win-antivirus, error safe jne - hjt-loki

Koneeni lätkii jatkuvasti nettiselaimeen win-antivirus sivuja ja error safe moskaa.

F-secure ei löydä viruksia, mutta Ad-Aware löytää jatkuvasti jotain ihme sälää.

Konee toimii älyttömän hitaasti. Suoritinkäyttö jatkuvasti 100% mm. käytettäessä DC++, Nero, filmmachine...

Katsoin aiemmista keskusteluista neuvoa ja pyydettiin lataamaan HijackThis ja lähettämään tänne loki.

Olen toiminut näin ja toivoin jos joku ystävällinen voisi sitä katsoa.

Täytyy muistuttaa, että olen varsinainen "pimatsu" tämän tietokoneen kanssa, mutta haluan silti yrittää itse. Joten jos sinä ystävällinen voisit selkokielelä selittää josko on jotain vialla. Tuhannet kiitokset!

Logfile of HijackThis v1.99.1
Scan saved at 20:30:15, on 23.1.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\ATI-CPanel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguiexe.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Omat lataukset\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [MS System Call Function] MSSCF32.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\lssas.exe
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\logon.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\System32\bfdtqqcq.dll",setvm
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\RunServices: [MS System Call Function] MSSCF32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MS System Call Function] MSSCF32.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1168884208781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1168891235453
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - Unknown owner - C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

 

vundo saatta joskus piilotta 02 ja 020 rivit, uudelleen nimeäminen saa ne esille, joten nimeä hjt uudelleen esim. C:\hjt\scanner.exe
ja lähetä tuore hjt:n loki

 

vähä sekoilin. Ajoin uudelleen hijackthis jutskan ja sit se tallettu notepad tiedostona tuolla nimellä, jonka sit muutin scanner.exe, lopputulos näyttää aika samalta kuin edellinen.

Logfile of HijackThis v1.99.1
Scan saved at 21:50:30, on 23.1.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\ATI-CPanel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguiexe.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Omat lataukset\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [MS System Call Function] MSSCF32.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\lssas.exe
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\logon.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\System32\bfdtqqcq.dll",setvm
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\RunServices: [MS System Call Function] MSSCF32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MS System Call Function] MSSCF32.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168884208781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168891235453
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - Unknown owner - C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

 

tehdäämpä vielä kerran näin:

mene kansioon jossa hjt on klikkaa sitä hiiren oikealla valitse valikosta nimeä uudelleen ja kirjoita siihen "scanner" ja enter

sen jälkeen aja uudelleen nimetty hjt ja lähetä tuore loki

 

no helkkari skippaa edellinen...tarkoitit uudelleennimetä koko ohjelman eikä sitä notepad tiedostoo : ) selitä nyt tälläselle : )

tässä uus loki:

Logfile of HijackThis v1.99.1
Scan saved at 22:57:39, on 23.1.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\ATI-CPanel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguiexe.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Omat lataukset\The FilmMachine\The FilmMachine\The FilmMachine.exe
C:\Program Files\Omat lataukset\The FilmMachine\The FilmMachine\QuEnc\QuEnc.exe
C:\Program Files\Omat lataukset\HiJackThis\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\System32\eptjlutj.dll (file missing)
O2 - BHO: (no name) - {878775D2-498A-4DE3-B298-94AD24CE59E4} - C:\WINDOWS\System32\ddccy.dll
O2 - BHO: (no name) - {AC16C3BC-AEBE-4B17-B0AD-D2B7F76DFAB8} - C:\WINDOWS\System32\urqnkhi.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [MS System Call Function] MSSCF32.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\lssas.exe
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\logon.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\System32\bfdtqqcq.dll",setvm
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\RunServices: [MS System Call Function] MSSCF32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MS System Call Function] MSSCF32.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168884208781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168891235453
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: ddccy - C:\WINDOWS\System32\ddccy.dll
O20 - Winlogon Notify: urqnkhi - C:\WINDOWS\SYSTEM32\urqnkhi.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - Unknown owner - C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

 

lähetä virustotaliin: C:\WINDOWS\System32\bfdtqqcq.dll

www.virustotal.com

siellä ylhäällä on valkoienen laatikko, jonka vieressä lukee selaa

selaat siihen yllä olevan tiedoston ja klikkaa send, ja lähetä tulokset

Lataa VundoFix.exe työpöydällesi.
[*]Tupla-klikkaa VundoFix.exe ajaaksesi sen.
[*]Klikkaa Scan for Vundo valintaa.
[*]Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
[*]Sinulta kysytään haluatko poistaa filut - klikkaa YES.
[*]Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
[*]Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
[*]Postita C:\vundofix.txt lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

-----------------------------------------------------------------

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix.exe
combofix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

---------------------------------------------------------------------

avaa hjt ja sulje kaikki muut ikkunat
klikkaa do a system scan only
merkkaa: (laita rasti rivien eteen, kaikkia ei välttämättä enään löydy)

O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\System32\eptjlutj.dll (file missing)
O2 - BHO: (no name) - {878775D2-498A-4DE3-B298-94AD24CE59E4} - C:\WINDOWS\System32\ddccy.dll
O2 - BHO: (no name) - {AC16C3BC-AEBE-4B17-B0AD-D2B7F76DFAB8} - C:\WINDOWS\System32\urqnkhi.dll
O4 - HKLM\..\Run: [MS System Call Function] MSSCF32.exe
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\lssas.exe
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\logon.exe
O4 - HKLM\..\RunServices: [MS System Call Function] MSSCF32.exe
O4 - HKCU\..\Run: [MS System Call Function] MSSCF32.exe
O20 - Winlogon Notify: ddccy - C:\WINDOWS\System32\ddccy.dll
O20 - Winlogon Notify: urqnkhi - C:\WINDOWS\SYSTEM32\urqnkhi.dll
klikkaa fix checked

avaa vikasietotilaan
vikasietotilaan pääset naputtamalla f8:ia käynnistyksen yhteydessä

poista, jos löytyy:

C:\WINDOWS\System32\eptjlutj.dll
C:\WINDOWS\System32\ddccy.dll
C:\WINDOWS\System32\urqnkhi.dll
C:\WINDOWS\System32\lssas.exe
C:\WINDOWS\System32\logon.exe

käytä etsi toiminta ja poista, jos löytyy:

MSSCF32.exe

käynnistä normaalisti

lataa eScan
ja toimi sivulla olevien ohjeiden mukaan

lähetä:
C:vundofix.txt:n sisältö
combofix:n loki
eScanin tulokset (alempi laatikko)
virustotalin tulokset
tuore hjt:n loki

 

e-scan oli niin iso etten saanu sitä tähän liitettyä ja virustotalin olen hukannut johonkin, en vissiin osannu oikein sitä tehä. Muut löytyy alapuolelta jos niistä nyt on apua.

