uTorrent päälle = Avast! - Suoritin 60 - 99% (HJT)

Tumppi_k · May 31, 2007

Mikäs kumma on? Aluksi näkyy toimivan ihan hyvin mutta sitten kun lataus nopeus paranee niin avastin ashserv.exe nostaa suorittimen käytön korkeeksi ja kone jumahtaa tyystin kunnes suoritin normalisoituu ja jonkun ajan kuluttua hyppää taas.

Saiskohan kuntoon ilman koneen uudelleen asennusta

Täs HJT- logi

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:50:07, on 31.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\System32\nvraidservice.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\System32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\msaccrt\Access 97\FINDFAST.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tuomas Karhu\Työpöytä\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.tutka.net:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINNT\System32\nvraidservice.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [internat.exe] internat.exe (User 'Paikallinen palve')
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [internat.exe] internat.exe (User 'Verkkopalve')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [internat.exe] internat.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI Tray Tools.lnk = C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\atitray.exe
O4 - Global Startup: Microsoft Office Pikahaku.lnk = C:\Program Files\msaccrt\Access 97\FINDFAST.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178481244437
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D81694E-D279-4DDA-901F-14A294C2C82E}: NameServer = 85.255.114.21 85.255.112.190
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\System32\browseui.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINNT\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINNT\system32\fxssvc.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINNT\System32\imapi.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINNT\System32\mnmsrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINNT\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINNT\System32\SCardSvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINNT\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINNT\System32\tlntsvr.exe
O23 - Service: Toimintojen hallinta (UtilMan) - Unknown owner - C:\WINNT\System32\UtilMan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINNT\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINNT\System32\wbem\wmiapsrv.exe
O23 - Service: Windows Media Playerin verkkojakamispalvelu (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 8910 bytes

Kiitos

Auttaja · May 31, 2007

taitaa olla wout rootkit..

=======

Lataa fixwareout.exe täältä > http://downloads.subratam.org/Fixwareout.exe
tai täältä >
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
ja tallenna se työpöydälle. Tuplaklikkaa sitä ja seuraa ohjeita. Klikkaa Next, sitten Install ja varmistu, että "Run fixit" on valittu. Sinun pitää käynnistää kone uudelleen, kun niin käsketään.

Avaa hijackthis, merkkaa tämä rivi

O17 - HKLM\System\CCS\Services\Tcpip\..\{2D81694E-D279-4DDA-901F-14A294C2C82E}: NameServer = 85.255.114.21 85.255.112.190

ja paina fix checked

========

Lähetä uusi HjT-loki ja c:\fixwareout\report.txt sisältö

Tumppi_k · May 31, 2007

Ok! Fixwareout

Fixwareout Last edited 5/15/2007
Post this report in the forums please
...
»»»»»Prerun check

»»»»»

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.

Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other
C:\WINNT\Temp\kdpvq.ren 66363 14.09.2004

»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE"
"NVRaidService"="C:\\WINNT\\System32\\nvraidservice.exe"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINNT\\system32\\ctfmon.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

Ja uus HJT

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 23:05:32, on 31.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\System32\nvraidservice.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\System32\wbem\unsecapp.exe
C:\Program Files\msaccrt\Access 97\FINDFAST.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Tuomas Karhu\Työpöytä\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINNT\System32\nvraidservice.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [internat.exe] internat.exe (User 'Paikallinen palve')
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [internat.exe] internat.exe (User 'Verkkopalve')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [internat.exe] internat.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI Tray Tools.lnk = C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\atitray.exe
O4 - Global Startup: Microsoft Office Pikahaku.lnk = C:\Program Files\msaccrt\Access 97\FINDFAST.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178481244437
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\System32\browseui.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINNT\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINNT\system32\fxssvc.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINNT\System32\imapi.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINNT\System32\mnmsrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINNT\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINNT\System32\SCardSvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINNT\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINNT\System32\tlntsvr.exe
O23 - Service: Toimintojen hallinta (UtilMan) - Unknown owner - C:\WINNT\System32\UtilMan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINNT\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINNT\System32\wbem\wmiapsrv.exe
O23 - Service: Windows Media Playerin verkkojakamispalvelu (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 8754 bytes

Auttaja · May 31, 2007

Tallena nämä ohjeet teksitiedostoon sillä et voi lukea niitä muuten vikasietotilassa.

Jees eli poista toi SweetIm (roskaa)

==========

Avaa hijackthis merkkaa seuraavat rivi(t) ja paina fix checked, sulje muut ohjelmat siksi aikaa.

<<< R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
>>>>>

Tässä ohje miten merkataan:

==========

1. Lataa AVG Anti-Spyware 7.5 ja tallenna ohjelma työpöydällesi. Jos sinulla on jo kyseinen ohjelma siirry suoraan kohtaan 2!

[*]Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
[*]Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.

2. [*]Käynnistä AVG Anti-Spyware.
[*]Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.
[*]Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.
[*]Paina hetken kuluttua uudestaan "Start Update" , jos päivitykset eivät heti onnistu
[*]Jos automaattipäivitys ei jostain syystä toimi, niin tunnisteet voi ladata manuaalisesti http://www.ewido.net/en/download/updates/ -linkin takaa.
[*]Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
[*]Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
[*]Sitten "Reports" valikon alta:a
[*]Laita täppi kohtaan "Automatically generate report after every scan"
[*]Ota täppi pois kohdasta"Only if threats were found"
[*]Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
[*]"Resident shield is", muuta tila active:sta inactive:ksi
[*]Sulje ohjelma, ÄLÄ skannaa vielä.

Käynnistä tietokoneesi vikasietotilaan

Poista kansio C:\Program Files\Macrogaming\SweetIMBarForIE

HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.
[*]Kun vikasietotilassa, käynnistä AVG Anti-Spyware.
[*]Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
[*]AVG aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.
Kun skannaus on valmis:
TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
[*]Varmistu, että Set all elements to: näyttää Quarantine(1), jos ei, klikkaa linkkiä ja valitse b]Quarantine[/b] popup-valikosta.
[*]Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"

[*]Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
[*]Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
[*]Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestiketjuusi.

==========

Tämä jos tunnet tietokoneesi olevan hitaan puoleinen, etkä ole eheyttänyt pitkään aikaan:

Avaa Oma tietokone
-> Tee seuraava toimenpide kaikille Paikallisille levyille

==========

Lataa CCleaner ja asenna se:
Avaa "Options", sieltä "Language" ja valitse "Suomi (Finnish)"

Avaa "Virheet" kohta, paina "Etsi rekisterin virheitä", paina "Korjaa valitut rekisterin virheet..". Paina "Kyllä", kun ohjelma kysyy "Haluatko varmuuskopioida muutokset rekisteriin", tallenna tiedosto esim. työpöydälle.

Avaa "Puhdistaja", paina "Tutki" ja tämän jälkeen "Aja Ccleaner". Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.

==========

Jos sinulla ei ole tätä java versiota (6.1): Vanha java saastuttaa helposti koneesi!

Javan päivitys ja välimuistin tyhjennys:

1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä:
3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..
5. Käynnistä kone uudelleen asennuksen jälkeen:

http://java.sun.com/javase/downloads/index.jsp
tai http://www.filehippo.com/download_java_runtime/

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u1

Paina Download

Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se.

6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).

7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Varmista että kaikki kaksi valintaa ovat rastitettuja:

*Applications and Applets

*Trace and Log Files

Ja paina OK -nappia

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.

10. Klikkaa OK jättääksesi Java asetusikkunasi.

==========

Uusi Hijackthis logi ja onko ongelmia?

Tumppi_k · May 31, 2007

AVG-raportti

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 0:14:02 1.6.2007

+ Scan result:

D:\Pelit\GTA- San Andreas\GTA San Andreas\hlm-intro.exe -> Backdoor.Hupigon.kg : Cleaned with backup (quarantined).
C:\Documents and Settings\Tuomas Karhu\Cookies\tuomas_karhu@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned.
G:\Pelien asennusohjelmat\Pro Evolution Soccer 5 + Superpatch 3.0\Superpatch 3.0\Step 4 - Kitserver\kitserver\GDB\uni\Bundesliga\Leverkusen\adidas_white.bmp -> Trojan.Lmir.aov : Cleaned with backup (quarantined).
G:\Pelien asennusohjelmat\Pro Evolution Soccer 5 + Superpatch 3.0\Superpatch 3.0\Step 4 - Kitserver\kitserver\GDB\uni\National\Classic England\num-red.bmp -> Trojan.Lmir.aov : Cleaned with backup (quarantined).
G:\Pelien asennusohjelmat\Pro Evolution Soccer 5 + Superpatch 3.0\Superpatch 3.0\Step 4 - Kitserver\kitserver\GDB\uni\National\Classic England\num-silver.bmp -> Trojan.Lmir.aov : Cleaned with backup (quarantined).
G:\Pelien asennusohjelmat\Pro Evolution Soccer 5 + Superpatch 3.0\Superpatch 3.0\Step 4 - Kitserver\kitserver\GDB\uni\National\Classic England\pal-red.bmp -> Trojan.Lmir.aov : Cleaned with backup (quarantined).
G:\Pelien asennusohjelmat\Pro Evolution Soccer 5 + Superpatch 3.0\Superpatch 3.0\Step 4 - Kitserver\kitserver\GDB\uni\National\Classic England\pal-silver.bmp -> Trojan.Lmir.aov : Cleaned with backup (quarantined).
G:\Pelien asennusohjelmat\Pro Evolution Soccer 5 + Superpatch 3.0\Superpatch 3.0\Step 4 - Kitserver\kitserver\GDB\uni\SerieA\Inter\inter_white2.bmp -> Trojan.Lmir.aov : Cleaned with backup (quarantined).
G:\Pelien asennusohjelmat\Pro Evolution Soccer 5 + Superpatch 3.0\Superpatch 3.0\Step 4 - Kitserver\kitserver\GDB\uni\SerieA\Messina\messina_black.bmp -> Trojan.Lmir.aov : Cleaned with backup (quarantined).
G:\Pelien asennusohjelmat\Pro Evolution Soccer 5 + Superpatch 3.0\Superpatch 3.0\Step 4 - Kitserver\kitserver\GDB\uni\SerieA\Messina\messina_white.bmp -> Trojan.Lmir.aov : Cleaned with backup (quarantined).
G:\Pelien asennusohjelmat\Pro Evolution Soccer 5 + Superpatch 3.0\Superpatch 3.0\Step 4 - Kitserver\kitserver\GDB\uni\SerieA\Milan\milan_gold.bmp -> Trojan.Lmir.aov : Cleaned with backup (quarantined).
G:\Pelien asennusohjelmat\Pro Evolution Soccer 5 + Superpatch 3.0\Superpatch 3.0\Step 4 - Kitserver\kitserver\GDB\uni\SerieA\Milan\milan_red.bmp -> Trojan.Lmir.aov : Cleaned with backup (quarantined).
G:\Pelien asennusohjelmat\Pro Evolution Soccer 5 + Superpatch 3.0\Superpatch 3.0\Step 4 - Kitserver\kitserver\GDB\uni\SerieA\Palermo\palermo_black.bmp -> Trojan.Lmir.aov : Cleaned with backup (quarantined).
G:\Pelien asennusohjelmat\Pro Evolution Soccer 5 + Superpatch 3.0\Superpatch 3.0\Step 4 - Kitserver\kitserver\GDB\uni\SerieA\Palermo\palermo_white.bmp -> Trojan.Lmir.aov : Cleaned with backup (quarantined).
G:\Pelien asennusohjelmat\Pro Evolution Soccer 5 + Superpatch 3.0\Superpatch 3.0\Step 4 - Kitserver\kitserver\GDB\uni\Ligue1\Le mans\Thumbs.db -> Trojan.Susear.a : Cleaned with backup (quarantined).
G:\Pelien asennusohjelmat\Pro Evolution Soccer 5 + Superpatch 3.0\Superpatch 3.0\Step 4 - Kitserver\kitserver\GDB\uni\Ligue1\Marseille\pa\Thumbs.db -> Trojan.Susear.a : Cleaned with backup (quarantined).
G:\Pelien asennusohjelmat\Pro Evolution Soccer 5 + Superpatch 3.0\Superpatch 3.0\Step 4 - Kitserver\kitserver\GDB\uni\Ligue1\saintetienne\pb\Thumbs.db -> Trojan.Susear.a : Cleaned with backup (quarantined).
G:\Pelien asennusohjelmat\Pro Evolution Soccer 5 + Superpatch 3.0\Superpatch 3.0\Step 4 - Kitserver\kitserver\GDB\uni\National\Angola\ga\Thumbs.db -> Trojan.Susear.a : Cleaned with backup (quarantined).
G:\Pelien asennusohjelmat\Pro Evolution Soccer 5 + Superpatch 3.0\Superpatch 3.0\Step 4 - Kitserver\kitserver\GDB\uni\National\Classic Argentina\pb\Thumbs.db -> Trojan.Susear.a : Cleaned with backup (quarantined).
G:\Pelien asennusohjelmat\Pro Evolution Soccer 5 + Superpatch 3.0\Superpatch 3.0\Step 4 - Kitserver\kitserver\GDB\uni\National\Classic France\pa\Thumbs.db -> Trojan.Susear.a : Cleaned with backup (quarantined).
G:\Pelien asennusohjelmat\Pro Evolution Soccer 5 + Superpatch 3.0\Superpatch 3.0\Step 4 - Kitserver\kitserver\GDB\uni\National\Nigeria\pb\Thumbs.db -> Trojan.Susear.a : Cleaned with backup (quarantined).
G:\Pelien asennusohjelmat\Pro Evolution Soccer 5 + Superpatch 3.0\Superpatch 3.0\Step 4 - Kitserver\kitserver\GDB\uni\SerieA\Juventus\ga\Thumbs.db -> Trojan.Susear.a : Cleaned with backup (quarantined).
G:\Pelien asennusohjelmat\Pro Evolution Soccer 5 + Superpatch 3.0\Superpatch 3.0\Step 4 - Kitserver\kitserver\GDB\uni\SerieA\Lazio\gb\Thumbs.db -> Trojan.Susear.a : Cleaned with backup (quarantined).
G:\Pelien asennusohjelmat\Pro Evolution Soccer 5 + Superpatch 3.0\Superpatch 3.0\Step 4 - Kitserver\kitserver\GDB\uni\SerieA\Palermo\ga\Thumbs.db -> Trojan.Susear.a : Cleaned with backup (quarantined).
G:\Pelien asennusohjelmat\Pro Evolution Soccer 5 + Superpatch 3.0\Superpatch 3.0\Step 4 - Kitserver\kitserver\GDB\uni\SerieA\Palermo\pa\Thumbs.db -> Trojan.Susear.a : Cleaned with backup (quarantined).
G:\Pelien asennusohjelmat\Pro Evolution Soccer 5 + Superpatch 3.0\Superpatch 3.0\Step 4 - Kitserver\kitserver\GDB\uni\SerieA\Palermo\px3\Thumbs.db -> Trojan.Susear.a : Cleaned with backup (quarantined).
G:\Pelien asennusohjelmat\Pro Evolution Soccer 5 + Superpatch 3.0\Superpatch 3.0\Step 4 - Kitserver\kitserver\GDB\uni\SerieA\Palermo\px4\Thumbs.db -> Trojan.Susear.a : Cleaned with backup (quarantined).
G:\Pelien asennusohjelmat\Pro Evolution Soccer 5 + Superpatch 3.0\Superpatch 3.0\Step 4 - Kitserver\kitserver\GDB\uni\SerieA\Palermo\px5\Thumbs.db -> Trojan.Susear.a : Cleaned with backup (quarantined).
G:\Pelien asennusohjelmat\Pro Evolution Soccer 5 + Superpatch 3.0\Superpatch 3.0\Step 4 - Kitserver\kitserver\GDB\uni\SerieA\Sampdoria\Thumbs.db -> Trojan.Susear.a : Cleaned with backup (quarantined).
G:\Pelien asennusohjelmat\Pro Evolution Soccer 5 + Superpatch 3.0\Superpatch 3.0\Step 4 - Kitserver\kitserver\GDB\uni\SerieA\Sampdoria\pb\Thumbs.db -> Trojan.Susear.a : Cleaned with backup (quarantined).
G:\Pelien asennusohjelmat\Pro Evolution Soccer 5 + Superpatch 3.0\Superpatch 3.0\Step 4 - Kitserver\kitserver\GDB\uni\SerieA\Sampdoria\px4\Thumbs.db -> Trojan.Susear.a : Cleaned with backup (quarantined).
G:\Pelien asennusohjelmat\Pro Evolution Soccer 5 + Superpatch 3.0\Superpatch 3.0\Step 4 - Kitserver\kitserver\GDB\uni\SerieA\Siena\ga\Thumbs.db -> Trojan.Susear.a : Cleaned with backup (quarantined).
G:\Pelien asennusohjelmat\Pro Evolution Soccer 5 + Superpatch 3.0\Superpatch 3.0\Step 4 - Kitserver\kitserver\GDB\uni\SerieA\Siena\px4\Thumbs.db -> Trojan.Susear.a : Cleaned with backup (quarantined).

