AfterDawn.com Mainosta sivuillamme
User Käyttäjä Salasana  
  Puuttuuko tunnus? Liity jäseneksi nyt!.
Salasana hukassa? Klikkaa tästä. 		 
  Etusivu   Uutiset   Oppaat   Ohjelmat   Sanasto   Laitevertailu   Profiilit   Keskustelu  
 Yksityisviestit     Luo uusi yksityisviesti     Kaikki uudet viestit     Ilman vastauksia olevat viestiketjut     Hae viestejä
perjantai 5.9.2008 / 18:19
Haku:        In English   Suomeksi   På svenska
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat > virus koneella???
Näytä aiheet
 
Keskustelualueet
Keskustelualueet
virus koneella???
  Siirry:
 
Kirjoittaja Viesti
autsvaara
Newbie
_ 		18. kesäkuuta 2008 @ 02:24 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
ei anna päivittää windowsia??? mikä vikana???
Tässä tiedot.....
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:22:08, on 18.6.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\RevConnect\DCPlusPlus.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Windows Sound] svdhost.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunServices: [Windows Sound] svdhost.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 8879 bytes
[ + lainaa]
yaht
Senior Member

4 tuotearviota
_ 		18. kesäkuuta 2008 @ 11:19 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Jep jep virushan se siellä.

1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä:
Combofix.exe
Combofix.exe

Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

Lainaus:
File::
C:\WINDOWS\svdhost.exe



Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)





Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)


O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
O4 - HKLM\..\Run: [Windows Sound] svdhost.exe
O4 - HKLM\..\RunServices: [Windows Sound] svdhost.exe


Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*
[ + lainaa]
hijackthis -ohje
autsvaara
Newbie
_ 		23. kesäkuuta 2008 @ 20:22 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
tässähän tämä lista taas...miltäs näyttää....?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:21:06, on 23.6.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 7697 bytes
[ + lainaa]
yaht
Senior Member

4 tuotearviota
_ 		23. kesäkuuta 2008 @ 21:01 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Combofix.exe raporttia kaipailisin.

löytyy C:/ nimellä ComboFix.txt
[ + lainaa]
hijackthis -ohje
autsvaara
Newbie
_ 		24. kesäkuuta 2008 @ 00:03 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
joo ok sorry tässä tää uudestaa......ComboFix 08-06-20.4 - kubla 2008-06-23 23:54:20.2 - NTFSx86
Running from: C:\Documents and Settings\kubla\Työpöytä\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-23 to 2008-06-23 )))))))))))))))))
.