Logfile of HijackThis v1.99.1
Scan saved at 16:36:21, on 25.1.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\ATI-CPanel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguiexe.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Kaspersky\mwavscan.com
C:\Kaspersky\kavss.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Omat lataukset\Viruskansio\HiJackThis\scanner.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168884208781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168891235453
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - Unknown owner - C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

__________________________________________

VundoFix V6.3.2

Checking Java version...

Java version is 1.4.2.3

Scan started at 21:20:32 24.1.2007

Listing files found while scanning....

C:\Documents and settings\Tonja Manninen\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Tonja Manninen\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\WINDOWS\system32\bfdtqqcq.dll
C:\WINDOWS\System32\ddccy.dll
C:\WINDOWS\System32\eptjlutj.dll
C:\WINDOWS\system32\nqnvacye.exe
C:\WINDOWS\system32\qcqqtdfb.ini
C:\WINDOWS\system32\urqnkhi.dll
C:\WINDOWS\System32\yccdd.bak1
C:\WINDOWS\System32\yccdd.bak2
C:\WINDOWS\System32\yccdd.ini

Beginning removal...

Attempting to delete C:\Documents and settings\Tonja Manninen\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Tonja Manninen\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt Has been deleted!

Attempting to delete C:\Documents and settings\Tonja Manninen\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Documents and settings\Tonja Manninen\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt Has been deleted!

Attempting to delete C:\WINDOWS\system32\bfdtqqcq.dll
C:\WINDOWS\system32\bfdtqqcq.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\ddccy.dll
C:\WINDOWS\System32\ddccy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nqnvacye.exe
C:\WINDOWS\system32\nqnvacye.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\qcqqtdfb.ini
C:\WINDOWS\system32\qcqqtdfb.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\urqnkhi.dll
C:\WINDOWS\system32\urqnkhi.dll Could not be deleted.

Attempting to delete C:\WINDOWS\System32\yccdd.bak1
C:\WINDOWS\System32\yccdd.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\yccdd.bak2
C:\WINDOWS\System32\yccdd.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\yccdd.ini
C:\WINDOWS\System32\yccdd.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\urqnkhi.dll
C:\WINDOWS\system32\urqnkhi.dll Has been deleted!

Performing Repairs to the registry.
Done!