::Report end

Uus HJT- logi

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 0:39:29, on 1.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\System32\nvraidservice.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINNT\System32\wbem\unsecapp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\msaccrt\Access 97\FINDFAST.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINNT\system32\msiexec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Tuomas Karhu\Työpöytä\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINNT\System32\nvraidservice.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [internat.exe] internat.exe (User 'Paikallinen palve')
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [internat.exe] internat.exe (User 'Verkkopalve')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [internat.exe] internat.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office Pikahaku.lnk = C:\Program Files\msaccrt\Access 97\FINDFAST.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178481244437
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D81694E-D279-4DDA-901F-14A294C2C82E}: NameServer = 85.255.114.21 85.255.112.190
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\System32\browseui.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINNT\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINNT\system32\fxssvc.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINNT\System32\imapi.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINNT\System32\mnmsrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINNT\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINNT\System32\SCardSvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINNT\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINNT\System32\tlntsvr.exe
O23 - Service: Toimintojen hallinta (UtilMan) - Unknown owner - C:\WINNT\System32\UtilMan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINNT\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINNT\System32\wbem\wmiapsrv.exe
O23 - Service: Windows Media Playerin verkkojakamispalvelu (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 9056 bytes

Auttaja · May 31, 2007

Lataa fixwareout.exe täältä > http://downloads.subratam.org/Fixwareout.exe
tai täältä >
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
ja tallenna se työpöydälle. Tuplaklikkaa sitä ja seuraa ohjeita. Klikkaa Next, sitten Install ja varmistu, että "Run fixit" on valittu. Sinun pitää käynnistää kone uudelleen, kun niin käsketään.

========

Merkkaa

O17 - HKLM\System\CCS\Services\Tcpip\..\{2D81694E-D279-4DDA-901F-14A294C2C82E}: NameServer = 85.255.114.21 85.255.112.190
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)

ja paina fix checked

=========

Mene Ohjauspaneeli -> Verkkoyhteydet. Sitten klikkaa hiiren oikealla yhteyskuvaketta -> ominaisuudet. Valitse TCP/IP ja sitten ominaisuudet. Valitse "hae IP-osoite automaattisesti" ja klikkaa ok

Sitten käynnistä -> suorita
Kirjoita cmd ja klikkaa ok
Kirjoita ipconfig /flushdns , paina enter, kirjoita exit
ja paina enter

Jos ei toimi, mene käynnistä -> apuohjelmat -> komentorivi ja kirjoita ipconfig /flushdns sinne ja paina enter. Kirjoita exit ja enter

========0

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

Laita myös uusi HIJACKTHISLOGI

Tumppi_k · Jun 1, 2007

FIXWAREOUT

Fixwareout Last edited 5/15/2007
Post this report in the forums please
...
»»»»»Prerun check

»»»»»

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.

Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other

»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE"
"NVRaidService"="C:\\WINNT\\System32\\nvraidservice.exe"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINNT\\system32\\ctfmon.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

COMBOFIX

"Tuomas Karhu" - 2007-06-01 12:09:54 Service Pack 2
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Tuomas Karhu\Ty”p”yt„\"

((((((((((((((((((((((((((((((( Files Created from 2007-05-01 to 2007-06-01 ))))))))))))))))))))))))))))))))))