2008-06-19 15:35 . 2008-06-19 16:43 <KANSIO> d-------- C:\Documents and Settings\kubla\Application Data\U3
2008-06-18 01:51 . 2008-06-18 01:51 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-18 00:34 . 2008-06-18 00:34 <KANSIO> d-------- C:\Documents and Settings\kubla\Application Data\Malwarebytes
2008-06-18 00:34 . 2008-06-18 00:34 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-18 00:34 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-18 00:34 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-18 00:33 . 2008-06-18 00:34 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-17 23:01 . 2008-06-17 23:01 <KANSIO> d-------- C:\Program Files\ZoneAlarmSB
2008-06-17 23:00 . 2008-06-18 00:03 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-06-17 22:59 . 2008-06-17 22:59 <KANSIO> d-------- C:\Program Files\Zone Labs
2008-06-17 22:59 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-06-17 22:59 . 2008-06-18 00:01 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-06-17 22:58 . 2008-06-18 00:43 <KANSIO> d-------- C:\WINDOWS\Internet Logs
2008-06-16 20:55 . 2008-06-16 20:55 <KANSIO> d-------- C:\Documents and Settings\kubla\Application Data\Ludia
2008-06-16 20:55 . 2008-06-16 20:55 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Ludia
2008-06-16 20:54 . 2008-06-16 20:54 <KANSIO> d-------- C:\WINDOWS\Hell's Kitchen
2008-06-16 20:54 . 2008-06-16 20:54 <KANSIO> d-------- C:\Program Files\Hell's Kitchen
2008-06-16 20:54 . 2008-06-18 02:26 <KANSIO> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-15 00:37 . 2008-06-15 00:37 <KANSIO> d-------- C:\Program Files\Microsoft Silverlight
2008-06-15 00:36 . 2008-06-15 00:36 <KANSIO> d-------- C:\Program Files\Windows Media Connect 2
2008-06-15 00:33 . 2008-06-22 23:16 <KANSIO> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-15 00:05 . 2008-06-15 00:05 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-06-14 23:55 . 2008-04-14 19:11 221,184 --a------ C:\WINDOWS\system32\setb0.tmp
2008-06-14 23:46 . 2008-06-14 23:46 <KANSIO> d-------- C:\WINDOWS\system32\fi
2008-06-14 23:46 . 2008-06-14 23:46 <KANSIO> d-------- C:\WINDOWS\system32\bits
2008-06-14 23:46 . 2008-06-14 23:46 <KANSIO> d-------- C:\WINDOWS\l2schemas
2008-06-14 23:29 . 2006-11-15 11:00 1,671,680 -----c--- C:\WINDOWS\system32\dllcache\setup_wm.exe
2008-06-14 23:28 . 2008-04-14 19:11 651,264 --------- C:\WINDOWS\system32\dot3ui.dll
2008-06-13 17:23 . 2008-06-13 17:23 0 --a------ C:\WINDOWS\tosOBEX.INI
2008-06-13 17:17 . 2008-06-13 17:18 <KANSIO> d-------- C:\Documents and Settings\kubla\Application Data\TOSHIBA
2008-06-13 17:12 . 2006-11-30 19:55 113,792 --a------ C:\WINDOWS\system32\drivers\tosrfbd.sys
2008-06-13 17:12 . 2006-10-05 16:07 73,600 --a------ C:\WINDOWS\system32\drivers\Tosrfhid.sys
2008-06-13 17:12 . 2006-11-22 16:09 53,504 --a------ C:\WINDOWS\system32\drivers\TosRfSnd.sys
2008-06-13 17:12 . 2006-10-28 00:29 40,960 --a------ C:\WINDOWS\system32\drivers\tosrfusb.sys
2008-06-13 17:12 . 2006-11-20 17:55 36,480 --a------ C:\WINDOWS\system32\drivers\tosrfbnp.sys
2008-06-13 17:12 . 2005-01-06 13:42 18,612 --a------ C:\WINDOWS\system32\drivers\tosrfnds.sys
2008-06-13 17:11 . 2008-06-13 17:11 <KANSIO> d-------- C:\Program Files\Toshiba
2008-06-13 17:11 . 2005-08-01 16:45 64,896 --a------ C:\WINDOWS\system32\drivers\tosrfcom.sys
2008-06-13 17:11 . 2006-10-10 19:33 41,600 --a------ C:\WINDOWS\system32\drivers\tosporte.sys
2008-06-13 17:08 . 2008-04-14 19:12 152,064 --a------ C:\WINDOWS\system32\irftp.exe
2008-06-13 17:08 . 2008-04-14 19:11 27,648 --a------ C:\WINDOWS\system32\irmon.dll
2008-06-13 17:08 . 2008-04-14 19:11 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2008-06-12 00:03 . 2008-06-12 00:03 <KANSIO> d-------- C:\Program Files\SATVOD
2008-06-12 00:03 . 2008-06-12 00:03 <KANSIO> d-------- C:\Documents and Settings\kubla\Application Data\MoviesApp