_____________________________________________________________

2007-01-24 21:20 <KANSIO> d-------- C:\VundoFix Backups
2007-01-18 22:41 <KANSIO> d-------- C:\WINDOWS\WBEM
2007-01-18 22:41 <KANSIO> d-------- C:\WINDOWS\system32\fi-fi
2007-01-18 22:40 <KANSIO> d--h-c--- C:\WINDOWS\ie7
2007-01-18 22:38 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2007-01-18 22:37 <KANSIO> d-------- C:\WINDOWS\network diagnostic
2007-01-18 22:34 <KANSIO> d-------- C:\f4e23c7117d00a11f154a07a2d
2007-01-18 22:16 <KANSIO> d-------- C:\Program Files\Windows Media Connect 2
2007-01-18 22:08 <KANSIO> d-------- C:\WINDOWS\system32\LogFiles
2007-01-18 22:08 <KANSIO> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-01-18 21:12 <KANSIO> d-------- C:\DOCUME~1\TONJAM~1\Application Data\Lavasoft
2007-01-17 14:27 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2007-01-17 14:27 <KANSIO> d-------- C:\2d684cecc9255fe4492601fb094d
2007-01-17 11:23 <KANSIO> d-------- C:\DOCUME~1\LOCALS~1\K„ynnist„-valikko
2007-01-17 11:21 <KANSIO> d-------- C:\WINDOWS\Prefetch
2007-01-17 10:40 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-01-17 10:36 <KANSIO> d-------- C:\WINDOWS\provisioning
2007-01-17 10:36 <KANSIO> d-------- C:\WINDOWS\peernet
2007-01-17 10:33 <KANSIO> d-------- C:\WINDOWS\ServicePackFiles
2007-01-17 10:23 <KANSIO> d-------- C:\WINDOWS\EHome
2007-01-17 03:49 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2007-01-17 03:48 71,680 --------- C:\WINDOWS\system32\blastcln.exe
2007-01-17 03:48 50,688 --------- C:\WINDOWS\system32\btpanui.dll
2007-01-17 03:48 38,016 --------- C:\WINDOWS\system32\drivers\bthmodem.sys
2007-01-17 03:48 35,456 --------- C:\WINDOWS\system32\drivers\bthprint.sys
2007-01-17 03:48 30,208 --------- C:\WINDOWS\system32\bthserv.dll
2007-01-17 03:48 274,304 --------- C:\WINDOWS\system32\drivers\bthport.sys
2007-01-17 03:48 20,992 --------- C:\WINDOWS\system32\bthci.dll
2007-01-17 03:48 18,944 --------- C:\WINDOWS\system32\drivers\bthusb.sys
2007-01-17 03:48 17,024 --------- C:\WINDOWS\system32\drivers\bthenum.sys
2007-01-17 03:48 15,423 --------- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2007-01-17 03:48 13,824 --------- C:\WINDOWS\system32\cmsetacl.dll
2007-01-17 03:48 100,992 --------- C:\WINDOWS\system32\drivers\bthpan.sys
2007-01-17 03:47 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll
2007-01-17 03:47 73,216 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2007-01-17 03:47 63,663 --------- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2007-01-17 03:47 63,488 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2007-01-17 03:47 57,856 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2007-01-17 03:47 56,623 --------- C:\WINDOWS\system32\drivers\ati1btxx.sys
2007-01-17 03:47 52,224 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2007-01-17 03:47 44,928 --------- C:\WINDOWS\system32\drivers\agpcpq.sys
2007-01-17 03:47 43,008 --------- C:\WINDOWS\system32\drivers\amdagp.sys
2007-01-17 03:47 42,752 --------- C:\WINDOWS\system32\drivers\alim1541.sys
2007-01-17 03:47 42,368 --------- C:\WINDOWS\system32\drivers\agp440.sys
2007-01-17 03:47 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll
2007-01-17 03:47 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2007-01-17 03:47 36,463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2007-01-17 03:47 34,735 --------- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2007-01-17 03:47 326,912 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2007-01-17 03:47 32,768 --------- C:\WINDOWS\system32\ativtmxx.dll
2007-01-17 03:47 31,744 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2007-01-17 03:47 30,671 --------- C:\WINDOWS\system32\drivers\ati1raxx.sys
2007-01-17 03:47 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll
2007-01-17 03:47 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll
2007-01-17 03:47 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll
2007-01-17 03:47 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll
2007-01-17 03:47 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll
2007-01-17 03:47 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll
2007-01-17 03:47 29,455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2007-01-17 03:47 28,672 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2007-01-17 03:47 26,367 --------- C:\WINDOWS\system32\drivers\ati1snxx.sys
2007-01-17 03:47 25,471 --------- C:\WINDOWS\system32\drivers\atv04nt5.dll
2007-01-17 03:47 21,343 --------- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2007-01-17 03:47 21,183 --------- C:\WINDOWS\system32\drivers\atv01nt5.dll
2007-01-17 03:47 17,279 --------- C:\WINDOWS\system32\drivers\atv10nt5.dll
2007-01-17 03:47 14,336 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2007-01-17 03:47 14,336 --------- C:\WINDOWS\system32\auditusr.exe
2007-01-17 03:47 14,143 --------- C:\WINDOWS\system32\drivers\atv06nt5.dll
2007-01-17 03:47 13,824 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2007-01-17 03:47 13,824 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2007-01-17 03:47 12,047 --------- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2007-01-17 03:47 11,615 --------- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2007-01-17 03:47 11,359 --------- C:\WINDOWS\system32\drivers\atv02nt5.dll
2007-01-17 03:47 104,960 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2007-01-16 22:24 <KANSIO> dr------- C:\DOCUME~1\LOCALS~1\Suosikit
2007-01-16 16:10 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-01-15 23:59 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2007-01-15 23:59 2,023,424 --------- C:\WINDOWS\UNNeroVision.exe
2007-01-15 23:59 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Ahead
2007-01-15 23:53 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-01-15 23:53 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-01-15 23:53 38,912 --------- C:\WINDOWS\system32\picn20.dll
2007-01-15 23:53 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2007-01-15 23:53 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-01-15 23:53 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-01-15 23:53 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-01-15 23:53 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-01-15 23:53 <KANSIO> d-------- C:\Program Files\Common Files\Ahead
2007-01-15 23:05 <KANSIO> d-------- C:\WINDOWS\Sun
2007-01-15 22:37 <KANSIO> d--h-c--- C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-FIN$
2007-01-15 22:21 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2007-01-15 22:21 39,936 --a------ C:\WINDOWS\system32\mf3216.dll
2007-01-15 22:21 330,752 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-01-15 20:46 491,520 --a------ C:\WINDOWS\system32\lkVCDimager.dll
2007-01-15 20:46 <KANSIO> d-------- C:\Program Files\AviSynth 2.5
2007-01-15 20:27 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2007-01-15 20:09 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-01-15 20:09 <KANSIO> d--h----- C:\WINDOWS\$hf_mig$
2007-01-15 20:09 <KANSIO> d-------- C:\WINDOWS\system32\PreInstall
2007-01-15 20:08 <KANSIO> d-------- C:\WINDOWS\system32\bits
2007-01-15 20:07 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-01-15 20:07 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-01-15 20:07 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2007-01-15 20:07 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-01-15 20:04 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-01-15 20:04 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-01-15 20:04 194,840 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-01-15 20:04 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2007-01-15 20:04 173,848 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-01-15 20:04 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-01-15 20:03 <KANSIO> d-------- C:\WINDOWS\SoftwareDistribution
2007-01-15 20:00 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2007-01-15 19:48 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-01-15 18:51 <KANSIO> d--hs---- C:\DOCUME~1\TONJAM~1\UserData
2007-01-15 18:44 94,208 --a------ C:\WINDOWS\system32\odbcint.dll
2007-01-15 18:44 77,824 --a------ C:\WINDOWS\system32\cliconfg.dll
2007-01-15 18:44 65,536 --a------ C:\WINDOWS\system32\odbccu32.dll
2007-01-15 18:44 65,536 --a------ C:\WINDOWS\system32\odbccr32.dll
2007-01-15 18:44 442,368 --a------ C:\WINDOWS\system32\sqlsrv32.dll
2007-01-15 18:44 44,032 --------- C:\WINDOWS\system32\msxml3r.dll
2007-01-15 18:44 4,656 --a------ C:\WINDOWS\system32\ds16gt.dll
2007-01-15 18:44 36,864 --a------ C:\WINDOWS\system32\mscpxl32.dll
2007-01-15 18:44 32,768 --a------ C:\WINDOWS\system32\odbcad32.exe
2007-01-15 18:44 28,672 --a------ C:\WINDOWS\system32\dbnmpntw.dll
2007-01-15 18:44 28,672 --a------ C:\WINDOWS\system32\dbmsgnet.dll
2007-01-15 18:44 26,224 --a------ C:\WINDOWS\system32\odbc16gt.dll
2007-01-15 18:44 24,576 --a------ C:\WINDOWS\system32\odbcbcp.dll
2007-01-15 18:44 24,576 --a------ C:\WINDOWS\system32\msorc32r.dll
2007-01-15 18:44 24,576 --a------ C:\WINDOWS\system32\dbmsvinn.dll
2007-01-15 18:44 24,576 --a------ C:\WINDOWS\system32\dbmsrpcn.dll
2007-01-15 18:44 24,576 --a------ C:\WINDOWS\system32\dbmsadsn.dll
2007-01-15 18:44 20,480 --a------ C:\WINDOWS\system32\cliconfg.exe
2007-01-15 18:44 180,800 --a------ C:\WINDOWS\system32\sqlunirl.dll
2007-01-15 18:44 16,384 --a------ C:\WINDOWS\system32\odbc32gt.dll
2007-01-15 18:44 16,384 --a------ C:\WINDOWS\system32\ds32gt.dll
2007-01-15 18:44 151,552 --a------ C:\WINDOWS\system32\msdart.dll
2007-01-15 18:44 147,456 --a------ C:\WINDOWS\system32\odbctrac.dll
2007-01-15 18:44 143,360 --a------ C:\WINDOWS\system32\msorcl32.dll
2007-01-15 18:44 110,592 --a------ C:\WINDOWS\system32\dbnetlib.dll
2007-01-15 18:44 106,496 --a------ C:\WINDOWS\system32\odbccp32.dll
2007-01-15 18:43 69,632 -ra------ C:\WINDOWS\system32\odbcconf.exe
2007-01-15 18:43 135,168 -ra------ C:\WINDOWS\system32\odbcconf.dll
