unins000.exe" -- Application Event Log ------------------------------------------------------- Event Record #/Type821 / Error Event Submitted/Written: 04/22/2008 05:21:43 PM Event ID/Source: 103 / F-Secure Anti-Virus Event Description: 4 2008-04-22 17:21:43+03:00 rumbin-7ccf45a5 RUMBIN-7CCF45A5\Milla F-Secure Anti-Virus Manual scanning was finished - workstation was found infected! Event Record #/Type820 / Error Event Submitted/Written: 04/22/2008 05:20:31 PM Event ID/Source: 103 / F-Secure Anti-Virus Event Description: 3 2008-04-22 17:20:31+03:00 rumbin-7ccf45a5 RUMBIN-7CCF45A5\Milla F-Secure Anti-Virus Manual scanning was finished - workstation was found infected! Event Record #/Type819 / Error Event Submitted/Written: 04/22/2008 05:07:33 PM Event ID/Source: 103 / F-Secure Anti-Virus Event Description: 2 2008-04-22 17:07:33+03:00 rumbin-7ccf45a5 RUMBIN-7CCF45A5\Milla F-Secure Anti-Virus Manual scanning was finished - workstation was found infected! Event Record #/Type818 / Error Event Submitted/Written: 04/22/2008 05:03:38 PM Event ID/Source: 103 / F-Secure Anti-Virus Event Description: 1 2008-04-22 17:03:38+03:00 rumbin-7ccf45a5 RUMBIN-7CCF45A5\Milla F-Secure Anti-Virus Manual scanning was finished - workstation was found infected! Event Record #/Type815 / Success Event Submitted/Written: 04/22/2008 05:03:00 PM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type3101 / Error Event Submitted/Written: 04/22/2008 05:01:42 PM Event ID/Source: 59 / SideBySide Event Description: Generate Activation Context epäonnistui. Syy: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL. Viitteen virhesanoma: Toiminto on suoritettu. . Event Record #/Type3100 / Error Event Submitted/Written: 04/22/2008 05:01:42 PM Event ID/Source: 59 / SideBySide Event Description: Resolve Partial Assembly epäonnistui. Syy: Microsoft.VC80.MFCLOC. Viitteen virhesanoma: Mainittua kokoonpanon osaa ei ole asennettu järjestelmään. . Event Record #/Type3099 / Error Event Submitted/Written: 04/22/2008 05:01:42 PM Event ID/Source: 32 / SideBySide Event Description: Riippuvaista kokoonpanoa Microsoft.VC80.MFCLOC ei löytynyt. Viimeinen virhe oli Mainittua kokoonpanon osaa ei ole asennettu järjestelmään. Event Record #/Type3068 / Error Event Submitted/Written: 04/22/2008 04:53:59 PM Event ID/Source: 10005 / DCOM Event Description: DCOM vastaanotti virheen "%%1084" yrittäessään käynnistää palvelun EventSystem argumenteilla "" suorittaakseen palvelinosan: {1BE1F766-5536-11D1-B726-00C04FB926AF} Event Record #/Type3067 / Error Event Submitted/Written: 04/22/2008 04:53:32 PM Event ID/Source: 7026 / Service Control Manager Event Description: Seuraava käynnistys- tai järjestelmäkäynnistysohjain ei latautunut: AFD AmdK8 Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL -- End of Deckard's System Scanner: finished at 2008-04-22 17:30:48 ------------
Panda ActiveScan Linkki: http://www.pandasoftware.com/products/activescan.htm • Kun olet Pandan sivulla, klikkaa Scan your PC-painiketta • Uusi ikkuna aukeaa, klikkaa Check Now-painiketta • Valitse maa, Country • Syötä kaupunki, State/Province • Syötä sähköpostiosoitteesi, e-mail address ja klikkaa send-painiketta • Valitse joko kotikäyttäjä Home User tai yritys Company • Klikkaa suurta Scan Now-painiketta • Jos ActiveX-komponentin asentamista kysytään, salli se. • Tarvittavien tiedostojen lataaminen alkaa (Huom: Tämä vaihe voi viedä muutamia minuutteja) • Kun lataukset ovat valmiit, klikkaa Local Disks aloittaaksesi skannauksen • Kun skannaus on valmis, klikkaa See Report-painiketta jos infektioita löytyi. Klikkaa sitten Save Report ja tallenna raportti johonkin sopivaan sijaintiin (esim työpöydälle).
;*********************************************************************************************************************************************************************************** ANALYSIS: 2008-04-23 17:08:56 PROTECTIONS: 1 MALWARE: 92 SUSPECTS: 1 ;*********************************************************************************************************************************************************************************** PROTECTIONS Description Version Active Updated ;=================================================================================================================================================================================== F-Secure PC Protection Plus 7.00 7.00 Yes Yes ;=================================================================================================================================================================================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=================================================================================================================================================================================== 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@CAFUKZJ7.txt 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.casalemedia.com/] 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsi ja Hannu\Application Data\Mozilla\Firefox\Profiles\1raji2jz.default\cookies.txt[.doubleclick.net/] 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Application