2008-06-11 21:57 . 2008-06-11 22:00 <KANSIO> d-------- C:\Documents and Settings\muut urpot\Application Data\Winamp
2008-06-11 21:56 . 2008-01-24 21:30 <KANSIO> d--h----- C:\Documents and Settings\muut urpot\Verkkoympäristö
2008-06-11 21:56 . 2008-01-24 21:30 <KANSIO> d-------- C:\Documents and Settings\muut urpot\Työpöytä
2008-06-11 21:56 . 2008-01-24 21:30 <KANSIO> d--h----- C:\Documents and Settings\muut urpot\Tulostinympäristö
2008-06-11 21:56 . 2008-06-11 21:56 <KANSIO> dr------- C:\Documents and Settings\muut urpot\Suosikit
2008-06-11 21:56 . 2008-06-11 21:56 <KANSIO> dr------- C:\Documents and Settings\muut urpot\Omat tiedostot
2008-06-11 21:56 . 2008-01-24 21:39 <KANSIO> d--h----- C:\Documents and Settings\muut urpot\Mallit
2008-06-11 21:56 . 2008-01-24 21:30 <KANSIO> dr------- C:\Documents and Settings\muut urpot\Käynnistä-valikko
2008-06-11 21:56 . 2008-06-11 21:56 <KANSIO> d-------- C:\Documents and Settings\muut urpot\Application Data\PC Suite
2008-06-11 21:56 . 2008-06-11 21:56 <KANSIO> d-------- C:\Documents and Settings\muut urpot\Application Data\ATI
2008-06-11 21:56 . 2008-06-11 21:56 <KANSIO> d-------- C:\Documents and Settings\muut urpot
2008-06-11 21:52 . 2008-06-11 21:52 <KANSIO> dr------- C:\Documents and Settings\Vieras\Omat tiedostot
2008-06-11 21:52 . 2008-06-11 21:52 <KANSIO> d-------- C:\Documents and Settings\Vieras\Application Data\ATI
2008-06-11 21:51 . 2008-01-24 21:30 <KANSIO> d--h----- C:\Documents and Settings\Vieras\Verkkoympäristö
2008-06-11 21:51 . 2008-01-24 21:30 <KANSIO> d-------- C:\Documents and Settings\Vieras\Työpöytä
2008-06-11 21:51 . 2008-01-24 21:30 <KANSIO> d--h----- C:\Documents and Settings\Vieras\Tulostinympäristö
2008-06-11 21:51 . 2008-06-11 21:52 <KANSIO> dr------- C:\Documents and Settings\Vieras\Suosikit
2008-06-11 21:51 . 2008-01-24 21:39 <KANSIO> d--h----- C:\Documents and Settings\Vieras\Mallit
2008-06-11 21:51 . 2008-01-24 21:30 <KANSIO> dr------- C:\Documents and Settings\Vieras\Käynnistä-valikko
2008-06-11 21:51 . 2008-06-11 21:51 <KANSIO> d-------- C:\Documents and Settings\Vieras\Application Data\PC Suite
2008-06-11 21:51 . 2008-06-11 21:52 <KANSIO> d-------- C:\Documents and Settings\Vieras
2008-06-11 13:03 . 2008-04-14 18:59 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 13:03 . 2008-05-08 17:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-28 15:28 . 2008-05-28 15:28 <KANSIO> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-27 15:56 . 2008-05-27 15:59 <KANSIO> d-------- C:\Program Files\PANZERS - Phase1
2008-05-27 11:22 . 2008-05-27 11:22 4,096 --a------ C:\WINDOWS\system32\crash
2008-05-27 11:11 . 2008-05-27 11:11 <KANSIO> d-------- C:\Documents and Settings\kubla\Application Data\ATI
2008-05-27 11:11 . 2008-05-27 11:11 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-05-27 10:56 . 2008-05-12 10:49 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-05-27 10:46 . 2008-04-14 19:11 32,768 --a------ C:\WINDOWS\system32\ativtmxx.dll
2008-05-27 10:45 . 2008-04-14 19:12 23,040 --a------ C:\WINDOWS\system32\ativmvxx.ax
2008-05-27 10:45 . 2008-05-27 10:45 10 --a------ C:\WINDOWS\WININIT.INI
2008-05-27 10:20 . 2008-05-27 10:31 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-27 09:28 . 2008-05-27 09:56 <KANSIO> d-------- C:\Program Files\Empire Interactive
2008-05-27 08:53 . 2008-05-27 08:53 <KANSIO> d-------- C:\Program Files\Yamicsoft
2008-05-27 00:07 . 2008-05-27 00:10 <KANSIO> d-------- C:\WINDOWS\system32\XPSViewer
2008-05-27 00:07 . 2008-05-27 00:07 <KANSIO> d-------- C:\Program Files\MSBuild
2008-05-27 00:06 . 2008-05-27 00:06 <KANSIO> d-------- C:\Program Files\Reference Assemblies
2008-05-27 00:06 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-05-27 00:05 . 2008-05-27 00:05 <KANSIO> d-------- C:\Program Files\MSXML 6.0
2008-05-26 12:02 . 2008-05-26 12:02 <KANSIO> d-------- C:\Documents and Settings\kubla\usernotes
2008-05-25 11:44 . 2008-05-25 11:44 <KANSIO> d-------- C:\Program Files\Google