2007-01-15 18:42 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
2007-01-15 18:42 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
2007-01-15 18:42 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll
2007-01-15 18:42 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
2007-01-15 18:42 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Hewlett-Packard
2007-01-15 18:37 <KANSIO> d-------- C:\Program Files\Common Files\HP
2007-01-15 18:33 <KANSIO> d-------- C:\Program Files\HP
2007-01-15 18:27 <KANSIO> d-------- C:\DOCUME~1\TONJAM~1\Application Data\Hewlett-Packard
2007-01-15 18:22 82,380 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS
2007-01-15 18:20 94,208 -ra------ C:\WINDOWS\system32\HPZipt12.dll
2007-01-15 18:20 65,795 -ra------ C:\WINDOWS\system32\HPZipm12.exe
2007-01-15 18:20 61,699 -ra------ C:\WINDOWS\system32\HPZinw12.exe
2007-01-15 18:20 57,344 -ra------ C:\WINDOWS\system32\HPZisn12.dll
2007-01-15 18:20 51,024 -ra------ C:\WINDOWS\system32\drivers\hpzid412.sys
2007-01-15 18:20 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-01-15 18:20 233,528 -ra------ C:\WINDOWS\system32\HPZidr12.dll
2007-01-15 18:20 21,456 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2007-01-15 18:20 167,936 -ra------ C:\WINDOWS\system32\HPZipr12.dll
2007-01-15 18:20 16,080 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-01-15 18:19 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-01-15 18:19 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-01-15 18:13 <KANSIO> d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-01-15 18:08 <KANSIO> d-------- C:\Program Files\Hewlett-Packard
2007-01-15 17:49 <KANSIO> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-01-15 17:49 <KANSIO> dr--s---- C:\WINDOWS\Fonts
2007-01-15 17:49 <KANSIO> dr------- C:\WINDOWS\Web
2007-01-15 17:49 <KANSIO> d--h----- C:\WINDOWS\inf
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\WinSxS
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\twain_32
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\system32\wins
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\system32\wbem
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\system32\usmt
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\system32\spool
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\system32\ShellExt
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\system32\Setup
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\system32\ras
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\system32\oobe
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\system32\npp
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\system32\mui
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\system32\inetsrv
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\system32\IME
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\system32\icsxml
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\system32\ias
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\system32\export
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\system32\drivers\etc
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\system32\drivers\disdn
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\system32\drivers
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\system32\dhcp
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\system32\config
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\system32\3com_dmi
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\system32\3076
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\system32\2052
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\system32\1054
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\system32\1042
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\system32\1041
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\system32\1037
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\system32\1035
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\system32\1033
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\system32\1031
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\system32\1028
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\system32\1025
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\system32
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\system
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\security
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\Resources
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\repair
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\mui
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\msapps
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\msagent
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\Media
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\java
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\ime
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\Help
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\Driver Cache
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\Debug
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\Cursors
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\Connection Wizard
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\Config
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\AppPatch
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS\addins
2007-01-15 17:49 <KANSIO> d-------- C:\WINDOWS
2007-01-15 17:19 83,344 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2007-01-15 17:19 26,736 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2007-01-15 17:15 118,784 -r------- C:\WINDOWS\bwUnin-6.3.2.62-4119343L.exe
2007-01-15 17:15 <KANSIO> d-------- C:\Program Files\Elisa Tietoturvapalvelu
2007-01-15 17:01 <KANSIO> d-------- C:\Program Files\Common Files\Adobe
2007-01-15 17:01 <KANSIO> d-------- C:\DOCUME~1\TONJAM~1\Application Data\AdobeUM
2007-01-15 17:01 <KANSIO> d-------- C:\DOCUME~1\TONJAM~1\Application Data\Adobe
2007-01-15 16:58 <KANSIO> d-------- C:\WINDOWS\ShellNew
2007-01-15 16:56 <KANSIO> d-------- C:\DOCUME~1\TONJAM~1\Application Data\Microsoft Web Folders
2007-01-15 16:52 <KANSIO> d-------- C:\DOCUME~1\TONJAM~1\Application Data\InterVideo
2007-01-15 16:51 204,800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2007-01-15 16:51 200,704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2007-01-15 16:51 20,480 --a------ C:\WINDOWS\system32\IVIresize.dll
2007-01-15 16:51 192,512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2007-01-15 16:51 192,512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2007-01-15 16:51 188,416 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2007-01-15 16:51 <KANSIO> d-------- C:\Program Files\InterVideo
2007-01-15 16:50 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2007-01-15 16:49 <KANSIO> d-------- C:\WINDOWS\Cache
2007-01-15 16:48 <KANSIO> d-------- C:\Online-dokumentaatio
2007-01-15 16:47 <KANSIO> d-------- C:\$CTJTMP
2007-01-15 16:46 85,376 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2007-01-15 16:46 83,456 --a------ C:\WINDOWS\system32\dpvsetup.exe
2007-01-15 16:46 825,344 --a------ C:\WINDOWS\system32\d3dim700.dll
2007-01-15 16:46 82,432 --a------ C:\WINDOWS\system32\dmscript.dll
2007-01-15 16:46 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll
2007-01-15 16:46 733,696 --a------ C:\WINDOWS\system32\qedwipes.dll
2007-01-15 16:46 71,680 --a------ C:\WINDOWS\system32\dsdmoprp.dll
2007-01-15 16:46 70,656 --a------ C:\WINDOWS\system32\amstream.dll
2007-01-15 16:46 7,552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2007-01-15 16:46 619,008 --a------ C:\WINDOWS\system32\dx7vb.dll
2007-01-15 16:46 61,440 --a------ C:\WINDOWS\system32\dmcompos.dll
2007-01-15 16:46 60,928 --a------ C:\WINDOWS\system32\dpnhupnp.dll
2007-01-15 16:46 59,904 --a------ C:\WINDOWS\system32\devenum.dll
2007-01-15 16:46 57,344 --a------ C:\WINDOWS\system32\dpwsockx.dll
2007-01-15 16:46 562,176 --a------ C:\WINDOWS\system32\qedit.dll
2007-01-15 16:46 51,328 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2007-01-15 16:46 50,688 --a------ C:\WINDOWS\system32\wstdecod.dll
2007-01-15 16:46 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys
2007-01-15 16:46 5,376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2007-01-15 16:46 48,640 --a------ C:\WINDOWS\system32\drivers\stream.sys
2007-01-15 16:46 467,968 --a------ C:\WINDOWS\system32\diactfrm.dll
2007-01-15 16:46 44,544 --a------ C:\WINDOWS\system32\dxdllreg.exe
2007-01-15 16:46 4,992 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2007-01-15 16:46 4,352 --a------ C:\WINDOWS\system32\drivers\swenum.sys
2007-01-15 16:46 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-01-15 16:46 385,536 --a------ C:\WINDOWS\system32\qdvd.dll
2007-01-15 16:46 375,296 --a------ C:\WINDOWS\system32\dpnet.dll
2007-01-15 16:46 367,616 --a------ C:\WINDOWS\system32\dsound.dll
2007-01-15 16:46 363,520 --a------ C:\WINDOWS\system32\psisdecd.dll
2007-01-15 16:46 35,840 --a------ C:\WINDOWS\system32\dmloader.dll
2007-01-15 16:46 35,328 --a------ C:\WINDOWS\system32\mciqtz32.dll
2007-01-15 16:46 35,328 --a------ C:\WINDOWS\system32\dpnhpast.dll
2007-01-15 16:46 30,208 --a------ C:\WINDOWS\system32\dplaysvr.exe
2007-01-15 16:46 3,584 --a------ C:\WINDOWS\system32\dpnlobby.dll
2007-01-15 16:46 3,584 --a------ C:\WINDOWS\system32\dpnaddr.dll
2007-01-15 16:46 28,672 --a------ C:\WINDOWS\system32\dmband.dll
2007-01-15 16:46 279,040 --a------ C:\WINDOWS\system32\qdv.dll
2007-01-15 16:46 27,136 --a------ C:\WINDOWS\system32\ddrawex.dll
2007-01-15 16:46 266,240 --a------ C:\WINDOWS\system32\ddraw.dll
2007-01-15 16:46 23,552 --a------ C:\WINDOWS\system32\dpmodemx.dll
2007-01-15 16:46 229,888 --a------ C:\WINDOWS\system32\dplayx.dll
2007-01-15 16:46 223,232 --a------ C:\WINDOWS\system32\gcdef.dll
2007-01-15 16:46 212,480 --a------ C:\WINDOWS\system32\dpvoice.dll
2007-01-15 16:46 21,504 --a------ C:\WINDOWS\system32\dpvacm.dll