Data\Mozilla\Firefox\Profiles\b7hgs2tk.default\sessionstore.js[.doubleclick.net/] 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsi ja Hannu\Cookies\kirsi ja hannu@CA4GYQ0X.txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Miia.RUMBIN-7CCF45A5\Application Data\Mozilla\Firefox\Profiles\e2nvy74z.default\cookies.txt[.doubleclick.net/] 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.doubleclick.net/] 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@CAASC7D3.txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsi\Cookies\kirsi@CAHC8ZKX.txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Application Data\Mozilla\Firefox\Profiles\307oeatb.default\cookies.txt[.atdmt.com/] 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.atdmt.com/] 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsi\Cookies\kirsi@CATAK59A.txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Miia.RUMBIN-7CCF45A5\Application Data\Mozilla\Firefox\Profiles\e2nvy74z.default\cookies.txt[.atdmt.com/] 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@CAZ4D7XI.txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsi\Application Data\Mozilla\Firefox\Profiles\eikptbby.default\cookies.txt[.atdmt.com/] 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsi ja Hannu\Cookies\kirsi ja hannu@CAX2TSO1.txt 00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Työpöytä\SDFix\apps\Process.exe 00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Työpöytä\SDFix.exe[SDFix\apps\Process.exe] 00139535 Application/Processor HackTools No 0 Yes No C:\SDFix\apps\Process.exe 00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{C0C917A3-FF38-44EC-8970-EF16E2CCE574}\RP47\A0006384.exe 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Miia.RUMBIN-7CCF45A5\Application Data\Mozilla\Firefox\Profiles\e2nvy74z.default\cookies.txt[.tradedoubler.com/] 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.tradedoubler.com/] 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@CA33POIF.txt 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Application Data\Mozilla\Firefox\Profiles\b7hgs2tk.default\sessionstore.js[.tradedoubler.com/] 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsi\Cookies\kirsi@CARKFDKF.txt 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsi ja Hannu\Cookies\kirsi ja hannu@CAHEU1BV.txt 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Application Data\Mozilla\Firefox\Profiles\b7hgs2tk.default\sessionstore.js[.tradedoubler.com/] 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.tradedoubler.com/] 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Miia.RUMBIN-7CCF45A5\Application Data\Mozilla\Firefox\Profiles\e2nvy74z.default\cookies.txt[.tradedoubler.com/] 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.tradedoubler.com/] 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Application Data\Mozilla\Firefox\Profiles\b7hgs2tk.default\sessionstore.js[.tradedoubler.com/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.fastclick.net/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@CACDAD7R.txt 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Miia.RUMBIN-7CCF45A5\Application Data\Mozilla\Firefox\Profiles\e2nvy74z.default\cookies.txt[.fastclick.net/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsi ja Hannu\Cookies\kirsi ja hannu@CA4NOL7P.txt 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Miia.RUMBIN-7CCF45A5\Application Data\Mozilla\Firefox\Profiles\e2nvy74z.default\cookies.txt[.fastclick.net/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.fastclick.net/] 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.tribalfusion.com/] 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Application Data\Mozilla\Firefox\Profiles\307oeatb.default\cookies.txt[.tribalfusion.com/] 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsi ja Hannu\Cookies\kirsi ja hannu@CAAXU1P4.txt 00145758 Cookie/Mysearch TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.mysearch.com/] 00145758 Cookie/Mysearch TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Cookies\miia@mysearch[2].txt 00145758 Cookie/Mysearch TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Cookies\milla@mysearch[2].txt 00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@CA5XS4JB.txt 00145869 Cookie/SpyLog TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@CAEXYN4O.txt 00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.anm.co.uk/] 00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Cookies\milla@anm.co[1].txt 00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Application Data\Mozilla\Firefox\Profiles\307oeatb.default\cookies.txt[.anm.co.uk/] 00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.anm.co.uk/] 00146967 Cookie/PayCounter TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@CAW64KX0.txt 00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@ccbill[2].txt 00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Cookies\miia@belnk[1].txt 00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@CA13HW2A.txt 00162900 Cookie/MediaTickets TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@kinghost[2].