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-23 20:54 --------- d-----w C:\Documents and Settings\kubla\Application Data\uTorrent
2008-06-23 10:08 --------- d-----w C:\Program Files\RevConnect
2008-06-22 20:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-06-17 18:41 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-06-16 08:25 --------- d-----w C:\Program Files\Ubisoft
2008-06-16 08:22 --------- d-----w C:\Program Files\PowerArchiver
2008-06-13 17:11 --------- d-----w C:\Program Files\Pocket Tanks Deluxe
2008-05-30 19:30 --------- d-----w C:\Program Files\SweetIM
2008-05-27 08:09 --------- d-----w C:\Program Files\ATI Technologies
2008-05-22 18:44 --------- d-----w C:\Documents and Settings\kubla\Application Data\PC Suite
2008-05-20 07:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-20 07:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-20 07:13 --------- d-----w C:\Program Files\Lavasoft
2008-05-13 18:43 --------- d-----w C:\Program Files\Winamp
2008-05-13 18:43 --------- d-----w C:\Documents and Settings\kubla\Application Data\Winamp
2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-12 15:56 397,312 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-05-12 15:54 305,152 ------w C:\WINDOWS\system32\ati2dvag.dll
2008-05-12 15:53 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-05-12 15:45 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-05-12 15:45 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-05-12 15:45 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-05-12 15:45 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-05-12 15:44 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-05-12 15:43 540,672 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-05-12 15:43 10,153,984 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-05-12 15:41 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-05-12 15:32 3,203,168 ------w C:\WINDOWS\system32\ati3duag.dll
2008-05-12 15:22 1,999,616 ------w C:\WINDOWS\system32\ativvaxx.dll
2008-05-12 15:09 47,104 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-05-12 15:05 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-05-12 15:05 327,680 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-05-12 15:03 19,968 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-05-12 15:03 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-05-12 15:02 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-05-12 15:02 241,664 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-05-12 14:57 548,864 ------w C:\WINDOWS\system32\ati2cqag.dll
2008-05-12 12:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-11 08:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\MGS
2008-05-11 08:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microgaming
2008-05-09 18:03 --------- d-----w C:\Program Files\Any Video Converter
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 08:44 --------- d-----w C:\Program Files\ProPilkki2
2008-05-07 05:12 1,288,704 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-06 12:23 --------- d-----w C:\Program Files\IObit
2008-04-29 08:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 08:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 08:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-27 12:35 --------- d-----w C:\Documents and Settings\kubla\Application Data\fretsonfire
2008-04-27 12:34 --------- d-----w C:\Program Files\Frets on Fire
2008-04-24 12:46 --------- d-----w C:\Documents and Settings\kubla\Application Data\Nokia Multimedia Player
2008-04-24 12:40 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-04-24 12:40 --------- d-----w C:\Program Files\Common Files\Nokia
2008-04-24 12:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 16:27 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 16:15 331,264 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 16:11 997,888 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 16:10 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-04-14 16:09 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 16:09 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 16:09 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-04-14 16:09 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-14 16:09 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 15:49 2,147,840 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 15:49 2,026,496 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 15:48 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 15:46 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 15:45 80,384 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 15:44 48,640 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 15:43 556,032 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 15:41 9,728 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 15:41 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 15:40 65,536 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 06:12 11,264 ------w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 06:11 992,256 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 06:11 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:43 9,728 ------w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 18:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 18:40 440,832 ------w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 18:36 2,921,984 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 18:35 186,368 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2008-03-31 12:59 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-01-28 20:46 22,328 ----a-w C:\Documents and Settings\kubla\Application Data\PnkBstrK.sys
2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( snapshot@2008-06-23_20.14.04.67 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-23 17:06:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-23 17:24:59 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-23 17:25:05 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6c8.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 21:49 36352]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 18:05 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"BluetoothAuthenticationAgent"="bthprops.cpl,,BluetoothAuthenticationAgent" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 19:12 15360]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-01-18 14:48:42 2752512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2005-09-08 12:06 94208 C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
C:\Program Files\GameSpy\Comrade\Comrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 19:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2006-03-18 05:24 184320 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PowerBar"="C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\RevConnect\\DCPlusPlus.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\EA GAMES\\MOHAA\\moh_Breakthrough.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\ProPilkki2\\ProPilkki2.exe"=
"C:\\UnrealTournament\\System\\UnrealTournament.exe"=
"D:\\imutukset\\Pocket Tanks Deluxe 1.3\\pockettanks.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\B2BPOKER\\Pokerihuone\\jre\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\imutukset\\worms\\Worms\\WA.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28c382dc-3dfc-11dd-b7ef-00508de72078}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-23 23:58:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-24 0:00:18
ComboFix-quarantined-files.txt 2008-06-23 20:59:45
ComboFix2.txt 2008-06-23 17:14:41