2007-01-15 16:46 203,776 --a------ C:\WINDOWS\system32\mswebdvd.dll
2007-01-15 16:46 20,480 --a------ C:\WINDOWS\system32\encapi.dll
2007-01-15 16:46 2,113,536 --a------ C:\WINDOWS\system32\dxdiagn.dll
2007-01-15 16:46 192,512 --a------ C:\WINDOWS\system32\qcap.dll
2007-01-15 16:46 19,456 --a------ C:\WINDOWS\system32\dswave.dll
2007-01-15 16:46 19,328 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2007-01-15 16:46 188,928 --a------ C:\WINDOWS\system32\dinput8.dll
2007-01-15 16:46 181,760 --a------ C:\WINDOWS\system32\dsdmo.dll
2007-01-15 16:46 181,248 --a------ C:\WINDOWS\system32\dmime.dll
2007-01-15 16:46 18,432 --a------ C:\WINDOWS\system32\dpnsvr.exe
2007-01-15 16:46 17,408 --a------ C:\WINDOWS\system32\msyuv.dll
2007-01-15 16:46 17,024 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys
2007-01-15 16:46 166,400 --a------ C:\WINDOWS\system32\dinput.dll
2007-01-15 16:46 15,360 --a------ C:\WINDOWS\system32\drivers\streamip.sys
2007-01-15 16:46 15,360 --a------ C:\WINDOWS\system32\drivers\mpe.sys
2007-01-15 16:46 140,928 --a------ C:\WINDOWS\system32\drivers\ks.sys
2007-01-15 16:46 14,336 --a------ C:\WINDOWS\system32\msdmo.dll
2007-01-15 16:46 116,736 --a------ C:\WINDOWS\system32\dpvvox.dll
2007-01-15 16:46 11,776 --a------ C:\WINDOWS\system32\drivers\bdasup.sys
2007-01-15 16:46 11,136 --a------ C:\WINDOWS\system32\drivers\slip.sys
2007-01-15 16:46 105,984 --a------ C:\WINDOWS\system32\dmstyle.dll
2007-01-15 16:46 104,448 --a------ C:\WINDOWS\system32\dmusic.dll
2007-01-15 16:46 103,424 --a------ C:\WINDOWS\system32\dmsynth.dll
2007-01-15 16:46 10,880 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2007-01-15 16:46 1,689,088 --a------ C:\WINDOWS\system32\d3d9.dll
2007-01-15 16:46 1,427,968 --a------ C:\WINDOWS\system32\msvidctl.dll
2007-01-15 16:46 1,298,432 --a------ C:\WINDOWS\system32\dxdiag.exe
2007-01-15 16:46 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll
2007-01-15 16:46 1,287,680 --a------ C:\WINDOWS\system32\quartz.dll
2007-01-15 16:46 1,227,264 --a------ C:\WINDOWS\system32\dx8vb.dll
2007-01-15 16:46 1,179,648 --a------ C:\WINDOWS\system32\d3d8.dll
2007-01-15 16:46 <KANSIO> d-------- C:\WINDOWS\RegisteredPackages
2007-01-15 16:44 86,016 -ra------ C:\WINDOWS\system32\mdmxsdk.dll
2007-01-15 16:44 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-01-15 16:44 679,808 -ra------ C:\WINDOWS\system32\drivers\HSF_CNXT.sys
2007-01-15 16:44 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-01-15 16:44 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-01-15 16:44 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2007-01-15 16:44 32,218 -ra------ C:\WINDOWS\system32\HSFCI008.dll
2007-01-15 16:44 210,304 -ra------ C:\WINDOWS\system32\drivers\HSFHWBS2.sys
2007-01-15 16:44 12,970 -ra------ C:\WINDOWS\system32\drivers\mdmxsdk.sys
2007-01-15 16:44 1,042,816 -ra------ C:\WINDOWS\system32\drivers\HSF_DP.sys
2007-01-15 16:44 <KANSIO> d-------- C:\Program Files\CONEXANT
2007-01-15 16:43 765,952 -ra------ C:\WINDOWS\system\crlds3d.dll
2007-01-15 16:43 720,896 -ra------ C:\WINDOWS\system32\Audio3D.dll
2007-01-15 16:43 720,896 -ra------ C:\WINDOWS\system32\a3d.dll
2007-01-15 16:43 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-01-15 16:43 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-01-15 16:43 57,344 -ra------ C:\WINDOWS\SOUNDMAN.EXE
2007-01-15 16:43 460,864 -ra------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2007-01-15 16:43 404,608 -ra------ C:\WINDOWS\system32\drivers\ALCXSENS.SYS
2007-01-15 16:43 294,912 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2007-01-15 16:43 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-01-15 16:43 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-01-15 16:43 151,552 -ra------ C:\WINDOWS\system32\ATIDEMGR.dll
2007-01-15 16:43 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-01-15 16:43 <KANSIO> d--h----- C:\Program Files\InstallShield Installation Information
2007-01-15 16:43 <KANSIO> d-------- C:\Program Files\Common Files\InstallShield
2007-01-15 16:43 <KANSIO> d-------- C:\ATI-CPanel
2007-01-15 16:42 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-01-15 16:42 57,600 --a------ C:\WINDOWS\system32\drivers\usbhub.sys
2007-01-15 16:42 27,904 -ra------ C:\WINDOWS\system32\drivers\VIAAGP1.SYS
2007-01-15 16:42 26,624 --a------ C:\WINDOWS\system32\drivers\usbehci.sys
2007-01-15 16:42 198,424 --a------ C:\WINDOWS\system32\iuengine.dll
2007-01-15 16:42 142,976 --a------ C:\WINDOWS\system32\drivers\usbport.sys
2007-01-15 16:42 <KANSIO> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-01-15 16:30 <KANSIO> d--hs---- C:\RECYCLER
2007-01-15 16:21 <KANSIO> d-------- C:\Program Files\Omat lataukset
2007-01-15 16:16 <KANSIO> dr------- C:\DOCUME~1\TONJAM~1\Suosikit
2007-01-15 16:16 <KANSIO> dr------- C:\DOCUME~1\TONJAM~1\Omat tiedostot
2007-01-15 16:16 <KANSIO> dr------- C:\DOCUME~1\TONJAM~1\K„ynnist„-valikko
2007-01-15 16:16 <KANSIO> d--h----- C:\DOCUME~1\TONJAM~1\Verkkoymp„rist”
2007-01-15 16:16 <KANSIO> d--h----- C:\DOCUME~1\TONJAM~1\Tulostinymp„rist”
2007-01-15 16:16 <KANSIO> d--h----- C:\DOCUME~1\TONJAM~1\Mallit
2007-01-15 16:16 <KANSIO> d-------- C:\DOCUME~1\TONJAM~1\Ty”p”yt„
2007-01-15 16:16 <KANSIO> d-------- C:\DOCUME~1\TONJAM~1\Application Data\Sun
2007-01-15 16:12 <KANSIO> d--hs---- C:\System Volume Information
2007-01-15 16:08 <KANSIO> d-------- C:\WINDOWS\system32\xircom
2007-01-15 16:08 <KANSIO> d-------- C:\Program Files\microsoft frontpage
2007-01-15 16:07 <KANSIO> dr--s---- C:\WINDOWS\assembly
2007-01-15 16:07 <KANSIO> d-------- C:\WINDOWS\system32\URTTemp
2007-01-15 16:07 <KANSIO> d-------- C:\WINDOWS\Microsoft.NET
2007-01-15 16:07 <KANSIO> d-------- C:\AddOn
2007-01-15 16:06 75,264 --a------ C:\WINDOWS\system32\locator.exe
2007-01-15 16:06 72,704 --a------ C:\WINDOWS\system32\magnify.exe
2007-01-15 16:06 60,416 --a------ C:\WINDOWS\system32\cryptsvc.dll
2007-01-15 16:06 599,040 --a------ C:\WINDOWS\system32\crypt32.dll
2007-01-15 16:06 54,272 --a------ C:\WINDOWS\system32\narrator.exe
2007-01-15 16:06 41,472 --a------ C:\WINDOWS\system32\hhsetup.dll
2007-01-15 16:06 33,792 --a------ C:\WINDOWS\system32\msgsvc.dll
2007-01-15 16:06 248,832 --a------ C:\WINDOWS\system32\newdev.dll
2007-01-15 16:06 240,640 --a------ C:\WINDOWS\system32\srrstr.dll
2007-01-15 16:06 216,064 --a------ C:\WINDOWS\system32\osk.exe
2007-01-15 16:06 186,368 --a------ C:\WINDOWS\system32\accwiz.exe
2007-01-15 16:06 152,576 --a------ C:\WINDOWS\system32\shmedia.dll
2007-01-15 16:06 137,216 --a------ C:\WINDOWS\system32\itss.dll
2007-01-15 16:06 10,752 --a------ C:\WINDOWS\hh.exe
2007-01-15 16:06 <KANSIO> dr------- C:\DOCUME~1\DEFAUL~1\Omat tiedostot
2007-01-15 16:06 <KANSIO> d--hs---- C:\WINDOWS\Installer
2007-01-15 16:06 <KANSIO> d-------- C:\WINDOWS\fsc
2007-01-15 16:06 <KANSIO> d-------- C:\Program Files\Java
2007-01-15 16:06 <KANSIO> d-------- C:\Program Files\Common Files\Java
2007-01-15 16:06 <KANSIO> d-------- C:\DOCUME~1\DEFAUL~1\Application Data\Sun
2007-01-15 16:05 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2007-01-15 16:05 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-01-15 16:05 0 -rahs---- C:\MSDOS.SYS
2007-01-15 16:05 0 -rahs---- C:\IO.SYS
2007-01-15 16:05 0 --a------ C:\CONFIG.SYS
2007-01-15 16:05 0 --a------ C:\AUTOEXEC.BAT
2007-01-15 16:04 <KANSIO> dr------- C:\WINDOWS\Offline Web Pages
2007-01-15 16:04 <KANSIO> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-01-15 16:04 <KANSIO> d---s---- C:\WINDOWS\Downloaded Program Files
2007-01-15 16:03 86,016 --a------ C:\WINDOWS\system32\isign32.dll
2007-01-15 16:03 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-01-15 16:03 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-01-15 16:03 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-01-15 16:03 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-01-15 16:03 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-01-15 16:03 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-01-15 16:03 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-01-15 16:03 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-01-15 16:03 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-01-15 16:03 278,528 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-01-15 16:03 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-01-15 16:03 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-01-15 16:03 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-01-15 16:03 <KANSIO> d---s---- C:\WINDOWS\Tasks
2007-01-15 16:03 <KANSIO> d-------- C:\WINDOWS\system32\DirectX
2007-01-15 16:03 <KANSIO> d-------- C:\Program Files\Common Files\MSSoap
2007-01-15 16:02 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-01-15 16:02 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-01-15 16:02 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-01-15 16:02 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-01-15 16:02 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-01-15 16:02 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-01-15 16:02 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-01-15 16:02 276,480 --a------ C:\WINDOWS\system32\mstask.dll
2007-01-15 16:02 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-01-15 16:02 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-01-15 16:02 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-01-15 16:02 <KANSIO> d-------- C:\WINDOWS\system32\Restore
2007-01-15 16:02 <KANSIO> d-------- C:\WINDOWS\system32\Macromed
2007-01-15 16:02 <KANSIO> d-------- C:\WINDOWS\srchasst
2007-01-15 16:02 <KANSIO> d-------- C:\WINDOWS\Registration
2007-01-15 16:02 <KANSIO> d-------- C:\WINDOWS\PCHealth
2007-01-15 16:02 <KANSIO> d-------- C:\Program Files\Movie Maker
2007-01-15 16:01 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-01-15 16:01 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-01-15 16:01 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-01-15 16:01 80,896 --a------ C:\WINDOWS\system32\charmap.exe