2007-06-01 01:21 <KANSIO> d-------- C:\Program Files\MSBuild
2007-06-01 01:18 <KANSIO> d-------- C:\WINNT\system32\XPSViewer
2007-06-01 01:18 <KANSIO> d-------- C:\Program Files\Reference Assemblies
2007-06-01 01:17 14,048 --------- C:\WINNT\system32\spmsg2.dll
2007-06-01 00:27 <KANSIO> d-------- C:\Program Files\CCleaner
2007-05-31 23:18 3,968 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys
2007-05-31 21:26 <KANSIO> d-------- C:\Program Files\uTorrent
2007-05-31 21:26 <KANSIO> d-------- C:\DOCUME~1\TUOMAS~1\APPLIC~1\uTorrent
2007-05-31 20:40 <KANSIO> d-------- C:\Rustbfix
2007-05-31 20:31 <KANSIO> d-------- C:\Program Files\Lavalys
2007-05-31 18:41 <KANSIO> d-------- C:\Program Files\Lavasoft
2007-05-31 18:41 <KANSIO> d-------- C:\DOCUME~1\TUOMAS~1\APPLIC~1\Lavasoft
2007-05-31 18:25 95,872 --a------ C:\WINNT\system32\AvastSS.scr
2007-05-31 18:25 94,552 --a------ C:\WINNT\system32\drivers\aswmon2.sys
2007-05-31 18:25 85,952 --a------ C:\WINNT\system32\drivers\aswmon.sys
2007-05-31 18:25 745,600 --a------ C:\WINNT\system32\aswBoot.exe
2007-05-31 18:25 43,176 --a------ C:\WINNT\system32\drivers\aswTdi.sys
2007-05-31 18:25 26,888 --a------ C:\WINNT\system32\drivers\aavmker4.sys
2007-05-31 18:25 23,416 --a------ C:\WINNT\system32\drivers\aswRdr.sys
2007-05-31 17:46 520,192 --------- C:\WINNT\system32\ati2sgag.exe
2007-05-31 17:45 <KANSIO> d-------- C:\Program Files\ATI Technologies
2007-05-30 16:52 9,133 --a------ C:\dnsbak.reg
2007-05-27 20:18 442,368 -ra------ C:\WINNT\system32\vp6vfw.dll
2007-05-26 20:40 <KANSIO> d-------- C:\DOCUME~1\TUOMAS~1\APPLIC~1\Media Player Classic
2007-05-25 00:59 <KANSIO> d-------- C:\DOCUME~1\TUOMAS~1\APPLIC~1\vlc
2007-05-25 00:57 <KANSIO> d-------- C:\Program Files\VideoLAN
2007-05-25 00:54 <KANSIO> d-------- C:\Program Files\SopCast
2007-05-25 00:54 <KANSIO> d-------- C:\DOCUME~1\TUOMAS~1\APPLIC~1\SopCast
2007-05-25 00:40 <KANSIO> d-------- C:\Program Files\TVUPlayer
2007-05-25 00:31 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-05-25 00:30 740,442 --a------ C:\WINNT\system32\divx.dll
2007-05-25 00:30 73,728 --a------ C:\WINNT\system32\dpl100.dll
2007-05-25 00:30 593,920 --a------ C:\WINNT\system32\xvidcore.dll
2007-05-25 00:30 3,596,288 --a------ C:\WINNT\system32\qt-dx331.dll
2007-05-25 00:30 217,088 --a------ C:\WINNT\system32\yv12vfw.dll
2007-05-25 00:30 180,224 --a------ C:\WINNT\system32\xvidvfw.dll
2007-05-25 00:30 10,752 --a------ C:\WINNT\system32\ff_vfw.dll
2007-05-25 00:30 1,565,480 --a------ C:\WINNT\system32\wmv9vcm.dll
2007-05-25 00:30 <KANSIO> d-------- C:\Program Files\K-Lite Codec Pack
2007-05-25 00:30 <KANSIO> d-------- C:\DOCUME~1\TUOMAS~1\APPLIC~1\Real
2007-05-25 00:30 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
2007-05-23 21:39 <KANSIO> d-------- C:\DOCUME~1\TUOMAS~1\APPLIC~1\TVU Networks
2007-05-22 15:02 <KANSIO> d-------- C:\DOCUME~1\TUOMAS~1\APPLIC~1\atitray
2007-05-22 12:48 <KANSIO> d-------- C:\Program Files\MultiRes
2007-05-22 12:47 451,072 --a------ C:\WINNT\Radeon Omega Drivers v3.8.252 Uninstall.exe
2007-05-22 12:47 <KANSIO> d-------- C:\Program Files\Radeon Omega Drivers
2007-05-21 20:22 4,096 --a------ C:\WINNT\system32\drivers\nocashio.sys
2007-05-17 18:09 <KANSIO> d-------- C:\Program Files\Macrogaming
2007-05-16 21:47 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\SonicStage
2007-05-16 21:42 27,255 --------- C:\WINNT\system32\drivers\NWWMUSB.sys
2007-05-16 21:42 11,510 --------- C:\WINNT\system32\drivers\VMCUSB.sys
2007-05-16 21:42 <KANSIO> d-------- C:\Program Files\Sony Corporation
2007-05-16 21:41 90,112 --------- C:\WINNT\snymsico.dll
2007-05-16 21:41 765,952 --a------ C:\WINNT\system32\CDDBUISony.dll
2007-05-16 21:41 73,728 --a------ C:\WINNT\system32\CddbLinkSony.dll
2007-05-16 21:41 598,016 --a------ C:\WINNT\system32\CDDBControlSony.dll
2007-05-16 21:41 565,248 --a------ C:\WINNT\system32\CddbMusicIDSony.dll
2007-05-16 21:41 38,951 --------- C:\WINNT\system32\drivers\NETMDUSB.sys
2007-05-16 21:41 36,679 --------- C:\WINNT\system32\drivers\NETMD052.sys
2007-05-16 21:41 36,232 --------- C:\WINNT\system32\drivers\NETMD033.sys
2007-05-16 21:41 35,319 --------- C:\WINNT\system32\drivers\NETMD031.sys
2007-05-16 21:41 20,640 --------- C:\WINNT\system32\drivers\PxHelp20.sys
2007-05-16 21:41 151,552 --------- C:\WINNT\system32\pxwma.dll
2007-05-16 21:41 109,568 --------- C:\WINNT\system32\pxinsi64.exe
2007-05-16 21:41 108,544 --------- C:\WINNT\system32\pxcpyi64.exe
2007-05-16 21:40 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
2007-05-16 21:39 <KANSIO> d-------- C:\Program Files\Sony
2007-05-16 21:39 <KANSIO> d-------- C:\Program Files\Common Files\Sony Shared
2007-05-16 21:39 <KANSIO> d-------- C:\DOCUME~1\TUOMAS~1\APPLIC~1\Sony Corporation
2007-05-15 18:00 <KANSIO> d-------- C:\WINNT\Formula 1
2007-05-15 18:00 <KANSIO> d-------- C:\Program Files\Formula 1 2007
2007-05-15 12:44 <KANSIO> d-------- C:\Program Files\URUSoft
2007-05-14 13:06 <KANSIO> d-------- C:\Program Files\PowerISO
2007-05-13 22:14 53,248 --a------ C:\WINNT\system32\Process.exe
2007-05-13 22:14 51,200 --a------ C:\WINNT\system32\dumphive.exe
2007-05-13 22:14 288,417 --a------ C:\WINNT\system32\SrchSTS.exe
2007-05-13 22:14 1,060 --a------ C:\WINNT\system32\tmp.reg
2007-05-13 20:15 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-05-13 18:58 <KANSIO> d-------- C:\Downloads
2007-05-13 18:58 <KANSIO> d-------- C:\Bases
2007-05-13 18:57 <KANSIO> d-------- C:\Kaspersky
2007-05-13 17:49 <KANSIO> d-------- C:\Documents and Settings\TUOMAS~1\WINDOWS
2007-05-13 17:49 <KANSIO> d-------- C:\DOCUME~1\TUOMAS~1\WINDOWS
2007-05-13 16:56 <KANSIO> d-------- C:\Program Files\MeMediaSetup
2007-05-12 14:52 <KANSIO> d-------- C:\Program Files\Ares
2007-05-07 17:43 5,504 --a------ C:\WINNT\system32\drivers\MSTEE.sys
2007-05-07 17:43 19,328 --a------ C:\WINNT\system32\drivers\WSTCODEC.SYS
2007-05-07 17:43 15,360 --a------ C:\WINNT\system32\drivers\StreamIP.sys
2007-05-07 17:43 11,136 --a------ C:\WINNT\system32\drivers\SLIP.sys
2007-05-07 17:43 10,880 --a------ C:\WINNT\system32\drivers\NdisIP.sys
2007-05-07 17:42 86,016 --a------ C:\WINNT\CtDrvIns.exe
2007-05-07 17:42 85,376 --a------ C:\WINNT\system32\drivers\NABTSFEC.sys
2007-05-07 17:42 53,760 --a------ C:\WINNT\system32\vfwwdm32.dll
2007-05-07 17:42 49,152 --a------ C:\WINNT\system32\V0090Hwx.dll
2007-05-07 17:42 36,864 --a------ C:\WINNT\system32\V0090Pin.dll
2007-05-07 17:42 36,864 --a------ C:\WINNT\system32\CtRegApp.dll
2007-05-07 17:42 36,864 --a------ C:\WINNT\system32\CtCamMgr.dll
2007-05-07 17:42 20,480 --a------ C:\WINNT\V0090Cfg.exe
2007-05-07 17:42 20,480 --a------ C:\WINNT\system32\V0090Srv.exe
2007-05-07 17:42 17,024 --a------ C:\WINNT\system32\drivers\CCDECODE.sys
2007-05-07 17:42 138,112 --a------ C:\WINNT\system32\drivers\V0090Vid.sys
2007-05-07 17:42 126,976 --a------ C:\WINNT\system32\V0090Vfw.dll
2007-05-07 17:42 10,240 --a------ C:\WINNT\system32\V0090Sti.dll
2007-05-07 17:42 <KANSIO> d-------- C:\WebCam
2007-05-07 15:02 548 --a------ C:\WINNT\eReg.dat
2007-05-07 11:58 <KANSIO> d-------- C:\DOCUME~1\TUOMAS~1\APPLIC~1\WinRAR
2007-05-07 11:39 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NFS Underground
2007-05-07 11:29 <KANSIO> d-------- C:\Program Files\Common Files\DirectX
2007-05-07 10:08 <KANSIO> d--hs---- C:\RECYCLER
2007-05-07 01:17 82,380 --a------ C:\WINNT\system32\drivers\AFS2K.SYS
2007-05-07 01:17 <KANSIO> d-------- C:\DOCUME~1\TUOMAS~1\APPLIC~1\Hewlett-Packard
2007-05-07 01:16 94,208 -ra------ C:\WINNT\system32\HPZipt12.dll
2007-05-07 01:16 65,795 -ra------ C:\WINNT\system32\HPZipm12.exe
2007-05-07 01:16 61,699 -ra------ C:\WINNT\system32\HPZinw12.exe
2007-05-07 01:16 57,344 -ra------ C:\WINNT\system32\HPZisn12.dll
2007-05-07 01:16 51,024 -ra------ C:\WINNT\system32\drivers\hpzid412.sys
2007-05-07 01:16 233,528 -ra------ C:\WINNT\system32\HPZidr12.dll
2007-05-07 01:16 167,936 -ra------ C:\WINNT\system32\HPZipr12.dll
2007-05-07 01:16 16,080 -ra------ C:\WINNT\system32\drivers\HPZipr12.sys
2007-05-07 01:15 60,416 --a------ C:\WINNT\ALCFDRTM.EXE
2007-05-07 01:15 31,616 --a------ C:\WINNT\system32\drivers\usbccgp.sys
2007-05-07 01:15 25,856 --a------ C:\WINNT\system32\drivers\usbprint.sys
2007-05-07 01:15 21,456 -ra------ C:\WINNT\system32\drivers\HPZius12.sys
2007-05-07 01:15 15,104 --a------ C:\WINNT\system32\drivers\usbscan.sys
2007-05-07 01:15 <KANSIO> d-------- C:\WINNT\system32\Lang
2007-05-07 01:14 <KANSIO> d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-05-07 01:13 20,458 --a------ C:\WINNT\hpoins01.dat
2007-05-07 01:13 16,622 --------- C:\WINNT\hpomdl01.dat
2007-05-07 01:13 <KANSIO> d-------- C:\Program Files\Hewlett-Packard
2007-05-07 01:05 <KANSIO> d-------- C:\DOCUME~1\TUOMAS~1\APPLIC~1\Ahead
2007-05-07 01:03 <KANSIO> d-------- C:\Program Files\Nero
2007-05-07 01:03 <KANSIO> d-------- C:\Program Files\Common Files\Ahead
2007-05-07 00:54 <KANSIO> d-------- C:\Documents and Settings\TUOMAS~1\Contacts
2007-05-07 00:54 <KANSIO> d-------- C:\DOCUME~1\TUOMAS~1\Contacts
2007-05-07 00:44 <KANSIO> d-------- C:\WINNT\Downloaded Installations
2007-05-07 00:43 <KANSIO> d--h----- C:\WINNT\msdownld.tmp
2007-05-07 00:43 <KANSIO> d-------- C:\WINNT\system32\windows media
2007-05-07 00:43 <KANSIO> d-------- C:\WINNT\RegisteredPackages
2007-05-07 00:43 <KANSIO> d-------- C:\Program Files\Windows Media Components
2007-05-07 00:43 <KANSIO> d-------- C:\Program Files\msaccrt
2007-05-07 00:21 <KANSIO> d-------- C:\WINNT\system32\appmgmt
2007-05-07 00:09 <KANSIO> d-------- C:\Program Files\RevConnect
2007-05-07 00:00 <KANSIO> d----c--- C:\WINNT\system32\DRVSTORE
2007-05-07 00:00 <KANSIO> d-------- C:\Program Files\MSN Messenger
2007-05-06 23:59 <KANSIO> d-------- C:\Program Files\Webteh
2007-05-06 23:54 <KANSIO> d-------- C:\Program Files\Windows Media Connect 2
2007-05-06 23:52 <KANSIO> d-------- C:\WINNT\system32\LogFiles
2007-05-06 23:52 <KANSIO> d-------- C:\WINNT\system32\drivers\UMDF
2007-05-06 23:47 <KANSIO> d-------- C:\WINNT\pss
2007-05-06 23:40 <KANSIO> d-------- C:\DOCUME~1\TUOMAS~1\APPLIC~1\ATI
2007-05-06 23:35 <KANSIO> d-------- C:\WINNT\system32\fi-fi
2007-05-06 23:34 262,144 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-05-06 23:34 <KANSIO> d-------- C:\WINNT\network diagnostic
2007-05-06 23:23 <KANSIO> d-------- C:\WINNT\WinSxS
2007-05-06 23:23 <KANSIO> d-------- C:\WINNT\system32\usmt
2007-05-06 23:23 <KANSIO> d-------- C:\WINNT\system32\oobe
2007-05-06 23:23 <KANSIO> d-------- C:\WINNT\system32\IME
2007-05-06 23:23 <KANSIO> d-------- C:\WINNT\system32\icsxml
2007-05-06 23:23 <KANSIO> d-------- C:\WINNT\system32\3com_dmi
2007-05-06 23:23 <KANSIO> d-------- C:\WINNT\system32\3076
2007-05-06 23:23 <KANSIO> d-------- C:\WINNT\system32\2052
2007-05-06 23:23 <KANSIO> d-------- C:\WINNT\system32\1054
2007-05-06 23:23 <KANSIO> d-------- C:\WINNT\system32\1042
2007-05-06 23:23 <KANSIO> d-------- C:\WINNT\system32\1041
2007-05-06 23:23 <KANSIO> d-------- C:\WINNT\system32\1037
2007-05-06 23:23 <KANSIO> d-------- C:\WINNT\system32\1035
2007-05-06 23:23 <KANSIO> d-------- C:\WINNT\system32\1033
2007-05-06 23:23 <KANSIO> d-------- C:\WINNT\system32\1031
2007-05-06 23:23 <KANSIO> d-------- C:\WINNT\system32\1028
2007-05-06 23:23 <KANSIO> d-------- C:\WINNT\system32\1025
2007-05-06 23:23 <KANSIO> d-------- C:\WINNT\Resources
2007-05-06 23:23 <KANSIO> d-------- C:\WINNT\mui
2007-05-06 23:23 <KANSIO> d-------- C:\WINNT\ime
2007-05-06 23:20 6,550 --a------ C:\WINNT\jautoexp.dat
2007-05-06 23:20 46,352 --a------ C:\WINNT\setdebug.exe
2007-05-06 23:20 139,536 --a------ C:\WINNT\system32\javaee.dll
2007-05-06 23:20 113 --a------ C:\WINNT\system32\zonedon.reg
2007-05-06 23:20 113 --a------ C:\WINNT\system32\zonedoff.reg
2007-05-06 23:00 <KANSIO> drahsc--- C:\WINNT\system32\dllcache
2007-05-06 23:00 <KANSIO> dr--s---- C:\WINNT\Fonts
2007-05-06 23:00 <KANSIO> dr------- C:\WINNT\Web
2007-05-06 23:00 <KANSIO> d-a------ C:\WINNT\twain_32
2007-05-06 23:00 <KANSIO> d-a------ C:\WINNT\system32\wins
2007-05-06 23:00 <KANSIO> d-a------ C:\WINNT\system32\wbem
2007-05-06 23:00 <KANSIO> d-a------ C:\WINNT\system32\spool
2007-05-06 23:00 <KANSIO> d-a------ C:\WINNT\system32\ShellExt
2007-05-06 23:00 <KANSIO> d-a------ C:\WINNT\system32\ras
2007-05-06 23:00 <KANSIO> d-a------ C:\WINNT\system32\npp