Pre-Run: 17,409,376,256 tavua vapaana
Post-Run: 17,393,582,080 tavua vapaana

286 --- E O F --- 2008-06-16 00:00:57
[ + lainaa]
yaht
Senior Member

4 tuotearviota
_ 		24. kesäkuuta 2008 @ 01:06 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Lataa Malwarebytes' Anti-Malware työpöydällesi.

* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Suorita täysi tarkistus ja klikkaa Tarkista.
* Kun skanni on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Poista valitut.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.

[ + lainaa]
hijackthis -ohje
autsvaara
Newbie
_ 		24. kesäkuuta 2008 @ 10:18 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
alwarebytes' Anti-Malware 1.18
Tietokantaversio: 884

10:16:31 24.6.2008
mbam-log-6-24-2008 (10-16-31).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 148091
Kulunut aika: 49 minute(s), 6 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 1

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\System Volume Information\_restore{7612DB6C-C3E7-40A7-B88E-B877FDED9BAE}\RP263\A0050119.exe (Trojan.Agent) -> Quarantined and deleted successfully.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:39, on 24.6.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 7400 bytes
[ + lainaa]
yaht
Senior Member

4 tuotearviota
_ 		24. kesäkuuta 2008 @ 12:50 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Lataa CCleaner tästä

- Asennuksessa poista merkki/rasti kohdasta "asenna Yahoo! toolbar/työkalupalkki".
- Asennuksen jälkeen aukaise CCleaner.
- Valitse vasemmalta pystyrivistä Options.
- Valitse viereisestä pystyrivistä Settings.
- Language kohtaan valitse Suomi.

- Käynnistä CCleaner.
- Valitse Valinnat.
- Paina Lisäasetukset.
- Ota ruksi pois kohdasta "Poista vain yli 48 tuntia vanhat tiedostot Windowsin tilapäiskansioista".

Puhdistaja

- Valitse vasemmalta pystyrivistä Puhdistaja.
- Paina alhaalta Tutki.
Nyt CCleaner tutkii, mitä voidaan poistaa (tempit, cookiessit jne.).
- Kun tutkiminen on valmis, paina Aja CCleaner.
Nyt CCleaner poistaa löydetyt tempit, cookiessit jne.

Rekisterin virheiden korjaus

- Valitse vasemmalta pystyrivistä Rekisteri.
- Paina alhaalta Etsi rekisterin virheitä.
- Kun etsintä on valmis ja olet varma, että haluat korjata ne rivit jotka ovat merkattuja, niin paina Korjaa valitut rekisterin virheet.
- Sinulta kysytään "haluatko varmuuskopioida muutokset rekisteriin", paina Kyllä. Tallenna varmuuskopio vaikka "Omat tiedostot" -kansioon.
- Klikkaa uudesta aukeavasta ikkunasta Korjaa kaikki valitut virheet.
- Saat vielä varmistus kysymyksen, paina Ok.
- Kun virheet on korjattu, paina Sulje.

Nyt voit suljea CCleanerin painamalla oikealta ylhäältä punaista rastia.

Javan päivitys ja välimuistin tyhjennys:

1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä:


3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..
5. Käynnistä kone uudelleen asennuksen jälkeen:

http://java.sun.com/javase/downloads/index.jsp

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u6

Paina Download

Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se.

6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).

7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Varmista että kaikki kaksi valintaa ovat rastitettuja:

*Applications and Applets

*Trace and Log Files

Ja paina OK -nappia

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.