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Cookies\miia@CAKK3NSO.txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Cookies\milla@CAG78ZHQ.txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Application Data\Mozilla\Firefox\Profiles\307oeatb.default\cookies.txt[.com.com/] 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.com.com/] 00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Cookies\miia@yadro[1].txt 00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Cookies\milla@yadro[1].txt 00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@yadro[2].txt 00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.yadro.ru/] 00167650 Cookie/GangbangSquad TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@gangbangsquad[1].txt 00167653 Cookie/Outster TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@outster[1].txt 00167677 Cookie/WebPower TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@CAIM5D6Y.txt 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@xiti[2].txt 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.xiti.com/] 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Cookies\milla@xiti[1].txt 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Cookies\miia@xiti[1].txt 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Application Data\Mozilla\Firefox\Profiles\307oeatb.default\cookies.txt[.xiti.com/] 00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Cookies\milla@fe.lea.lycos[3].txt 00167726 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Cookies\milla@CA9Y4UW2.txt 00167726 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Application Data\Mozilla\Firefox\Profiles\307oeatb.default\cookies.txt[.tickle.com/] 00167726 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Application Data\Mozilla\Firefox\Profiles\307oeatb.default\cookies.txt[.tickle.com/] 00167726 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Application Data\Mozilla\Firefox\Profiles\307oeatb.default\cookies.txt[.tickle.com/] 00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.azjmp.com/] 00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Cookies\miia@azjmp[1].txt 00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Cookies\milla@azjmp[2].txt 00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Cookies\milla@toplist[2].txt 00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Miia.RUMBIN-7CCF45A5\Application Data\Mozilla\Firefox\Profiles\e2nvy74z.default\cookies.txt[.toplist.cz/] 00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@toplist[1].txt 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.statcounter.com/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsi ja Hannu\Cookies\kirsi ja hannu@CA5EABGV.txt 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.statcounter.com/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@CA8V01YS.txt 00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[counter.hitslink.com/] 00167762 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@CAMGXUBJ.txt 00167763 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@CA7J5GV2.txt 00167764 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@CA6J2A9D.txt 00167766 Cookie/GangbangSquad TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@www.gangbangsquad[2].txt 00167767 Cookie/WegCash TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@CATK62N9.txt 00167770 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@CAUVZGWO.txt 00167774 Cookie/web-stat TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Cookies\milla@www.web-stat[1].txt 00167783 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@CAI3BTOO.txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Application Data\Mozilla\Firefox\Profiles\307oeatb.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Application Data\Mozilla\Firefox\Profiles\307oeatb.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Application Data\Mozilla\Firefox\Profiles\307oeatb.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Application Data\Mozilla\Firefox\Profiles\307oeatb.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Miia.RUMBIN-7CCF45A5\Application Data\Mozilla\Firefox\Profiles\e2nvy74z.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Miia.RUMBIN-7CCF45A5\Application Data\Mozilla\Firefox\Profiles\e2nvy74z.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Miia.RUMBIN-7CCF45A5\Application Data\Mozilla\Firefox\Profiles\e2nvy74z.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Application Data\Mozilla\Firefox\Profiles\307oeatb.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Miia.RUMBIN-7CCF45A5\Application Data\Mozilla\Firefox\Profiles\e2nvy74z.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Miia.RUMBIN-7CCF45A5\Application Data\Mozilla\Firefox\Profiles\e2nvy74z.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@CAP03KMA.txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Miia.RUMBIN-7CCF45A5\Application Data\Mozilla\Firefox\Profiles\e2nvy74z.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Application Data\Mozilla\Firefox\Profiles\307oeatb.