2007-01-15 16:01 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-01-15 16:01 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-01-15 16:01 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-01-15 16:01 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-01-15 16:01 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-01-15 16:01 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-01-15 16:01 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-01-15 16:01 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-01-15 16:01 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-01-15 16:01 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-01-15 16:01 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-01-15 16:01 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-01-15 16:01 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-01-15 16:01 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-01-15 16:01 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-01-15 16:01 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-01-15 16:01 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-01-15 16:01 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-01-15 16:01 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-01-15 16:01 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-01-15 16:01 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-01-15 16:01 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-01-15 16:01 21,504 --a------ C:\WINDOWS\system32\msg.exe
2007-01-15 16:01 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-01-15 16:01 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-01-15 16:01 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-01-15 16:01 17,408 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-01-15 16:01 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-01-15 16:01 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-01-15 16:01 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-01-15 16:01 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-01-15 16:01 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-01-15 16:01 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-01-15 16:01 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-01-15 16:01 15,360 --a------ C:\WINDOWS\system32\tscon.exe
2007-01-15 16:01 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2007-01-15 16:01 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-01-15 16:01 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-01-15 16:01 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2007-01-15 16:01 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-01-15 16:01 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-01-15 16:01 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-01-15 16:01 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-01-15 16:01 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-01-15 16:01 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-01-15 16:01 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-01-15 16:01 <KANSIO> d--h----- C:\Program Files\WindowsUpdate
2007-01-15 16:01 <KANSIO> d-------- C:\Program Files\Online Services
2007-01-15 16:01 <KANSIO> d-------- C:\Program Files\MSN Gaming Zone
2007-01-15 16:01 <KANSIO> d-------- C:\Program Files\Messenger
2007-01-15 16:00 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-01-15 16:00 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-01-15 16:00 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-01-15 16:00 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-01-15 16:00 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-01-15 16:00 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-01-15 16:00 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-01-15 16:00 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-01-15 16:00 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-01-15 16:00 404,992 --a------ C:\WINDOWS\system32\mstsc.exe
2007-01-15 16:00 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-01-15 16:00 39,424 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-01-15 16:00 344,064 --a------ C:\WINDOWS\system32\mspaint.exe
2007-01-15 16:00 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-01-15 16:00 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-01-15 16:00 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-01-15 16:00 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-01-15 16:00 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-01-15 16:00 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-01-15 16:00 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-01-15 16:00 124,696 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-01-15 16:00 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-01-15 16:00 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-01-15 16:00 102,400 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-01-15 16:00 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-01-15 16:00 <KANSIO> d-------- C:\WINDOWS\system32\MsDtc
2007-01-15 16:00 <KANSIO> d-------- C:\WINDOWS\system32\Com
2007-01-15 16:00 <KANSIO> d-------- C:\Program Files\Windows NT
2007-01-15 15:57 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-01-15 15:56 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-01-15 15:56 57,216 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-01-15 15:56 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys
2007-01-15 15:55 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-01-15 15:55 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-01-15 15:55 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-01-15 15:55 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-01-15 15:55 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-01-15 15:55 <KANSIO> d-a------ C:\Program Files
2007-01-15 15:55 <KANSIO> d-------- C:\Program Files\Common Files\SpeechEngines
2007-01-15 15:55 <KANSIO> d-------- C:\Program Files\Common Files\ODBC
2007-01-15 15:54 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-01-15 15:54 9,008 --a------ C:\WINDOWS\system\VER.DLL
2007-01-15 15:54 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-01-15 15:54 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-01-15 15:54 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-01-15 15:54 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-01-15 15:54 74,240 --a------ C:\WINDOWS\system32\storprop.dll
2007-01-15 15:54 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-01-15 15:54 69,856 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-01-15 15:54 69,632 --a------ C:\WINDOWS\notepad.exe
2007-01-15 15:54 68,768 --a------ C:\WINDOWS\system\mmsystem.dll
2007-01-15 15:54 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-01-15 15:54 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-01-15 15:54 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-01-15 15:54 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-01-15 15:54 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-01-15 15:54 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-01-15 15:54 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-01-15 15:54 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-01-15 15:54 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-01-15 15:54 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-01-15 15:54 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-01-15 15:54 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-01-15 15:54 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-01-15 15:54 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-01-15 15:54 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-01-15 15:54 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-01-15 15:54 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-01-15 15:54 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-01-15 15:54 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-01-15 15:54 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-01-15 15:54 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-01-15 15:54 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-01-15 15:54 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-01-15 15:54 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-01-15 15:54 33,120 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-01-15 15:54 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-01-15 15:54 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-01-15 15:54 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-01-15 15:54 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-01-15 15:54 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-01-15 15:54 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-01-15 15:54 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-01-15 15:54 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-01-15 15:54 109,504 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-01-15 15:54 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-01-15 15:54 <KANSIO> dr------- C:\DOCUME~1\DEFAUL~1\K„ynnist„-valikko
2007-01-15 15:54 <KANSIO> dr------- C:\DOCUME~1\ALLUSE~1\Tiedostot
2007-01-15 15:54 <KANSIO> dr------- C:\DOCUME~1\ALLUSE~1\K„ynnist„-valikko
2007-01-15 15:54 <KANSIO> d--h----- C:\DOCUME~1\DEFAUL~1\Verkkoymp„rist”
2007-01-15 15:54 <KANSIO> d--h----- C:\DOCUME~1\DEFAUL~1\Tulostinymp„rist”
2007-01-15 15:54 <KANSIO> d--h----- C:\DOCUME~1\DEFAUL~1\Mallit
2007-01-15 15:54 <KANSIO> d--h----- C:\DOCUME~1\ALLUSE~1\Mallit
2007-01-15 15:54 <KANSIO> d-------- C:\WINDOWS\system32\CatRoot2
2007-01-15 15:54 <KANSIO> d-------- C:\WINDOWS\system32\CatRoot
2007-01-15 15:54 <KANSIO> d-------- C:\Documents and Settings
2007-01-15 15:54 <KANSIO> d-------- C:\DOCUME~1\DEFAUL~1\Ty”p”yt„
2007-01-15 15:54 <KANSIO> d-------- C:\DOCUME~1\DEFAUL~1\Suosikit
2007-01-15 15:54 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\Ty”p”yt„
2007-01-15 15:54 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\Suosikit