10. Klikkaa OK jättääksesi Java asetusikkunasi.
[ + lainaa]
hijackthis -ohje
autsvaara
Newbie
_ 		27. kesäkuuta 2008 @ 23:39 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
onko täs vielä jotain vikaa???


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:33:08, on 27.6.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 8122 bytes
[ + lainaa]
Mainos
_ 		__
 
_
autsvaara
Newbie
_ 		27. kesäkuuta 2008 @ 23:50 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
tässä olis tää vielä....



Microsoft Windows XP Professional 5.1.2600.3.1252.1.1035.18.611 [GMT 3:00]
Running from: C:\Documents and Settings\kubla\Työpöytä\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-27 to 2008-06-27 )))))))))))))))))
.

2008-06-25 15:45 . 2008-06-25 15:45 <KANSIO> d-------- C:\Program Files\Sierra
2008-06-25 12:35 . 2008-06-25 12:35 <KANSIO> d-------- C:\Program Files\Eidos Interactive
2008-06-25 11:56 . 2008-06-25 11:56 122 --a------ C:\WINDOWS\WA.INI
2008-06-25 11:51 . 2008-06-25 11:51 <KANSIO> d-------- C:\Documents and Settings\kubla\WINDOWS
2008-06-25 11:37 . 2008-06-25 11:37 1,594,542 --a------ C:\WINDOWS\WANEUninstaller.exe
2008-06-25 11:32 . 2008-06-25 13:29 <KANSIO> d-------- C:\Games
2008-06-24 18:37 . 2008-06-24 18:37 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-06-24 18:37 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-24 18:23 . 2008-06-24 18:23 <KANSIO> d-------- C:\Program Files\Yahoo!
2008-06-24 18:23 . 2008-06-24 18:23 <KANSIO> d-------- C:\Program Files\CCleaner
2008-06-19 15:35 . 2008-06-19 16:43 <KANSIO> d-------- C:\Documents and Settings\kubla\Application Data\U3
2008-06-18 01:51 . 2008-06-18 01:51 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-18 00:34 . 2008-06-18 00:34 <KANSIO> d-------- C:\Documents and Settings\kubla\Application Data\Malwarebytes
2008-06-18 00:34 . 2008-06-18 00:34 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-18 00:34 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-18 00:34 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-18 00:33 . 2008-06-24 09:26 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-17 23:01 . 2008-06-17 23:01 <KANSIO> d-------- C:\Program Files\ZoneAlarmSB
2008-06-17 23:00 . 2008-06-18 00:03 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-06-17 22:59 . 2008-06-17 22:59 <KANSIO> d-------- C:\Program Files\Zone Labs
2008-06-17 22:59 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-06-17 22:59 . 2008-06-18 00:01 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-06-17 22:58 . 2008-06-18 00:43 <KANSIO> d-------- C:\WINDOWS\Internet Logs
2008-06-16 20:55 . 2008-06-16 20:55 <KANSIO> d-------- C:\Documents and Settings\kubla\Application Data\Ludia
2008-06-16 20:55 . 2008-06-16 20:55 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Ludia
2008-06-16 20:54 . 2008-06-16 20:54 <KANSIO> d-------- C:\WINDOWS\Hell's Kitchen
2008-06-16 20:54 . 2008-06-16 20:54 <KANSIO> d-------- C:\Program Files\Hell's Kitchen
2008-06-16 20:54 . 2008-06-18 02:26 <KANSIO> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-15 00:37 . 2008-06-15 00:37 <KANSIO> d-------- C:\Program Files\Microsoft Silverlight
2008-06-15 00:36 . 2008-06-15 00:36 <KANSIO> d-------- C:\Program Files\Windows Media Connect 2
2008-06-15 00:33 . 2008-06-22 23:16 <KANSIO> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-15 00:05 . 2008-06-15 00:05 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-06-14 23:55 . 2008-04-14 19:11 221,184 --a------ C:\WINDOWS\system32\setb0.tmp