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Miia.RUMBIN-7CCF45A5\Application Data\Mozilla\Firefox\Profiles\e2nvy74z.default\cookies.txt[ad.yieldmanager.com/] 00168058 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@CATHR1P3.txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.apmebf.com/] 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@CAP74SEB.txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Miia.RUMBIN-7CCF45A5\Application Data\Mozilla\Firefox\Profiles\e2nvy74z.default\cookies.txt[.apmebf.com/] 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsi ja Hannu\Cookies\kirsi ja hannu@CA8A6WIS.txt 00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.burstnet.com/] 00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@burstnet[2].txt 00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.burstnet.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Application Data\Mozilla\Firefox\Profiles\307oeatb.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Miia.RUMBIN-7CCF45A5\Cookies\miia@CAZXTTMU.txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Application Data\Mozilla\Firefox\Profiles\307oeatb.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Cookies\milla@CA5370PS.txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Application Data\Mozilla\Firefox\Profiles\307oeatb.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Application Data\Mozilla\Firefox\Profiles\307oeatb.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Application Data\Mozilla\Firefox\Profiles\307oeatb.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsi\Application Data\Mozilla\Firefox\Profiles\eikptbby.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Cookies\milla@CA3UQL78.txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsi\Application Data\Mozilla\Firefox\Profiles\eikptbby.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsi\Application Data\Mozilla\Firefox\Profiles\eikptbby.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsi\Application Data\Mozilla\Firefox\Profiles\eikptbby.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsi\Application Data\Mozilla\Firefox\Profiles\eikptbby.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsi\Cookies\kirsi@CABAJQ6B.txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsi\Application Data\Mozilla\Firefox\Profiles\eikptbby.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Application Data\Mozilla\Firefox\Profiles\307oeatb.default\cookies.txt[.serving-sys.com/] 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Application Data\Mozilla\Firefox\Profiles\307oeatb.default\cookies.txt[.bs.serving-sys.com/] 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsi\Application Data\Mozilla\Firefox\Profiles\eikptbby.default\cookies.txt[.bs.serving-sys.com/] 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsi\Cookies\kirsi@CAQ6719A.txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.bs.serving-sys.com/] 00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Application Data\Mozilla\Firefox\Profiles\307oeatb.default\cookies.txt[www.burstbeacon.com/] 00168108 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Cookies\milla@web.tickle[2].txt 00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsi\Application Data\Mozilla\Firefox\Profiles\eikptbby.default\cookies.txt[.adtech.de/] 00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.adtech.de/] 00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Application Data\Mozilla\Firefox\Profiles\307oeatb.default\cookies.txt[.adtech.de/] 00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsi ja Hannu\Cookies\kirsi ja hannu@CABD4A0M.txt 00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsi\Cookies\kirsi@CAP0WQ8N.txt 00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@CA1P0T0S.txt 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Cookies\milla@CAJ6KZI4.txt 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsi ja Hannu\Cookies\kirsi ja hannu@CABM9DBO.txt 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@CANGZW1W.txt 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Cookies\miia@CA8HGB50.txt 00168113 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Cookies\milla@fe.lea.lycos[1].txt 00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Cookies\milla@CASMR155.txt 00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@CAVK0JSA.txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Miia.RUMBIN-7CCF45A5\Application Data\Mozilla\Firefox\Profiles\e2nvy74z.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Application Data\Mozilla\Firefox\Profiles\b7hgs2tk.default\sessionstore.js[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Application Data\Mozilla\Firefox\Profiles\b7hgs2tk.default\sessionstore.js[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Application Data\Mozilla\Firefox\Profiles\b7hgs2tk.default\sessionstore.js[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Application Data\Mozilla\Firefox\Profiles\b7hgs2tk.default\sessionstore.js[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Application Data\Mozilla\Firefox\Profiles\b7hgs2tk.default\sessionstore.js[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@CA4CPB4P.txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Miia.RUMBIN-7CCF45A5\Application Data\Mozilla\Firefox\Profiles\e2nvy74z.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsi\Application Data\Mozilla\Firefox\Profiles\eikptbby.