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-17 14:37 -------- d---s---- C:\DOCUME~1\TONJAM~1\Application Data\microsoft
2007-01-15 19:04 -------- d-------- C:\DOCUME~1\TONJAM~1\Application Data\macromedia
2007-01-15 16:17 -------- d-------- C:\DOCUME~1\TONJAM~1\Application Data\identities
2007-01-15 15:54 62 --ahs---- C:\DOCUME~1\TONJAM~1\Application Data\desktop.ini
2006-11-15 11:05 8254464 --a------ C:\WINDOWS\system32\wmploc.dll
2006-11-15 10:39 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-11-15 10:39 229376 --a------ C:\WINDOWS\system32\wmerror.dll
2006-11-15 10:37 6656 --a------ C:\WINDOWS\system32\asferror.dll
2006-11-08 07:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-02 11:52 39936 --------- C:\WINDOWS\system32\wpdshextres.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MS System Call Function"="MSSCF32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"MS System Call Function"="MSSCF32.exe"
"ATIPTA"="C:\\ATI-CPanel\\atiptaxx.exe"
"SoundMan"="SOUNDMAN.EXE"
"Local Security Authority Service"="C:\\WINDOWS\\System32\\lssas.exe"
"Windows Logon Application"="C:\\WINDOWS\\System32\\logon.exe"
"F-Secure Manager"="\"C:\\Program Files\\Elisa Tietoturvapalvelu\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\\Program Files\\Elisa Tietoturvapalvelu\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"F-Secure Startup Wizard"="\"C:\\Program Files\\Elisa Tietoturvapalvelu\\FSGUI\\FSSW.EXE\" /reboot"
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\""
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"MS System Call Function"="MSSCF32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AC16C3BC-AEBE-4B17-B0AD-D2B7F76DFAB8}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MS System Call Function"="MSSCF32.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"MS System Call Function"="MSSCF32.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1168878354.job
C:\WINDOWS\tasks\Scheduled scanning task.job