2008-06-14 23:46 . 2008-06-14 23:46 <KANSIO> d-------- C:\WINDOWS\system32\fi
2008-06-14 23:46 . 2008-06-14 23:46 <KANSIO> d-------- C:\WINDOWS\system32\bits
2008-06-14 23:46 . 2008-06-14 23:46 <KANSIO> d-------- C:\WINDOWS\l2schemas
2008-06-14 23:29 . 2006-11-15 11:00 1,671,680 -----c--- C:\WINDOWS\system32\dllcache\setup_wm.exe
2008-06-14 23:28 . 2008-04-14 19:11 651,264 --------- C:\WINDOWS\system32\dot3ui.dll
2008-06-13 17:23 . 2008-06-13 17:23 0 --a------ C:\WINDOWS\tosOBEX.INI
2008-06-13 17:17 . 2008-06-13 17:18 <KANSIO> d-------- C:\Documents and Settings\kubla\Application Data\TOSHIBA
2008-06-13 17:12 . 2006-11-30 19:55 113,792 --a------ C:\WINDOWS\system32\drivers\tosrfbd.sys
2008-06-13 17:12 . 2006-10-05 16:07 73,600 --a------ C:\WINDOWS\system32\drivers\Tosrfhid.sys
2008-06-13 17:12 . 2006-11-22 16:09 53,504 --a------ C:\WINDOWS\system32\drivers\TosRfSnd.sys
2008-06-13 17:12 . 2006-10-28 00:29 40,960 --a------ C:\WINDOWS\system32\drivers\tosrfusb.sys
2008-06-13 17:12 . 2006-11-20 17:55 36,480 --a------ C:\WINDOWS\system32\drivers\tosrfbnp.sys
2008-06-13 17:12 . 2005-01-06 13:42 18,612 --a------ C:\WINDOWS\system32\drivers\tosrfnds.sys
2008-06-13 17:11 . 2008-06-13 17:11 <KANSIO> d-------- C:\Program Files\Toshiba
2008-06-13 17:11 . 2005-08-01 16:45 64,896 --a------ C:\WINDOWS\system32\drivers\tosrfcom.sys
2008-06-13 17:11 . 2006-10-10 19:33 41,600 --a------ C:\WINDOWS\system32\drivers\tosporte.sys
2008-06-13 17:08 . 2008-04-14 19:12 152,064 --a------ C:\WINDOWS\system32\irftp.exe
2008-06-13 17:08 . 2008-04-14 19:11 27,648 --a------ C:\WINDOWS\system32\irmon.dll
2008-06-13 17:08 . 2008-04-14 19:11 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2008-06-11 21:57 . 2008-06-11 22:00 <KANSIO> d-------- C:\Documents and Settings\muut urpot\Application Data\Winamp
2008-06-11 21:56 . 2008-01-24 21:30 <KANSIO> d--h----- C:\Documents and Settings\muut urpot\Verkkoympäristö
2008-06-11 21:56 . 2008-01-24 21:30 <KANSIO> d-------- C:\Documents and Settings\muut urpot\Työpöytä
2008-06-11 21:56 . 2008-01-24 21:30 <KANSIO> d--h----- C:\Documents and Settings\muut urpot\Tulostinympäristö
2008-06-11 21:56 . 2008-06-11 21:56 <KANSIO> dr------- C:\Documents and Settings\muut urpot\Suosikit
2008-06-11 21:56 . 2008-06-11 21:56 <KANSIO> dr------- C:\Documents and Settings\muut urpot\Omat tiedostot
2008-06-11 21:56 . 2008-01-24 21:39 <KANSIO> d--h----- C:\Documents and Settings\muut urpot\Mallit
2008-06-11 21:56 . 2008-01-24 21:30 <KANSIO> dr------- C:\Documents and Settings\muut urpot\Käynnistä-valikko
2008-06-11 21:56 . 2008-06-11 21:56 <KANSIO> d-------- C:\Documents and Settings\muut urpot\Application Data\PC Suite
2008-06-11 21:56 . 2008-06-11 21:56 <KANSIO> d-------- C:\Documents and Settings\muut urpot\Application Data\ATI
2008-06-11 21:56 . 2008-06-11 21:56 <KANSIO> d-------- C:\Documents and Settings\muut urpot
2008-06-11 21:52 . 2008-06-11 21:52 <KANSIO> dr------- C:\Documents and Settings\Vieras\Omat tiedostot
2008-06-11 21:52 . 2008-06-11 21:52 <KANSIO> d-------- C:\Documents and Settings\Vieras\Application Data\ATI
2008-06-11 21:51 . 2008-01-24 21:30 <KANSIO> d--h----- C:\Documents and Settings\Vieras\Verkkoympäristö
2008-06-11 21:51 . 2008-01-24 21:30 <KANSIO> d-------- C:\Documents and Settings\Vieras\Työpöytä