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Application Data\Mozilla\Firefox\Profiles\p4r91qtz.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Miia.RUMBIN-7CCF45A5\Application Data\Mozilla\Firefox\Profiles\e2nvy74z.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Application Data\Mozilla\Firefox\Profiles\307oeatb.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Application Data\Mozilla\Firefox\Profiles\307oeatb.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Application Data\Mozilla\Firefox\Profiles\307oeatb.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Application Data\Mozilla\Firefox\Profiles\307oeatb.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Application Data\Mozilla\Firefox\Profiles\307oeatb.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsi ja Hannu\Cookies\kirsi ja hannu@CAT28WJ6.txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsi\Cookies\kirsi@CAY3PDG0.txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Miia.RUMBIN-7CCF45A5\Application Data\Mozilla\Firefox\Profiles\e2nvy74z.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Application Data\Mozilla\Firefox\Profiles\p4r91qtz.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsi\Application Data\Mozilla\Firefox\Profiles\eikptbby.default\cookies.txt[.advertising.com/] 00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@CADGJFSR.txt 00170087 Cookie/Hbmediapro TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Cookies\milla@adopt.hbmediapro[1].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Cookies\miia@CA83SZGD.txt 00170553 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Cookies\milla@ig.com[1].txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@CAQ6573K.txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.overture.com/] 00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Cookies\milla@CAVRUDXK.txt 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Cookies\milla@CAHZN8FL.txt 00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Cookies\milla@www5.addfreestats[1].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Application Data\Mozilla\Firefox\Profiles\307oeatb.default\cookies.txt[.questionmarket.com/] 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Application Data\Mozilla\Firefox\Profiles\307oeatb.default\cookies.txt[.questionmarket.com/] 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.zedo.com/] 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.zedo.com/] 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@CA6H7V1V.txt 00180153 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@CAF3R06G.txt 00180154 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@CA62NFCB.txt 00180246 Cookie/XXXCounter TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@CAABMGHA.txt 00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.bravenet.com/] 00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsi\Application Data\Mozilla\Firefox\Profiles\eikptbby.default\cookies.txt[.bravenet.com/] 00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@CA4F1K0S.txt 00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.bravenet.com/] 00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsi\Cookies\kirsi@CAMTZ2LR.txt 00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.bravenet.com/] 00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.bravenet.com/] 00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.bravenet.com/] 00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.bravenet.com/] 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Application Data\Mozilla\Firefox\Profiles\b7hgs2tk.default\sessionstore.js[.adultfriendfinder.com/] 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Application Data\Mozilla\Firefox\Profiles\b7hgs2tk.default\sessionstore.js[.adultfriendfinder.com/] 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsi ja Hannu\Cookies\kirsi ja hannu@CA3X8IJF.txt 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@CAZCMU43.txt 00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Cookies\miia@go[1].txt 00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Cookies\milla@go[1].txt 00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsi ja Hannu\Cookies\kirsi_ja_hannu@go[1].txt 00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@CA10O9X9.txt 00205140 Cookie/Research-int TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Application Data\Mozilla\Firefox\Profiles\307oeatb.default\cookies.txt[.research-int.se/] 00205140 Cookie/Research-int TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Cookies\milla@CALXER47.txt 00207712 Cookie/360i TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Cookies\milla@ct.360i[2].txt 00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsi ja Hannu\Cookies\kirsi ja hannu@CAHAFVKE.txt 00216065 Cookie/Screensavers TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Cookies\milla@i.screensavers[1].txt 00217990 Cookie/WinFixer TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Cookies\milla@winfixer[2].txt 00249100 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Cookies\milla@www2.addfreestats[1].txt 00249100 