2007-05-06 23:00 <KANSIO> d-a------ C:\WINNT\system32\mui
2007-05-06 23:00 <KANSIO> d-a------ C:\WINNT\system32\ias
2007-05-06 23:00 <KANSIO> d-a------ C:\WINNT\system32\export
2007-05-06 23:00 <KANSIO> d-a------ C:\WINNT\system32\drivers\etc
2007-05-06 23:00 <KANSIO> d-a------ C:\WINNT\system32\drivers\disdn
2007-05-06 23:00 <KANSIO> d-a------ C:\WINNT\system32\drivers
2007-05-06 23:00 <KANSIO> d-a------ C:\WINNT\system32\dhcp
2007-05-06 23:00 <KANSIO> d-a------ C:\WINNT\system32\config
2007-05-06 23:00 <KANSIO> d-a------ C:\WINNT\system32
2007-05-06 23:00 <KANSIO> d-a------ C:\WINNT\system
2007-05-06 23:00 <KANSIO> d-a------ C:\WINNT\security
2007-05-06 23:00 <KANSIO> d-a------ C:\WINNT\repair
2007-05-06 23:00 <KANSIO> d-a------ C:\WINNT\msagent
2007-05-06 23:00 <KANSIO> d-a------ C:\WINNT\Media
2007-05-06 23:00 <KANSIO> d-a------ C:\WINNT\Help
2007-05-06 23:00 <KANSIO> d-a------ C:\WINNT\Driver Cache
2007-05-06 23:00 <KANSIO> d-a------ C:\WINNT\Debug
2007-05-06 23:00 <KANSIO> d-a------ C:\WINNT\Cursors
2007-05-06 23:00 <KANSIO> d-a------ C:\WINNT\Connection Wizard
2007-05-06 23:00 <KANSIO> d-a------ C:\WINNT\Config
2007-05-06 23:00 <KANSIO> d-a------ C:\WINNT\AppPatch
2007-05-06 23:00 <KANSIO> d-a------ C:\WINNT\addins
2007-05-06 23:00 <KANSIO> d-a------ C:\WINNT
2007-05-06 23:00 <KANSIO> d--h----- C:\WINNT\inf
2007-05-06 23:00 <KANSIO> d-------- C:\WINNT\system32\Setup
2007-05-06 22:56 <KANSIO> d--h----- C:\WINNT\$hf_mig$
2007-05-06 22:56 <KANSIO> d-------- C:\WINNT\system32\PreInstall
2007-05-06 22:54 43,352 --a------ C:\WINNT\system32\wups2.dll
2007-05-06 22:54 <KANSIO> d-------- C:\WINNT\system32\SoftwareDistribution
2007-05-06 22:53 <KANSIO> d--hs---- C:\Documents and Settings\TUOMAS~1\UserData
2007-05-06 22:53 <KANSIO> d--hs---- C:\DOCUME~1\TUOMAS~1\UserData
2007-05-06 22:51 <KANSIO> d-------- C:\DOCUME~1\LOCALS~1\K„ynnist„-valikko
2007-05-06 22:49 <KANSIO> d-------- C:\WINNT\SoftwareDistribution
2007-05-06 22:49 <KANSIO> d-------- C:\WINNT\Prefetch
2007-05-06 22:44 95,424 --------- C:\WINNT\system32\drivers\slnthal.sys
2007-05-06 22:44 9,728 --------- C:\WINNT\system32\comsdupd.exe
2007-05-06 22:44 870,784 --a------ C:\WINNT\system32\ati3d1ag.dll
2007-05-06 22:44 8,192 --------- C:\WINNT\system32\bitsprx2.dll
2007-05-06 22:44 78,464 --------- C:\WINNT\system32\drivers\usbvideo.sys
2007-05-06 22:44 78,336 --a------ C:\WINNT\system32\ieencode.dll
2007-05-06 22:44 73,216 --------- C:\WINNT\system32\drivers\atintuxx.sys
2007-05-06 22:44 71,680 --------- C:\WINNT\system32\blastcln.exe
2007-05-06 22:44 7,168 --------- C:\WINNT\system32\hccoin.dll
2007-05-06 22:44 7,168 --------- C:\WINNT\system32\bitsprx3.dll
2007-05-06 22:44 685,056 --------- C:\WINNT\system32\drivers\hsfcxts2.sys
2007-05-06 22:44 67,584 --------- C:\WINNT\system32\drivers\sdbus.sys
2007-05-06 22:44 63,663 --------- C:\WINNT\system32\drivers\ati1rvxx.sys
2007-05-06 22:44 63,488 --------- C:\WINNT\system32\drivers\atinxsxx.sys
2007-05-06 22:44 60,416 --------- C:\WINNT\system32\fwcfg.dll
2007-05-06 22:44 6,016 --------- C:\WINNT\system32\drivers\smbali.sys
2007-05-06 22:44 59,648 --------- C:\WINNT\system32\drivers\rfcomm.sys
2007-05-06 22:44 57,856 --------- C:\WINNT\system32\drivers\atinbtxx.sys
2007-05-06 22:44 56,623 --------- C:\WINNT\system32\drivers\ati1btxx.sys
2007-05-06 22:44 52,224 --------- C:\WINNT\system32\drivers\atinraxx.sys
2007-05-06 22:44 50,688 --------- C:\WINNT\system32\btpanui.dll
2007-05-06 22:44 46,464 --------- C:\WINNT\system32\drivers\gagp30kx.sys
2007-05-06 22:44 452,736 --------- C:\WINNT\system32\drivers\mtxparhm.sys
2007-05-06 22:44 44,928 --------- C:\WINNT\system32\drivers\agpcpq.sys
2007-05-06 22:44 44,672 --------- C:\WINNT\system32\drivers\uagp35.sys
2007-05-06 22:44 43,008 --------- C:\WINNT\system32\drivers\amdagp.sys
2007-05-06 22:44 42,752 --------- C:\WINNT\system32\drivers\alim1541.sys
2007-05-06 22:44 42,368 --------- C:\WINNT\system32\drivers\agp440.sys
2007-05-06 22:44 42,240 --------- C:\WINNT\system32\drivers\viaagp.sys
2007-05-06 22:44 41,344 --------- C:\WINNT\system32\drivers\amdk7.sys
2007-05-06 22:44 41,088 --------- C:\WINNT\system32\drivers\sisagp.sys
2007-05-06 22:44 404,990 --------- C:\WINNT\system32\drivers\slntamr.sys
2007-05-06 22:44 40,832 --------- C:\WINNT\system32\drivers\irbus.sys
2007-05-06 22:44 40,064 --------- C:\WINNT\system32\drivers\intelppm.sys
2007-05-06 22:44 4,255 --------- C:\WINNT\system32\drivers\adv01nt5.dll
2007-05-06 22:44 4,096 --------- C:\WINNT\system32\dsprpres.dll
2007-05-06 22:44 38,016 --------- C:\WINNT\system32\drivers\bthmodem.sys
2007-05-06 22:44 377,984 --a------ C:\WINNT\system32\ati2dvaa.dll
2007-05-06 22:44 36,463 --------- C:\WINNT\system32\drivers\ati1tuxx.sys
2007-05-06 22:44 35,456 --------- C:\WINNT\system32\drivers\bthprint.sys
2007-05-06 22:44 34,735 --------- C:\WINNT\system32\drivers\ati1xsxx.sys
2007-05-06 22:44 326,912 --------- C:\WINNT\system32\drivers\ati2mtaa.sys
2007-05-06 22:44 32,768 --a------ C:\WINNT\system32\ativtmxx.dll
2007-05-06 22:44 32,768 --------- C:\WINNT\system32\asr_pfu.exe
2007-05-06 22:44 32,285 --------- C:\WINNT\system32\hsfcisp2.dll
2007-05-06 22:44 31,744 --------- C:\WINNT\system32\drivers\atinxbxx.sys
2007-05-06 22:44 30,671 --------- C:\WINNT\system32\drivers\ati1raxx.sys
2007-05-06 22:44 30,208 --------- C:\WINNT\system32\bthserv.dll
2007-05-06 22:44 30,080 --------- C:\WINNT\system32\drivers\rndismpx.sys
2007-05-06 22:44 3,967 --------- C:\WINNT\system32\drivers\adv02nt5.dll
2007-05-06 22:44 3,901 --------- C:\WINNT\system32\drivers\siint5.dll
2007-05-06 22:44 3,775 --------- C:\WINNT\system32\drivers\adv11nt5.dll
2007-05-06 22:44 3,711 --------- C:\WINNT\system32\drivers\adv09nt5.dll
2007-05-06 22:44 3,647 --------- C:\WINNT\system32\drivers\adv07nt5.dll
2007-05-06 22:44 3,615 --------- C:\WINNT\system32\drivers\adv05nt5.dll
2007-05-06 22:44 3,135 --------- C:\WINNT\system32\drivers\adv08nt5.dll
2007-05-06 22:44 29,455 --------- C:\WINNT\system32\drivers\ati1xbxx.sys
2007-05-06 22:44 29,056 --------- C:\WINNT\system32\drivers\ip6fw.sys
2007-05-06 22:44 28,672 --------- C:\WINNT\system32\drivers\atinsnxx.sys
2007-05-06 22:44 274,304 --------- C:\WINNT\system32\drivers\bthport.sys
2007-05-06 22:44 262,784 --------- C:\WINNT\system32\drivers\http.sys
2007-05-06 22:44 26,624 --------- C:\WINNT\system32\drivers\usbehci.sys
2007-05-06 22:44 26,367 --------- C:\WINNT\system32\drivers\ati1snxx.sys
2007-05-06 22:44 25,728 --------- C:\WINNT\system32\drivers\hidbth.sys
2007-05-06 22:44 25,471 --------- C:\WINNT\system32\drivers\watv10nt.sys
2007-05-06 22:44 25,471 --------- C:\WINNT\system32\drivers\atv04nt5.dll
2007-05-06 22:44 24,576 --------- C:\WINNT\system32\httpapi.dll
2007-05-06 22:44 23,040 --a------ C:\WINNT\system32\fltmc.exe
2007-05-06 22:44 220,032 --------- C:\WINNT\system32\drivers\hsfbs2s2.sys
2007-05-06 22:44 22,271 --------- C:\WINNT\system32\drivers\watv06nt.sys
2007-05-06 22:44 21,343 --------- C:\WINNT\system32\drivers\ati1ttxx.sys
2007-05-06 22:44 21,183 --------- C:\WINNT\system32\drivers\atv01nt5.dll
2007-05-06 22:44 20,992 --------- C:\WINNT\system32\bthci.dll
2007-05-06 22:44 20,480 --------- C:\WINNT\system32\encapi.dll
2007-05-06 22:44 2,113,536 --------- C:\WINNT\system32\dxdiagn.dll
2007-05-06 22:44 193,024 --------- C:\WINNT\system32\fsquirt.exe
2007-05-06 22:44 186,368 --------- C:\WINNT\system32\encdec.dll
2007-05-06 22:44 180,360 --------- C:\WINNT\system32\drivers\ntmtlfax.sys
2007-05-06 22:44 18,944 --------- C:\WINNT\system32\drivers\bthusb.sys
2007-05-06 22:44 17,279 --------- C:\WINNT\system32\drivers\atv10nt5.dll
2007-05-06 22:44 17,024 --------- C:\WINNT\system32\drivers\bthenum.sys
2007-05-06 22:44 166,912 --------- C:\WINNT\system32\drivers\s3gnbm.sys
2007-05-06 22:44 16,896 --a------ C:\WINNT\system32\fltlib.dll
2007-05-06 22:44 15,488 --------- C:\WINNT\system32\drivers\mssmbios.sys
2007-05-06 22:44 15,423 --------- C:\WINNT\system32\drivers\ch7xxnt5.dll
2007-05-06 22:44 15,104 --------- C:\WINNT\system32\drivers\hidir.sys
2007-05-06 22:44 14,336 --------- C:\WINNT\system32\drivers\atinpdxx.sys
2007-05-06 22:44 14,336 --------- C:\WINNT\system32\auditusr.exe
2007-05-06 22:44 14,143 --------- C:\WINNT\system32\drivers\atv06nt5.dll
2007-05-06 22:44 13,824 --------- C:\WINNT\system32\drivers\atinttxx.sys
2007-05-06 22:44 13,824 --------- C:\WINNT\system32\drivers\atinmdxx.sys
2007-05-06 22:44 13,824 --------- C:\WINNT\system32\cmsetacl.dll
2007-05-06 22:44 13,776 --------- C:\WINNT\system32\drivers\recagent.sys
2007-05-06 22:44 13,568 --------- C:\WINNT\system32\drivers\wacompen.sys
2007-05-06 22:44 13,240 --------- C:\WINNT\system32\drivers\slwdmsup.sys
2007-05-06 22:44 129,535 --------- C:\WINNT\system32\drivers\slnt7554.sys
2007-05-06 22:44 128,896 --------- C:\WINNT\system32\drivers\fltmgr.sys
2007-05-06 22:44 126,686 --------- C:\WINNT\system32\drivers\mtlmnt5.sys
2007-05-06 22:44 12,800 --------- C:\WINNT\system32\spiisupd.exe
2007-05-06 22:44 12,672 --------- C:\WINNT\system32\drivers\usb8023x.sys
2007-05-06 22:44 12,672 --------- C:\WINNT\system32\drivers\mutohpen.sys
2007-05-06 22:44 12,416 --------- C:\WINNT\system32\drivers\tunmp.sys
2007-05-06 22:44 12,047 --------- C:\WINNT\system32\drivers\ati1pdxx.sys
2007-05-06 22:44 11,935 --------- C:\WINNT\system32\drivers\wadv11nt.sys
2007-05-06 22:44 11,871 --------- C:\WINNT\system32\drivers\wadv09nt.sys
2007-05-06 22:44 11,868 --------- C:\WINNT\system32\drivers\mdmxsdk.sys
2007-05-06 22:44 11,807 --------- C:\WINNT\system32\drivers\wadv07nt.sys
2007-05-06 22:44 11,615 --------- C:\WINNT\system32\drivers\ati1mdxx.sys
2007-05-06 22:44 11,359 --------- C:\WINNT\system32\drivers\atv02nt5.dll
2007-05-06 22:44 11,325 --------- C:\WINNT\system32\drivers\vchnt5.dll
2007-05-06 22:44 11,295 --------- C:\WINNT\system32\drivers\wadv08nt.sys
2007-05-06 22:44 11,136 --------- C:\WINNT\system32\drivers\sffdisk.sys
2007-05-06 22:44 104,960 --------- C:\WINNT\system32\drivers\atinrvxx.sys
2007-05-06 22:44 100,992 --------- C:\WINNT\system32\drivers\bthpan.sys
2007-05-06 22:44 10,240 --------- C:\WINNT\system32\drivers\sffp_sd.sys
2007-05-06 22:44 1,897,408 --------- C:\WINNT\system32\drivers\nv4_mini.sys
2007-05-06 22:44 1,689,088 --------- C:\WINNT\system32\d3d9.dll
2007-05-06 22:44 1,309,184 --------- C:\WINNT\system32\drivers\mtlstrm.sys
2007-05-06 22:44 1,041,536 --------- C:\WINNT\system32\drivers\hsfdpsp2.sys
2007-05-06 22:43 937,984 --------- C:\WINNT\system32\winbrand.dll
2007-05-06 22:43 88,064 --------- C:\WINNT\system32\p2pnetsh.dll
2007-05-06 22:43 86,016 --------- C:\WINNT\system32\p2pgasvc.dll
2007-05-06 22:43 86,016 --------- C:\WINNT\system32\mdmxsdk.dll
2007-05-06 22:43 81,408 --------- C:\WINNT\system32\wscsvc.dll
2007-05-06 22:43 8,192 --------- C:\WINNT\system32\smbinst.exe
2007-05-06 22:43 75,776 --------- C:\WINNT\system32\strmfilt.dll
2007-05-06 22:43 73,832 --------- C:\WINNT\system32\slcoinst.dll
2007-05-06 22:43 73,796 --------- C:\WINNT\system32\slserv.exe
2007-05-06 22:43 7,680 --------- C:\WINNT\system32\kbdsmsno.dll
2007-05-06 22:43 7,680 --------- C:\WINNT\system32\kbdsmsfi.dll
2007-05-06 22:43 7,168 --------- C:\WINNT\system32\kbdukx.dll
2007-05-06 22:43 7,168 --------- C:\WINNT\system32\kbdno1.dll
2007-05-06 22:43 7,168 --------- C:\WINNT\system32\kbdfi1.dll
2007-05-06 22:43 603,648 --------- C:\WINNT\system32\WMSPDMOD.dll
2007-05-06 22:43 6,656 --------- C:\WINNT\system32\kbdinmal.dll
2007-05-06 22:43 6,656 --------- C:\WINNT\system32\kbdinben.dll
2007-05-06 22:43 6,144 --------- C:\WINNT\system32\kbdmlt48.dll
2007-05-06 22:43 6,144 --------- C:\WINNT\system32\kbdmlt47.dll
2007-05-06 22:43 6,144 --------- C:\WINNT\system32\kbdinbe1.dll
2007-05-06 22:43 549,720 --a------ C:\WINNT\system32\wuapi.dll
2007-05-06 22:43 526,848 --------- C:\WINNT\system32\p2psvc.dll
2007-05-06 22:43 50,176 --------- C:\WINNT\system32\xmlprovi.dll
2007-05-06 22:43 5,632 --------- C:\WINNT\system32\kbdmaori.dll
2007-05-06 22:43 49,152 --------- C:\WINNT\system32\powercfg.exe
2007-05-06 22:43 48,640 --------- C:\WINNT\system32\pnrpnsp.dll
2007-05-06 22:43 440,832 --------- C:\WINNT\system32\xpob2res.dll
2007-05-06 22:43 44,032 --------- C:\WINNT\system32\twext.dll
2007-05-06 22:43 4,274,816 --------- C:\WINNT\system32\nv4_disp.dll
2007-05-06 22:43 4,096 --------- C:\WINNT\system32\wmvdmoe2.dll