2008-06-11 21:51 . 2008-01-24 21:30 <KANSIO> d--h----- C:\Documents and Settings\Vieras\Tulostinympäristö
2008-06-11 21:51 . 2008-06-11 21:52 <KANSIO> dr------- C:\Documents and Settings\Vieras\Suosikit
2008-06-11 21:51 . 2008-01-24 21:39 <KANSIO> d--h----- C:\Documents and Settings\Vieras\Mallit
2008-06-11 21:51 . 2008-01-24 21:30 <KANSIO> dr------- C:\Documents and Settings\Vieras\Käynnistä-valikko
2008-06-11 21:51 . 2008-06-11 21:51 <KANSIO> d-------- C:\Documents and Settings\Vieras\Application Data\PC Suite
2008-06-11 21:51 . 2008-06-11 21:52 <KANSIO> d-------- C:\Documents and Settings\Vieras
2008-06-11 13:03 . 2008-04-14 18:59 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 13:03 . 2008-05-08 17:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-28 15:28 . 2008-05-28 15:28 <KANSIO> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-27 15:56 . 2008-05-27 15:59 <KANSIO> d-------- C:\Program Files\PANZERS - Phase1
2008-05-27 11:22 . 2008-05-27 11:22 4,096 --a------ C:\WINDOWS\system32\crash
2008-05-27 11:11 . 2008-05-27 11:11 <KANSIO> d-------- C:\Documents and Settings\kubla\Application Data\ATI
2008-05-27 11:11 . 2008-05-27 11:11 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-05-27 10:56 . 2008-05-12 10:49 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-05-27 10:46 . 2008-04-14 19:11 32,768 --a------ C:\WINDOWS\system32\ativtmxx.dll
2008-05-27 10:45 . 2008-04-14 19:12 23,040 --a------ C:\WINDOWS\system32\ativmvxx.ax
2008-05-27 10:45 . 2008-05-27 10:45 10 --a------ C:\WINDOWS\WININIT.INI
2008-05-27 10:20 . 2008-05-27 10:31 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-27 08:53 . 2008-05-27 08:53 <KANSIO> d-------- C:\Program Files\Yamicsoft
2008-05-27 00:07 . 2008-05-27 00:10 <KANSIO> d-------- C:\WINDOWS\system32\XPSViewer
2008-05-27 00:07 . 2008-05-27 00:07 <KANSIO> d-------- C:\Program Files\MSBuild
2008-05-27 00:06 . 2008-05-27 00:06 <KANSIO> d-------- C:\Program Files\Reference Assemblies
2008-05-27 00:06 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-05-27 00:05 . 2008-05-27 00:05 <KANSIO> d-------- C:\Program Files\MSXML 6.0

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-27 20:27 --------- d-----w C:\Documents and Settings\kubla\Application Data\uTorrent
2008-06-25 13:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-25 12:45 --------- d-----w C:\Program Files\RevConnect
2008-06-25 12:38 --------- d-----w C:\Program Files\PowerArchiver
2008-06-24 15:37 --------- d-----w C:\Program Files\Java
2008-06-22 20:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-06-17 18:41 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-06-16 08:25 --------- d-----w C:\Program Files\Ubisoft
2008-06-13 17:11 --------- d-----w C:\Program Files\Pocket Tanks Deluxe
2008-05-30 19:30 --------- d-----w C:\Program Files\SweetIM
2008-05-27 08:09 --------- d-----w C:\Program Files\ATI Technologies
2008-05-25 08:44 --------- d-----w C:\Program Files\Google
2008-05-22 18:44 --------- d-----w C:\Documents and Settings\kubla\Application Data\PC Suite
2008-05-20 07:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-20 07:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-20 07:13 --------- d-----w C:\Program Files\Lavasoft
2008-05-13 18:43 --------- d-----w C:\Program Files\Winamp
2008-05-13 18:43 --------- d-----w C:\Documents and Settings\kubla\Application Data\Winamp
2008-05-12 16:30 3