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@www2.addfreestats[2].txt 00251542 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@CAOT8A4H.txt 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Cookies\milla@atwola[2].txt 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Miia.RUMBIN-7CCF45A5\Application Data\Mozilla\Firefox\Profiles\e2nvy74z.default\cookies.txt[.atwola.com/] 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Application Data\Mozilla\Firefox\Profiles\75givu9e.default\cookies.txt[.atwola.com/] 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Cookies\miia@atwola[2].txt 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@atwola[1].txt 00262024 Cookie/ErrorSafe TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Cookies\miia@www.errorsafe[1].txt 00262024 Cookie/ErrorSafe TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Cookies\milla@www.errorsafe[1].txt 00262025 Cookie/ErrorSafe TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Cookies\miia@errorsafe[2].txt 00262025 Cookie/ErrorSafe TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Cookies\milla@errorsafe[1].txt 00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Cookies\miia@www3.addfreestats[1].txt 00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Cookies\milla@www3.addfreestats[2].txt 00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Cookies\milla@www6.addfreestats[1].txt 00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@www6.addfreestats[1].txt 00286738 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@www1.addfreestats[1].txt 00286738 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Cookies\milla@cgi-bin[2].txt 00296582 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Cookies\milla@www.drivecleaner[2].txt 00296583 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Cookies\milla@stats.drivecleaner[2].txt 00296584 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Cookies\milla@drivecleaner[2].txt 00320977 Cookie/Winantivirus TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Cookies\miia@www.winantivirus[2].txt 00320978 Cookie/Winantivirus TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Cookies\milla@winantivirus[1].txt 00320978 Cookie/Winantivirus TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Cookies\miia@winantivirus[2].txt 01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\Documents and Settings\Milla.RUMBIN-7CCF45A5\Työpöytä\ComboFix.exe[327882R2FWJFW\NirCmdC.cfexe] 01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@enhance[1].txt 01196326 Cookie/GoClick TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@CA8SQE2N.txt 01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Milla\Application Data\Mozilla\Firefox\Profiles\307oeatb.default\cookies.txt[.adserver.easyad.info/] 02763634 Trj/ClassLoader.AH Virus/Trojan No 0 Yes No C:\Documents and Settings\Hannu\Application Data\Sun\Java\Deployment\cache\6.0\32\7836d960-1eb28c65[VaannnaaBaa.class] 02763635 Trj/ClassLoader.AH Virus/Trojan No 0 Yes No C:\Documents and Settings\Hannu\Application Data\Sun\Java\Deployment\cache\6.0\32\7836d960-1eb28c65[Bnnnnn.class] 02763636 Trj/ClassLoader.AH Virus/Trojan No 0 Yes No C:\Documents and Settings\Hannu\Application Data\Sun\Java\Deployment\cache\6.0\32\7836d960-1eb28c65[BnnnnBaa.class] 02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Hannu\Cookies\hannu@advancedcleaner[1].txt 02908816 Cookie/Starware TrackingCookie No 0 Yes No C:\Documents and Settings\Miia\Cookies\miia@h.starware[1].txt ;=================================================================================================================================================================================== SUSPECTS Sent Location r ;=================================================================================================================================================================================== No C:\PROGRAM FILES\PC PROTECTION PLUS\FSGUI\FSAVURES.ENG r ;=================================================================================================================================================================================== VULNERABILITIES Id Severity Description r ;=================================================================================================================================================================================== 170907 HIGH MS07-046 r 170904 HIGH MS07-043 r 133387 MEDIUM MS06-065 r ;===================================================================================================================================================================================
Lataa Atribunen ATF Cleaner Ohjeet; Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.Main:n alla valitse: Select All Klikkaa Empty Selected valintaa. Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All Klikkaa Empty Selected valintaa. HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy. Jos käytät Operaa selaimenasiKlikkaa Opera yläpuolelta ja valitse: Select All Klikkaa Empty Selected valintaa taas. HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy. Klikkaa Exit päävalikosta sulkeaksesi ohjelman. Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)