2007-05-06 22:43 4,096 --------- C:\WINNT\system32\wmsdmoe2.dll
2007-05-06 22:43 4,096 --------- C:\WINNT\system32\MP4SDMOD.dll
2007-05-06 22:43 4,096 --------- C:\WINNT\system32\MP43DMOD.dll
2007-05-06 22:43 397,056 --------- C:\WINNT\system32\s3gnb.dll
2007-05-06 22:43 351,232 --------- C:\WINNT\system32\winhttp.dll
2007-05-06 22:43 33,624 --a------ C:\WINNT\system32\wups.dll
2007-05-06 22:43 325,976 --a------ C:\WINNT\system32\wucltui.dll
2007-05-06 22:43 32,866 --------- C:\WINNT\system32\slrundll.exe
2007-05-06 22:43 32,866 --------- C:\WINNT\slrundll.exe
2007-05-06 22:43 314,880 --------- C:\WINNT\system32\wmpdxm.dll
2007-05-06 22:43 312,320 --------- C:\WINNT\system32\p2pgraph.dll
2007-05-06 22:43 29,184 --------- C:\WINNT\system32\sdhcinst.dll
2007-05-06 22:43 286,792 --------- C:\WINNT\system32\slextspk.dll
2007-05-06 22:43 270,848 --------- C:\WINNT\system32\sbe.dll
2007-05-06 22:43 27,136 --------- C:\WINNT\system32\mspmsnsv.dll
2007-05-06 22:43 242,688 --------- C:\WINNT\system32\wmpasf.dll
2007-05-06 22:43 229,376 --------- C:\WINNT\system32\wmerror.dll
2007-05-06 22:43 203,096 --a------ C:\WINNT\system32\wuweb.dll
2007-05-06 22:43 2,921,984 --------- C:\WINNT\system32\xpsp2res.dll
2007-05-06 22:43 194,840 --a------ C:\WINNT\system32\wuaueng1.dll
2007-05-06 22:43 188,508 --------- C:\WINNT\system32\slgen.dll
2007-05-06 22:43 186,368 --------- C:\WINNT\system32\xpsp1res.dll
2007-05-06 22:43 173,848 --a------ C:\WINNT\system32\wuauclt1.exe
2007-05-06 22:43 17,408 --------- C:\WINNT\system32\winshfhc.dll
2007-05-06 22:43 159,232 --------- C:\WINNT\system32\sbeio.dll
2007-05-06 22:43 157,184 --------- C:\WINNT\system32\wmidx.dll
2007-05-06 22:43 15,872 --------- C:\WINNT\system32\w3ssl.dll
2007-05-06 22:43 134,656 --------- C:\WINNT\system32\mssap.dll
2007-05-06 22:43 13,824 --------- C:\WINNT\system32\wscntfy.exe
2007-05-06 22:43 129,536 --------- C:\WINNT\system32\xmlprov.dll
2007-05-06 22:43 118,784 --------- C:\WINNT\system32\msdadiag.dll
2007-05-06 22:43 116,224 --------- C:\WINNT\system32\p2p.dll
2007-05-06 22:43 108,032 --------- C:\WINNT\system32\wshbth.dll
2007-05-06 22:43 1,737,856 --------- C:\WINNT\system32\mtxparhd.dll
2007-05-06 22:43 1,329,152 --------- C:\WINNT\system32\WMSPDMOE.dll
2007-05-06 22:43 <KANSIO> d-------- C:\WINNT\provisioning
2007-05-06 22:43 <KANSIO> d-------- C:\WINNT\peernet
2007-05-06 22:42 <KANSIO> d-------- C:\WINNT\ServicePackFiles
2007-05-06 22:39 23,856 --a------ C:\WINNT\system32\spupdsvc.exe
2007-05-06 22:38 <KANSIO> d-------- C:\WINNT\EHome
2007-05-06 22:26 <KANSIO> d--h-c--- C:\WINNT\$MSI30UninstallMSI30-KB884016$
2007-05-06 21:49 <KANSIO> d-------- C:\DOCUME~1\TUOMAS~1\APPLIC~1\Help
2007-05-06 21:46 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-05-06 21:39 75,512 --a------ C:\WINNT\zllsputility.exe
2007-05-06 21:39 4,212 ---h----- C:\WINNT\system32\zllictbl.dat
2007-05-06 21:39 11,264 --a------ C:\WINNT\system32\SpOrder.dll
2007-05-06 21:39 1,087,216 --a------ C:\WINNT\system32\zpeng24.dll
2007-05-06 21:39 <KANSIO> d-------- C:\WINNT\system32\ZoneLabs
2007-05-06 21:38 499,712 --a------ C:\WINNT\system32\MSVCP71.dll
2007-05-06 21:38 348,160 --a------ C:\WINNT\system32\MSVCR71.dll
2007-05-06 21:38 1,060,864 --a------ C:\WINNT\system32\MFC71.dll
2007-05-06 21:38 <KANSIO> d-------- C:\WINNT\Internet Logs
2007-05-06 21:38 <KANSIO> d-------- C:\Program Files\Alwil Software
2007-05-06 21:36 306,688 --a------ C:\WINNT\IsUninst.exe
2007-05-06 21:36 <KANSIO> d-------- C:\WINNT\Profiles
2007-05-06 21:36 <KANSIO> d-------- C:\DOCUME~1\TUOMAS~1\APPLIC~1\InterTrust
2007-05-06 21:32 <KANSIO> d-------- C:\ATI
2007-05-06 21:11 641,808 --a------ C:\WINNT\system32\xiffr3_0.dll
2007-05-06 21:11 62,224 --a------ C:\WINNT\system32\oiui400.dll
2007-05-06 21:11 61,712 --a------ C:\WINNT\system32\imgcmn.dll
2007-05-06 21:11 444,176 --a------ C:\WINNT\system32\oieng400.dll
2007-05-06 21:11 38,160 --a------ C:\WINNT\system32\jpeg2x32.dll
2007-05-06 21:11 337,680 --a------ C:\WINNT\system32\cdplayer.exe
2007-05-06 21:11 33,552 --a------ C:\WINNT\system32\tifflt.dll
2007-05-06 21:11 27,920 --a------ C:\WINNT\system32\jpeg1x32.dll
2007-05-06 21:11 25,872 --a------ C:\WINNT\system32\oitwa400.dll
2007-05-06 21:11 21,776 --a------ C:\WINNT\system32\oislb400.dll
2007-05-06 21:11 144,656 --a------ C:\WINNT\system32\msdtcui.dll
2007-05-06 21:11 13,584 --a------ C:\WINNT\system32\imgshl.dll
2007-05-06 21:11 13,072 --a------ C:\WINNT\system32\oissq400.dll
2007-05-06 21:11 13,072 --a------ C:\WINNT\system32\oiprt400.dll
2007-05-06 21:11 <KANSIO> d-------- C:\WINNT\system32\Com
2007-05-06 21:11 <KANSIO> d-------- C:\Program Files\Windows NT
2007-05-06 21:11 <KANSIO> d-------- C:\Program Files\Accessories
2007-05-06 21:03 69,856 --a------ C:\WINNT\system\AVICAP.DLL
2007-05-06 21:03 5,392 --a------ C:\WINNT\delttsul.exe
2007-05-06 21:03 <KANSIO> dra------ C:\Program Files
2007-05-06 21:03 <KANSIO> dra------ C:\DOCUME~1\ALLUSE~1\Tiedostot
2007-05-06 21:03 <KANSIO> dr------- C:\DOCUME~1\DEFAUL~1\K„ynnist„-valikko
2007-05-06 21:03 <KANSIO> dr------- C:\DOCUME~1\ALLUSE~1\K„ynnist„-valikko
2007-05-06 21:03 <KANSIO> d-a------ C:\WINNT\system32\CatRoot
2007-05-06 21:03 <KANSIO> d-a------ C:\WINNT\Speech
2007-05-06 21:03 <KANSIO> d-a------ C:\Program Files\Common Files\ODBC
2007-05-06 21:03 <KANSIO> d-a------ C:\Documents and Settings
2007-05-06 21:03 <KANSIO> d--h----- C:\DOCUME~1\DEFAUL~1\Verkkoymp„rist”
2007-05-06 21:03 <KANSIO> d--h----- C:\DOCUME~1\DEFAUL~1\Mallit
2007-05-06 21:03 <KANSIO> d--h----- C:\DOCUME~1\DEFAUL~1\Kirjoitinymp„rist”
2007-05-06 21:03 <KANSIO> d--h----- C:\DOCUME~1\ALLUSE~1\Mallit
2007-05-06 21:03 <KANSIO> d-------- C:\DOCUME~1\DEFAUL~1\Ty”p”yt„
2007-05-06 21:03 <KANSIO> d-------- C:\DOCUME~1\DEFAUL~1\Suosikit
2007-05-06 21:03 <KANSIO> d-------- C:\DOCUME~1\DEFAUL~1\Omat tiedostot
2007-05-06 21:03 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\Ty”p”yt„
2007-05-06 21:03 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\Suosikit
2007-05-06 20:58 83,968 -ra------ C:\WINNT\system32\nvraidservice.exe
2007-05-06 20:58 8,192 -ra------ C:\WINNT\system32\bdco1.dll
2007-05-06 20:58 79,360 -ra------ C:\WINNT\system32\drivers\nvatabus.sys
2007-05-06 20:58 74,240 -ra------ C:\WINNT\system32\NvRaidWizardEnu.dll
2007-05-06 20:58 68,224 -ra------ C:\WINNT\system32\drivers\nvraid.sys
2007-05-06 20:58 6,144 -ra------ C:\WINNT\system32\NvRaidSvEnu.dll
2007-05-06 20:58 56,960 -ra------ C:\WINNT\system32\drivers\nvnrm.sys
2007-05-06 20:58 396,800 -ra------ C:\WINNT\system32\NvRaidWizard.dll
2007-05-06 20:58 33,280 -ra------ C:\WINNT\system32\drivers\NVENETFD.sys
2007-05-06 20:58 32,256 -ra------ C:\WINNT\system32\nvconrm.dll
2007-05-06 20:58 32,256 -ra------ C:\WINNT\system32\NVCOG.DLL
2007-05-06 20:58 294,400 -ra------ C:\WINNT\system32\idecoi.dll
2007-05-06 20:58 244,224 -ra------ C:\WINNT\system32\NvRaidMan.exe
2007-05-06 20:58 21,760 -ra------ C:\WINNT\system32\drivers\nv_agp.SYS
2007-05-06 20:58 20,480 -ra------ C:\WINNT\system32\NvRaidEnu.dll
2007-05-06 20:58 198,656 -ra------ C:\WINNT\system32\fdco1.dll
2007-05-06 20:58 191,232 -ra------ C:\WINNT\system32\drivers\nvsnpu.sys
2007-05-06 20:58 18,432 --a------ C:\WINNT\system32\nvraidco.dll
2007-05-06 20:58 172,032 -ra------ C:\WINNT\system32\nvusmb.exe
2007-05-06 20:58 172,032 -ra------ C:\WINNT\system32\nvuide.exe
2007-05-06 20:58 172,032 --a------ C:\WINNT\system32\nvunrm.exe
2007-05-06 20:58 172,032 --a------ C:\WINNT\system32\NVUNINST.EXE
2007-05-06 20:58 172,032 --a------ C:\WINNT\system32\nvugart.exe
2007-05-06 20:58 12,928 -ra------ C:\WINNT\system32\drivers\nvnetbus.sys
2007-05-06 20:57 38,912 --a------ C:\WINNT\system32\drivers\AmdK8.sys
2007-05-06 20:57 <KANSIO> d-------- C:\WINNT\system32\ReinstallBackups
2007-05-06 20:57 <KANSIO> d-------- C:\Program Files\AMD
2007-05-06 20:56 9,389,568 -ra------ C:\WINNT\system32\RTLCPL.EXE
2007-05-06 20:56 77,824 -ra------ C:\WINNT\SOUNDMAN.EXE
2007-05-06 20:56 60,288 --a------ C:\WINNT\system32\drivers\drmk.sys
2007-05-06 20:56 48,640 --a------ C:\WINNT\system32\drivers\stream.sys
2007-05-06 20:56 40,960 -r------- C:\WINNT\system32\ChCfg.exe
2007-05-06 20:56 4,096 --a------ C:\WINNT\system32\ksuser.dll
2007-05-06 20:56 294,912 -r------- C:\WINNT\alcupd.exe
2007-05-06 20:56 200,704 -r------- C:\WINNT\alcrmv.exe
2007-05-06 20:56 2,319,680 -ra------ C:\WINNT\system32\drivers\ALCXWDM.SYS
2007-05-06 20:56 156,672 -ra------ C:\WINNT\system32\RTLCPAPI.dll
2007-05-06 20:56 145,792 --a------ C:\WINNT\system32\drivers\portcls.sys
2007-05-06 20:56 140,928 --a------ C:\WINNT\system32\drivers\ks.sys
2007-05-06 20:56 1,360 -r------- C:\WINNT\system32\drivers\alcxinit.dat
2007-05-06 20:56 <KANSIO> d--h----- C:\Program Files\InstallShield Installation Information
2007-05-06 20:56 <KANSIO> d-------- C:\Program Files\Realtek Sound Manager
2007-05-06 20:56 <KANSIO> d-------- C:\Program Files\Common Files\InstallShield
2007-05-06 20:56 <KANSIO> d-------- C:\Program Files\AvRack
2007-05-06 20:51 5,824 --a------ C:\WINNT\system32\drivers\ASUSHWIO.SYS
2007-05-06 20:40 1,048,576 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-05-06 20:40 1,048,576 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-05-06 20:37 <KANSIO> d-------- C:\WINNT\system32\xircom
2007-05-06 20:36 <KANSIO> d-------- C:\WINNT\system32\Macromed
2007-05-06 20:36 <KANSIO> d-------- C:\WINNT\system32\DirectX
2007-05-06 20:36 <KANSIO> d-------- C:\WINNT\srchasst
2007-05-06 20:35 86,016 --a------ C:\WINNT\system32\isign32.dll
2007-05-06 20:35 81,920 --a------ C:\WINNT\system32\ils.dll
2007-05-06 20:35 73,728 --a------ C:\WINNT\system32\icwdial.dll
2007-05-06 20:35 73,472 --a------ C:\WINNT\system32\drivers\sr.sys
2007-05-06 20:35 69,632 --a------ C:\WINNT\system32\msconf.dll
2007-05-06 20:35 679,424 --a------ C:\WINNT\system32\inetcomm.dll
2007-05-06 20:35 67,584 --a------ C:\WINNT\system32\srclient.dll
2007-05-06 20:35 65,536 --a------ C:\WINNT\system32\icwphbk.dll
2007-05-06 20:35 64,512 --a------ C:\WINNT\system32\acctres.dll
2007-05-06 20:35 48,640 --a------ C:\WINNT\system32\inetres.dll
2007-05-06 20:35 45,568 --a------ C:\WINNT\system32\safrslv.dll
2007-05-06 20:35 43,520 --a------ C:\WINNT\system32\safrcdlg.dll
2007-05-06 20:35 43,520 --a------ C:\WINNT\system32\racpldlg.dll
2007-05-06 20:35 382,464 --a------ C:\WINNT\system32\qmgr.dll
2007-05-06 20:35 34,560 --a------ C:\WINNT\system32\mnmdd.dll
2007-05-06 20:35 32,768 --a------ C:\WINNT\system32\mnmsrvc.exe
2007-05-06 20:35 32,768 --a------ C:\WINNT\system32\isrdbg32.dll
2007-05-06 20:35 29,696 --a------ C:\WINNT\system32\safrdm.dll
2007-05-06 20:35 28,672 --a------ C:\WINNT\system32\nmmkcert.dll
2007-05-06 20:35 278,528 --a------ C:\WINNT\system32\inetcfg.dll
2007-05-06 20:35 276,480 --a------ C:\WINNT\system32\mstask.dll
2007-05-06 20:35 252,928 --a------ C:\WINNT\system32\msoeacct.dll
2007-05-06 20:35 240,640 --a------ C:\WINNT\system32\srrstr.dll
2007-05-06 20:35 190,976 --a------ C:\WINNT\system32\schedsvc.dll
2007-05-06 20:35 18,944 --a------ C:\WINNT\system32\qmgrprxy.dll
2007-05-06 20:35 170,496 --a------ C:\WINNT\system32\srsvc.dll
2007-05-06 20:35 16,384 --a------ C:\WINNT\system32\icfgnt5.dll
2007-05-06 20:35 12,288 --a------ C:\WINNT\system32\nmevtmsg.dll
2007-05-06 20:35 12,288 --a------ C:\WINNT\system32\mstinit.exe
2007-05-06 20:35 11,264 --a------ C:\WINNT\system32\atrace.dll
2007-05-06 20:35 105,984 --a------ C:\WINNT\system32\msoert2.dll
2007-05-06 20:35 <KANSIO> d-------- C:\WINNT\system32\Restore
2007-05-06 20:35 <KANSIO> d-------- C:\WINNT\PCHEALTH
2007-05-06 20:35 <KANSIO> d-------- C:\Program Files\Movie Maker
2007-05-06 20:35 <KANSIO> d-------- C:\Program Files\Common Files\MSSoap
2007-05-06 20:34 <KANSIO> d--h----- C:\Program Files\WindowsUpdate
2007-05-06 20:34 <KANSIO> d-------- C:\WINNT\system32\FxsTmp
2007-05-06 20:34 <KANSIO> d-------- C:\Program Files\Online Services
2007-05-06 20:33 97,792 --a------ C:\WINNT\system32\comrepl.dll
2007-05-06 20:33 956,416 --a------ C:\WINNT\system32\msdtctm.dll
2007-05-06 20:33 93,696 --a------ C:\WINNT\system32\tscfgwmi.dll
2007-05-06 20:33 91,136 --a------ C:\WINNT\system32\mtxoci.dll
2007-05-06 20:33 9,728 --a------ C:\WINNT\system32\reset.exe
2007-05-06 20:33 87,176 --a------ C:\WINNT\system32\rdpwsx.dll