Completion time: 07-01-24 21:54:09

 

vai tarkoititkohan e-scanin tuloksilla tällästä:

File C:\VundoFix Backups\bfdtqqcq.dll.bad tagged as not-a-virus:AdWare.Win32.Virtumonde.ft. No Action Taken.
File C:\VundoFix Backups\ddccy.dll.bad tagged as not-a-virus:AdWare.Win32.Virtumonde.fp. No Action Taken.
File C:\VundoFix Backups\nqnvacye.exe.bad tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\VundoFix Backups\urqnkhi.dll.bad tagged as not-a-virus:AdWare.Win32.Virtumonde.bq. No Action Taken.

 

juuri tuota tarkoitin

jatketaan:

Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi:
[*]Käynnistä tietokone
[*]Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa
[*]Seuraavaksi pitäisi ilmestyä valikko
[*]Valitse valikosta vikasietotila.

[*] Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix.exe) työpöydälle. Tuplakilikkaa työpöydälle ilmestynyttä sdfix.exe tiedostoa. Tiedosto purkaantuu ja asentaa itsensä siihen levyasemaan, minne on käyttöjärjestelmä on asennettu ja juureen ilmestyy kansio SDFix, ESIM C:\SDFix
[*] Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
[*] Paina Y käynnistääksesi skriptin.
[*] Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
[*] Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
[*] Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
[*] Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
[*] Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle

---------------------------------------------------------------------


Javan päivitys ja välimuistin tyhjennys


1. Klikkaa Käynnistä > Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä:
3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..
5. Käynnistä kone uudelleen asennuksen jälkeen:

http://java.sun.com/javase/downloads/index.jsp

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6

Paina Download

Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna

6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).
7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files nappia.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liusäädintä isommalle).

8. Varmista että kaikki kaksi valintaa ovat rastitettuja:

Applications and Applets

Trace and Log Files

Ok

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.
Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA.
10. Klikkaa OK jättääksesi Java asetusikkunasi.

-----------------------------------------------------------------

[*] Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis lokin kera.
------------------------------------------------------------------
koneellasi oli backdooreja joten:
kaikki salasanat vaihtoon ja jos olet koneelta käyttänyt pankki/luottokorttia ota yhteys pankkiin

 

SDFix: Version 1.62

to 25.01.2007 - 20:01:21,17

Microsoft Windows XP [versio 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:

Path:


Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

No Files Found..




Alternate Streams Check:

C:\WINDOWS\system32
No streams found.

Final Check:

Remaining Services:
------------------


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\System32\\MSSCF32.exe"="C:\\WINDOWS\\System32\\MSSCF32.exe:*:Enabled:MS System Call Function"
"C:\\Program Files\\Elisa Tietoturvapalvelu\\backweb\\4119343\\program\\fspex.exe"="C:\\Program Files\\Elisa Tietoturvapalvelu\\backweb\\4119343\\program\\fspex.exe:*:enabled:Elisa Tietoturvapalvelu"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Omat lataukset\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\Omat lataukset\\DC++\\DCPlusPlus.exe:*:EnabledC++"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\Elisa Tietoturvapalvelu\\backweb\\4119343\\program\\fspex.exe"="C:\\Program Files\\Elisa Tietoturvapalvelu\\backweb\\4119343\\program\\fspex.exe:*:enabled:Elisa Tietoturvapalvelu"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\NTDETECT.COM
C:\WINDOWS\system32\cdplayer.exe.manifest
C:\WINDOWS\system32\logonui.exe.manifest
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp

Finished

_________________________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 20:21:33, on 25.1.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\ATI-CPanel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguiexe.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Omat lataukset\Viruskansio\HiJackThis\scanner.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168884208781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168891235453
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - Unknown owner - C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

 

no niin pudasta tuli

onko vielä ongelmia?

putsataan vielä järjestelmän palautus:

1. Klikkaa oikealla käynnistävalikon My Computer- tai oma tietokone-kuvaketta
2. Valitse Properties/ominaisuudet
3. Valitse System Restore/järjestelmän palauttaminen välilehti
4. Valitse "Turn off System Restore"/poista järjestelmän palauttaminen kaikissa asemissa
5. Paina Apply/käytä
6. Paina OK
7. Käynnistä kone uudelleen
8. Palauta asetukset takaisin

ja loppuun vielä puhtaana pysymis ohje:

-> Käytä CCleaneria -> http://www.ccleaner.com
Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.

-> Asenna SpywareBlaster -> SpywareBlaster
SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia!
Opas saatavilla suomeksi! Nimimerkki Ad-Awaren http://koti.mbnet.fi/pattaya1/spywareblaster.htm

-> Asenna MVPS Hosts tiedosto -> http://mvps.org/winhelp2002/hosts.htm
Estää koneesi yhteyden haitallisiin sivustoihin.
Opas saatavilla suomeksi! Nimimerkki Axelin opas http://aaxxeell.googlepages.com/surffaileturvallisestinetissä!hosts-tiedosto!

-> Vaihda selaimesi Firefoxiin -> http://www.mozilla.org
Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer.

-> Pidä järjestelmäsi ajantasalla. -> http://windowsupdate.microsoft.com
Vieraile Windows Updatessa säännöllisesti.

-> Pidä palomuuri ja virustorjunta ajantasalla
Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi.

 

No kiitoksia avusta ihan hirumuisesti. Ei ole enää yhtään mainosta tullut ja konekin tuntuu toimivan hiukka jouhevammin.

Yks juttu tuli vielä että CCleaner suostui käynnistymään kun olin sen juuri ladannut, mutta kun koitin myöh. uudelleen niin ilmoittaa run-time error '0' ja kun painan ok niin tulee ikkuna, että CCleaner on havainnut virheen ja se suljetaan...

Onkohan siinä tapahtunu latauksessa joku virhe, mut mä koitin ladata sen jo kahdesti.

Nyt koitan totutella firefoxiin...tuntuu näin aluks ihan pässiltä, mutta kaikkeen tottuu ; ) No kiitos sulle kuitenkin ihan hirmuisesti ja toivotaan ettei jatkossa enää tarvisi vaivata!