2007-05-06 20:33 85,504 --a------ C:\WINNT\system32\catsrvps.dll
2007-05-06 20:33 80,896 --a------ C:\WINNT\system32\charmap.exe
2007-05-06 20:33 8,704 --a------ C:\WINNT\system32\fxsperf.dll
2007-05-06 20:33 73,216 --a------ C:\WINNT\system32\avwav.dll
2007-05-06 20:33 72,192 --a------ C:\WINNT\system32\fxscom.dll
2007-05-06 20:33 67,072 --a------ C:\WINNT\system32\rdshost.exe
2007-05-06 20:33 655,360 --a------ C:\WINNT\system32\mstscax.dll
2007-05-06 20:33 625,152 --a------ C:\WINNT\system32\catsrvut.dll
2007-05-06 20:33 62,464 --a------ C:\WINNT\system32\rdpclip.exe
2007-05-06 20:33 605,696 --a------ C:\WINNT\system32\getuname.dll
2007-05-06 20:33 60,416 --a------ C:\WINNT\system32\remotepg.dll
2007-05-06 20:33 60,416 --a------ C:\WINNT\system32\colbact.dll
2007-05-06 20:33 6,656 --a------ C:\WINNT\system32\wuauserv.dll
2007-05-06 20:33 6,656 --a------ C:\WINNT\system32\fxsres.dll
2007-05-06 20:33 6,144 --a------ C:\WINNT\system32\msdtc.exe
2007-05-06 20:33 58,880 --a------ C:\WINNT\system32\msdtclog.dll
2007-05-06 20:33 58,880 --a------ C:\WINNT\system32\licwmi.dll
2007-05-06 20:33 57,344 --a------ C:\WINNT\system32\fxsevent.dll
2007-05-06 20:33 562,176 --a------ C:\WINNT\system32\fxsst.dll
2007-05-06 20:33 56,832 --a------ C:\WINNT\system32\sol.exe
2007-05-06 20:33 56,320 --a------ C:\WINNT\system32\servdeps.dll
2007-05-06 20:33 55,296 --a------ C:\WINNT\system32\freecell.exe
2007-05-06 20:33 540,160 --a------ C:\WINNT\system32\comuid.dll
2007-05-06 20:33 54,272 --a------ C:\WINNT\system32\stclient.dll
2007-05-06 20:33 538,624 --a------ C:\WINNT\system32\spider.exe
2007-05-06 20:33 53,080 --a------ C:\WINNT\system32\wuauclt.exe
2007-05-06 20:33 5,632 --a------ C:\WINNT\system32\write.exe
2007-05-06 20:33 5,120 --a------ C:\WINNT\system32\dcomcnfg.exe
2007-05-06 20:33 498,688 --a------ C:\WINNT\system32\clbcatq.dll
2007-05-06 20:33 452,096 --a------ C:\WINNT\system32\fxsapi.dll
2007-05-06 20:33 44,544 --a------ C:\WINNT\system32\tscupgrd.exe
2007-05-06 20:33 44,544 --a------ C:\WINNT\system32\hticons.dll
2007-05-06 20:33 426,496 --a------ C:\WINNT\system32\msdtcprx.dll
2007-05-06 20:33 404,992 --a------ C:\WINNT\system32\mstsc.exe
2007-05-06 20:33 400,384 --a------ C:\WINNT\system32\fxsxp32.dll
2007-05-06 20:33 40,840 --a------ C:\WINNT\system32\drivers\termdd.sys
2007-05-06 20:33 4,096 --a------ C:\WINNT\system32\rdpcfgex.dll
2007-05-06 20:33 4,096 --a------ C:\WINNT\system32\mtxex.dll
2007-05-06 20:33 397,312 --a------ C:\WINNT\system32\fxstiff.dll
2007-05-06 20:33 39,424 --a------ C:\WINNT\system32\cfgbkend.dll
2007-05-06 20:33 350,208 --a------ C:\WINNT\system32\hypertrm.dll
2007-05-06 20:33 35,328 --a------ C:\WINNT\system32\winchat.exe
2007-05-06 20:33 344,064 --a------ C:\WINNT\system32\mspaint.exe
2007-05-06 20:33 33,792 --a------ C:\WINNT\system32\regini.exe
2007-05-06 20:33 31,744 --a------ C:\WINNT\system32\fxsroute.dll
2007-05-06 20:33 295,424 --a------ C:\WINNT\system32\termsrv.dll
2007-05-06 20:33 285,184 --a------ C:\WINNT\system32\fxscomex.dll
2007-05-06 20:33 27,136 --a------ C:\WINNT\system32\fxsdrv.dll
2007-05-06 20:33 268,800 --a------ C:\WINNT\system32\fxssvc.exe
2007-05-06 20:33 25,600 --a------ C:\WINNT\system32\comaddin.dll
2007-05-06 20:33 25,088 --a------ C:\WINNT\system32\mtxlegih.dll
2007-05-06 20:33 246,272 --a------ C:\WINNT\system32\fxst30.dll
2007-05-06 20:33 231,936 --a------ C:\WINNT\system32\fxscover.exe
2007-05-06 20:33 23,552 --a------ C:\WINNT\system32\fxsmon.dll
2007-05-06 20:33 23,552 --a------ C:\WINNT\system32\fxsext32.dll
2007-05-06 20:33 227,840 --a------ C:\WINNT\system32\avtapi.dll
2007-05-06 20:33 225,792 --a------ C:\WINNT\system32\catsrv.dll
2007-05-06 20:33 22,016 --a------ C:\WINNT\system32\qwinsta.exe
2007-05-06 20:33 21,896 --a------ C:\WINNT\system32\drivers\tdtcp.sys
2007-05-06 20:33 21,504 --a------ C:\WINNT\system32\msg.exe
2007-05-06 20:33 20,480 --a------ C:\WINNT\system32\qprocess.exe
2007-05-06 20:33 20,480 --a------ C:\WINNT\system32\mtxdm.dll
2007-05-06 20:33 196,864 --a------ C:\WINNT\system32\drivers\rdpdr.sys
2007-05-06 20:33 194,048 --a------ C:\WINNT\system32\fxswzrd.dll
2007-05-06 20:33 19,968 --a------ C:\WINNT\system32\rdpsnd.dll
2007-05-06 20:33 186,368 --a------ C:\WINNT\system32\accwiz.exe
2007-05-06 20:33 185,344 --a------ C:\WINNT\system32\cmprops.dll
2007-05-06 20:33 17,408 --a------ C:\WINNT\system32\tsshutdn.exe
2007-05-06 20:33 17,408 --a------ C:\WINNT\system32\mmfutil.dll
2007-05-06 20:33 161,280 --a------ C:\WINNT\system32\msdtcuiu.dll
2007-05-06 20:33 16,896 --a------ C:\WINNT\system32\qappsrv.exe
2007-05-06 20:33 16,384 --a------ C:\WINNT\system32\tskill.exe
2007-05-06 20:33 16,384 --a------ C:\WINNT\system32\avmeter.dll
2007-05-06 20:33 155,136 --a------ C:\WINNT\system32\fxsui.dll
2007-05-06 20:33 15,872 --a------ C:\WINNT\system32\rwinsta.exe
2007-05-06 20:33 15,872 --a------ C:\WINNT\system32\cdmodem.dll
2007-05-06 20:33 15,360 --a------ C:\WINNT\system32\tscon.exe
2007-05-06 20:33 15,360 --a------ C:\WINNT\system32\logoff.exe
2007-05-06 20:33 147,968 --a------ C:\WINNT\system32\rdchost.dll
2007-05-06 20:33 147,456 --a------ C:\WINNT\system32\comsnap.dll
2007-05-06 20:33 143,360 --a------ C:\WINNT\system32\fxsclnt.exe
2007-05-06 20:33 140,800 --a------ C:\WINNT\system32\sessmgr.exe
2007-05-06 20:33 14,848 --a------ C:\WINNT\system32\tsdiscon.exe
2007-05-06 20:33 14,848 --a------ C:\WINNT\system32\shadow.exe
2007-05-06 20:33 139,528 --a------ C:\WINNT\system32\drivers\rdpwd.sys
2007-05-06 20:33 138,752 --a------ C:\WINNT\system32\sndvol32.exe
2007-05-06 20:33 135,680 --a------ C:\WINNT\system32\fxsclntR.dll
2007-05-06 20:33 131,584 --a------ C:\WINNT\system32\sndrec32.exe
2007-05-06 20:33 13,824 --a------ C:\WINNT\system32\rdsaddin.exe
2007-05-06 20:33 126,976 --a------ C:\WINNT\system32\mshearts.exe
2007-05-06 20:33 123,392 --a------ C:\WINNT\system32\mplay32.exe
2007-05-06 20:33 12,040 --a------ C:\WINNT\system32\drivers\tdpipe.sys
2007-05-06 20:33 119,808 --a------ C:\WINNT\system32\winmine.exe
2007-05-06 20:33 114,688 --a------ C:\WINNT\system32\calc.exe
2007-05-06 20:33 111,616 --a------ C:\WINNT\system32\fxscfgwz.dll
2007-05-06 20:33 110,080 --a------ C:\WINNT\system32\clbcatex.dll
2007-05-06 20:33 11,776 --a------ C:\WINNT\system32\xolehlp.dll
2007-05-06 20:33 11,264 --a------ C:\WINNT\system32\icaapi.dll
2007-05-06 20:33 11,264 --a------ C:\WINNT\system32\fxssend.exe
2007-05-06 20:33 102,400 --a------ C:\WINNT\system32\clipbrd.exe
2007-05-06 20:33 1,710,936 --a------ C:\WINNT\system32\wuaueng.dll
2007-05-06 20:33 1,267,200 --a------ C:\WINNT\system32\comsvcs.dll
2007-05-06 20:33 1,161 --a------ C:\WINNT\system32\usrlogon.cmd
2007-05-06 20:33 <KANSIO> d-------- C:\WINNT\system32\MsDtc
2007-05-06 20:33 <KANSIO> d-------- C:\Program Files\MSN Gaming Zone
2007-05-06 20:33 <KANSIO> d-------- C:\Program Files\Messenger
2007-05-06 20:32 6,400 --a------ C:\WINNT\system32\drivers\splitter.sys
2007-05-06 20:32 52,864 --a------ C:\WINNT\system32\drivers\dmusic.sys
2007-05-06 20:31 57,216 --a------ C:\WINNT\system32\drivers\redbook.sys
2007-05-06 20:30 30,282 --a------ C:\WINNT\system32\drivers\pcntn5hl.sys
2007-05-06 20:30 2,944 --a------ C:\WINNT\system32\drivers\msmpu401.sys
2007-05-06 20:29 3,072 --a------ C:\WINNT\system32\drivers\audstub.sys
2007-05-06 20:28 8,192 -ra------ C:\WINNT\system32\kbdhept.dll
2007-05-06 20:28 74,240 --a------ C:\WINNT\system32\storprop.dll
2007-05-06 20:28 7,168 -ra------ C:\WINNT\system32\kbdcz.dll
2007-05-06 20:28 6,656 -ra------ C:\WINNT\system32\kbdycl.dll
2007-05-06 20:28 6,656 -ra------ C:\WINNT\system32\kbdsl1.dll
2007-05-06 20:28 6,656 -ra------ C:\WINNT\system32\kbdsl.dll
2007-05-06 20:28 6,656 -ra------ C:\WINNT\system32\kbdpl.dll
2007-05-06 20:28 6,656 -ra------ C:\WINNT\system32\kbdhu.dll
2007-05-06 20:28 6,656 -ra------ C:\WINNT\system32\kbdhela3.dll
2007-05-06 20:28 6,656 -ra------ C:\WINNT\system32\kbdcz2.dll
2007-05-06 20:28 6,656 -ra------ C:\WINNT\system32\kbdcz1.dll
2007-05-06 20:28 6,656 -ra------ C:\WINNT\system32\kbdcr.dll
2007-05-06 20:28 6,656 -ra------ C:\WINNT\system32\KBDAL.DLL
2007-05-06 20:28 6,144 -ra------ C:\WINNT\system32\kbdtuq.dll
2007-05-06 20:28 6,144 -ra------ C:\WINNT\system32\kbdtuf.dll
2007-05-06 20:28 6,144 -ra------ C:\WINNT\system32\kbdlv1.dll
2007-05-06 20:28 6,144 -ra------ C:\WINNT\system32\kbdlv.dll
2007-05-06 20:28 6,144 -ra------ C:\WINNT\system32\kbdhela2.dll
2007-05-06 20:28 6,144 -ra------ C:\WINNT\system32\kbdgkl.dll
2007-05-06 20:28 6,144 -ra------ C:\WINNT\system32\kbdest.dll
2007-05-06 20:28 5,632 -ra------ C:\WINNT\system32\kbdro.dll
2007-05-06 20:28 5,632 -ra------ C:\WINNT\system32\kbdpl1.dll
2007-05-06 20:28 5,632 -ra------ C:\WINNT\system32\kbdmon.dll
2007-05-06 20:28 5,632 -ra------ C:\WINNT\system32\kbdlt1.dll
2007-05-06 20:28 5,632 -ra------ C:\WINNT\system32\kbdlt.dll
2007-05-06 20:28 5,632 -ra------ C:\WINNT\system32\kbdkyr.dll
2007-05-06 20:28 5,632 -ra------ C:\WINNT\system32\kbdhu1.dll
2007-05-06 20:28 5,632 -ra------ C:\WINNT\system32\kbdhe319.dll
2007-05-06 20:28 5,632 -ra------ C:\WINNT\system32\kbdhe220.dll
2007-05-06 20:28 5,632 -ra------ C:\WINNT\system32\kbdhe.dll
2007-05-06 20:28 5,632 -ra------ C:\WINNT\system32\kbdazel.dll
2007-05-06 20:28 24,661 --a------ C:\WINNT\system32\spxcoins.dll
2007-05-06 20:28 176,157 --a------ C:\WINNT\system32\dgrpsetu.dll
2007-05-06 20:28 13,312 --a------ C:\WINNT\system32\irclass.dll
2007-05-06 20:28 11,264 --a------ C:\WINNT\system32\drivers\irenum.sys
2007-05-06 20:28 103,424 --a------ C:\WINNT\system32\EqnClass.Dll
2007-05-06 20:28 <KANSIO> d--h----- C:\DOCUME~1\DEFAUL~1\Tulostinymp„rist”
2007-05-06 20:28 <KANSIO> d-------- C:\WINNT\system32\CatRoot2
2007-05-06 20:28 <KANSIO> d-------- C:\Program Files\Common Files\SpeechEngines
2007-05-06 20:18 <KANSIO> d--hs---- C:\WINNT\Installer
2007-05-06 20:18 <KANSIO> d-------- C:\WINNT\system32\NtmsData
2007-05-06 20:17 3,932,160 --ah----- C:\Documents and Settings\TUOMAS~1\NTUSER.DAT
2007-05-06 20:17 3,932,160 --ah----- C:\DOCUME~1\TUOMAS~1\NTUSER.DAT
2007-05-06 20:17 <KANSIO> dr------- C:\Documents and Settings\TUOMAS~1\Suosikit
2007-05-06 20:17 <KANSIO> dr------- C:\Documents and Settings\TUOMAS~1\Omat tiedostot
2007-05-06 20:17 <KANSIO> dr------- C:\DOCUME~1\TUOMAS~1\Suosikit
2007-05-06 20:17 <KANSIO> dr------- C:\DOCUME~1\TUOMAS~1\Omat tiedostot
2007-05-06 20:17 <KANSIO> d--hs---- C:\System Volume Information
2007-05-06 20:17 <KANSIO> d--h----- C:\WINNT\system32\GroupPolicy
2007-05-06 20:17 <KANSIO> d--h----- C:\Documents and Settings\TUOMAS~1\Verkkoymp„rist”
2007-05-06 20:17 <KANSIO> d--h----- C:\Documents and Settings\TUOMAS~1\Mallit
2007-05-06 20:17 <KANSIO> d--h----- C:\Documents and Settings\TUOMAS~1\Kirjoitinymp„rist”
2007-05-06 20:17 <KANSIO> d--h----- C:\DOCUME~1\TUOMAS~1\Verkkoymp„rist”
2007-05-06 20:17 <KANSIO> d--h----- C:\DOCUME~1\TUOMAS~1\Mallit
2007-05-06 20:17 <KANSIO> d--h----- C:\DOCUME~1\TUOMAS~1\Kirjoitinymp„rist”
2007-05-06 20:17 <KANSIO> d-------- C:\WINNT\CSC
2007-05-06 20:17 <KANSIO> d-------- C:\Documents and Settings\TUOMAS~1\Ty”p”yt„
2007-05-06 20:17 <KANSIO> d-------- C:\Documents and Settings\TUOMAS~1\K„ynnist„-valikko
2007-05-06 20:17 <KANSIO> d-------- C:\DOCUME~1\TUOMAS~1\Ty”p”yt„
2007-05-06 20:17 <KANSIO> d-------- C:\DOCUME~1\TUOMAS~1\K„ynnist„-valikko
2007-05-06 20:14 262,144 --ah----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-05-06 20:14 0 -rahs---- C:\MSDOS.SYS
2007-05-06 20:14 0 -rahs---- C:\IO.SYS
2007-05-06 20:14 0 --ah----- C:\CONFIG.SYS
2007-05-06 20:14 0 --------- C:\AUTOEXEC.BAT
2007-05-06 20:14 <KANSIO> d-------- C:\WINNT\system32\rpcproxy
2007-05-06 20:14 <KANSIO> d-------- C:\WINNT\system32\rocket
2007-05-06 20:14 <KANSIO> d-------- C:\WINNT\system32\inetsrv
2007-05-06 20:14 <KANSIO> d-------- C:\WINNT\mww32
2007-05-06 20:14 <KANSIO> d-------- C:\Program Files\microsoft frontpage
2007-05-06 20:13 112,128 --a------ C:\WINNT\system32\mapi32.dll
2007-05-06 20:13 <KANSIO> dr------- C:\WINNT\Offline Web Pages
2007-05-06 20:13 <KANSIO> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-05-06 20:13 <KANSIO> d---s---- C:\WINNT\Tasks
2007-05-06 20:13 <KANSIO> d---s---- C:\WINNT\Downloaded Program Files
2007-05-06 20:12 22,224 --a------ C:\WINNT\system32\emptyregdb.dat
2007-05-06 20:12 <KANSIO> d-------- C:\WINNT\Registration

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-31 22:22:07 78,494 ----a-w C:\WINNT\system32\perfc00B.dat
2007-05-31 22:22:07 397,902 ----a-w C:\WINNT\system32\perfh00B.dat
2007-05-07 08:19:35 12,400 ----a-w C:\WINNT\system32\drivers\secdrv.sys
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINNT\system32\msi.dll
2007-04-16 19:45:28 92,504 ----a-w C:\WINNT\system32\cdm.dll
2007-04-09 12:27:07 31,548 ----a-w C:\WINNT\system32\drivers\scdemu.sys
2007-03-23 03:07:56 1,683,280 ------w C:\WINNT\system32\XpsSvcs.dll
2007-03-23 03:07:54 583,504 ------w C:\WINNT\system32\XPSSHHDR.dll
2007-03-22 17:25:02 124,928 ------w C:\WINNT\system32\prntvpt.dll
2007-03-17 13:44:51 292,864 ----a-w C:\WINNT\system32\winsrv.dll
2007-03-08 15:38:00 578,048 ----a-w C:\WINNT\system32\user32.dll
2007-03-08 15:37:59 40,960 ----a-w C:\WINNT\system32\mf3216.dll
2007-03-08 15:37:59 281,600 ----a-w C:\WINNT\system32\gdi32.dll
2007-03-08 15:34:26 1,843,840 ----a-w C:\WINNT\system32\win32k.sys

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 16:39]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" []
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 18:42]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 15:23]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 15:20]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINNT\system32\ctfmon.exe" [2004-09-14 16:12]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"=internat.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 17:13]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^hp psc 1000 series.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\hp psc 1000 series.lnk
backup=C:\WINNT\pss\hp psc 1000 series.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^hpoddt01.exe.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\hpoddt01.exe.lnk
backup=C:\WINNT\pss\hpoddt01.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINNT\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
mobsync.exe /logon

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

Contents of the 'Scheduled Tasks' folder
2007-05-06 22:17:52 C:\WINNT\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1178489844.job

********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-01 12:11:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

********************************************************************

Completion time: 2007-06-01 12:11:55

--- E O F ---

UUS HJT

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:15:40, on 1.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\System32\nvraidservice.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\msaccrt\Access 97\FINDFAST.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\System32\wbem\unsecapp.exe
C:\WINNT\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tuomas Karhu\Työpöytä\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [internat.exe] internat.exe (User 'Paikallinen palve')
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [internat.exe] internat.exe (User 'Verkkopalve')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [internat.exe] internat.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office Pikahaku.lnk = C:\Program Files\msaccrt\Access 97\FINDFAST.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178481244437
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\System32\browseui.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINNT\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINNT\system32\fxssvc.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINNT\System32\imapi.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINNT\System32\mnmsrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINNT\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINNT\System32\SCardSvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINNT\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINNT\System32\tlntsvr.exe
O23 - Service: Toimintojen hallinta (UtilMan) - Unknown owner - C:\WINNT\System32\UtilMan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINNT\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINNT\System32\wbem\wmiapsrv.exe
O23 - Service: Windows Media Playerin verkkojakamispalvelu (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 8849 bytes

Auttaja · Jun 1, 2007

Tarkista koneesi F-Securen online skannerilla

Huom, skanneri toimii vain Internet Explorer selaimella

* Lue sivun ohjeet huolella läpi
* Klikkaa Start scanning
* Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
* Klikkaa Accept
* Klikkaa Custom Scan
* Säädä asetukset seuraavasti

o "Virus Scan Option" kohdasta valitse Scan whole system
o "Other Scan Option" kohdasta valitse Scan All Files
o Valitse Scan whole system for rootkits
o Valitse Scan whole system for spyware
o Laita ruksi kohtaan Scan inside archives
o Varmista että Use advanced heuristics on valittuna

* Klikkaa Start
* Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
* Odota kärsivällisesti
* Kun sakannaus on suoritettu, klikkaa Automatic cleaning
* Klikkaa Show Report
* Raportti aukeaa selaimessa, kopioi teksti kokonaan
* Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
* Voit sulkea skannerin
* Lähetä raportti viestiketjuusi

Tumppi_k · Jun 1, 2007

Per... Internet Explorer anto virheraportin.

Pitää laittaa yksi rullaamaan uudelleen ku tuntuu kestävän. oisko muuta mitä tehdä?

Tumppi_k · Jun 1, 2007

Tumppi_k said:

Per... Internet Explorer anto virheraportin.

Pitää laittaa yöksi rullaamaan uudelleen ku tuntuu kestävän. oisko muuta mitä tehdä?
Click to expand...

Tumppi_k · Jun 1, 2007

Ok! Täs vihdoin tää f-s onlinescannerin raportti..

Scanning Report
Friday, June 01, 2007 22:46:28 - 07:18:42
Computer name: AMD
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\ G:\

--------------------------------------------------------------------------------

Result: 11 malware found
Tracking Cookie (spyware)
System (Disinfected)
System
System
System
System
System
System
System
System
System
System

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 41275
System: 4424
Not scanned: 3
Actions:
Disinfected: 1
Renamed: 0
Deleted: 0
None: 10
Submitted: 0
Files not scanned:
C:\PAGEFILE.SYS
C:\WINNT\SYSTEM32\CONFIG\DEFAULT
C:\WINNT\SOFTWAREDISTRIBUTION\EVENTCACHE\{347823D3-0635-43D3-B6AD-0EFBCF09BAAE}.BIN

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure Libra: 2.4.2, 2007-06-01
F-Secure AVP: 7.0.171, 2007-06-01
F-Secure Orion: 1.2.37, 2007-06-01
F-Secure Blacklight: 1.0.53
F-Secure Draco: 1.0.35, 2007-05-29
F-Secure Pegasus: 1.19.0, 2007-04-28
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
Use Advanced heuristics

Auttaja · Jun 2, 2007

laita viel uusi HJTLogi

Log in or Sign up

uTorrent päälle = Avast! - Suoritin 60 - 99% (HJT)

Tumppi_k Member

Auttaja Guest

Tumppi_k Member

Auttaja Guest

Tumppi_k Member

Auttaja Guest

Tumppi_k Member

Auttaja Guest

Tumppi_k Member

Tumppi_k Member

Tumppi_k Member

Auttaja Guest

Share This Page

Log in or Sign up

uTorrent päälle = Avast! - Suoritin 60 - 99% (HJT)

Tumppi_k Member

Auttaja Guest

Tumppi_k Member

Auttaja Guest

Tumppi_k Member

Auttaja Guest

Tumppi_k Member

Auttaja Guest

Tumppi_k Member

Tumppi_k Member

Tumppi_k Member

Auttaja Guest

Share This Page

Useful Searches