nyt apua! tässä hijackthis logi

Hujo · 29.05.2007

Tuossahan tuo näkyy kun finni ottassa.

O4 - HKLM\..\Run: [ipmon] ipmon.exe

=====================

tees nyt tämä siellä

Lataa SmitfraudFix (c) S!Ri http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:

Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
Postita tämän tekstitiedoston sisältö viestiketjuusi.

Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää.

AfterDawn

AIMKilla · 29.05.2007

no olin tohon edelliseen viestiin kyllä laittanut siihen loppuun että "EDIT: poistin ton ipmon.exe" että ei se finni näy enää.

täs kuitenkin smitfaund loki ja Hijackthis loki

redsmitfaund

SmitFraudFix v2.188

Scan done at 19:50:09,70, ti 29.05.2007
Run from C:\Documents and Settings\Jani\Ty”p”yt„\Uusi kansio (2)\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir Workstation\avguard.exe
C:\Program Files\AntiVir Workstation\sched.exe
C:\Program Files\AntiVir Workstation\avesvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ULI5289\ALi5289.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\A-Link\RoadRunner 32\CnxDslTb.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\AntiVir Workstation\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Steam\Steam.exe
D:\mIRC\mirc.exe
D:\MOZILLA\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\RegistryCleanerSetup.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jani

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jani\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Jani\Suosikit

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Nykyinen kotisivu"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32-xpdt

xpdt detected, use a Rootkit scanner

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: A-Link RoadRunner 32 USB ADSL - Paketinajoituksen miniportti
DNS Server Search Order: 62.148.192.130
DNS Server Search Order: 62.148.192.154

HKLM\SYSTEM\CCS\Services\Tcpip\..\{4F81C30C-10B9-4D15-B04D-AD4727C1958F}: DhcpNameServer=62.148.192.130 62.148.192.154
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4F81C30C-10B9-4D15-B04D-AD4727C1958F}: DhcpNameServer=62.148.192.130 62.148.192.154
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4F81C30C-10B9-4D15-B04D-AD4727C1958F}: DhcpNameServer=62.148.192.130 62.148.192.154
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=62.148.192.130 62.148.192.154
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=62.148.192.130 62.148.192.154
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=62.148.192.130 62.148.192.154

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 19:54:29, on 29.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir Workstation\avguard.exe
C:\Program Files\AntiVir Workstation\sched.exe
C:\Program Files\AntiVir Workstation\avesvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ULI5289\ALi5289.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\A-Link\RoadRunner 32\CnxDslTb.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\AntiVir Workstation\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Steam\Steam.exe
D:\mIRC\mirc.exe
D:\MOZILLA\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Jani\Työpöytä\scanner.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Bitcomet\tools\BitCometBHO_1.1.3.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\A-Link\RoadRunner 32\CnxDslTb.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir Workstation\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Download all links using BitComet - res://D:\Bitcomet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://D:\Bitcomet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://D:\Bitcomet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'avsda.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174641095828
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Windows Workstation MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\AntiVir Workstation\avmailc.exe
O23 - Service: AntiVir Windows Workstation Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir Workstation\sched.exe
O23 - Service: AntiVir Windows Workstation Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir Workstation\avguard.exe
O23 - Service: AntiVir Windows Workstation MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\AntiVir Workstation\avesvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Hujo · 29.05.2007

Printtaa ohjeet ulos.

Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi.

Kun vikasietotilassa, avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
Valitse optio #2 - Clean kirjoittamalla 2 ja painamalla "Enter" poistaaksesi tarttuneet tiedostot.

Sinulta kysytään: "Registry cleaning - Do you want to clean the registry ?"; vastaa "Yes" kirjoittamalla Y ja paina "Enter" poistaaksesi työpöydän taustakuvan ja puhdistaaksesi tarttuneet rekisteriavaimet.

Työkalu tarkistaa jos wininet.dll on tarttunut. Sinua saatetaan pyytää korvaamaan tarttunut .dll (jos löytyy); vastaa "Yes" kirjoittamalla Y ja painamalla "Enter".

Työkalun saattaa tarvita käynnistää kone uudelleen; jos ei tee niin, käynnistä normaaliin Windowsiin.
Tekstitiedosto ilmestyy, puhdistusprosessin jäljiltä; kopioi & liitä tämän raportin tulokset vastaukseesi.
Raportti löytyy paikalliselta levyltäsi, useimmiten C:\rapport.txt.

Varoitus : Ajamalla optio 2:n EI-tarttuneessa tietokoneessa, poistaa sinun työpöytäsi taustakuvan.

AIMKilla · 29.05.2007

SmitFraudFix v2.188

Scan done at 23:13:13,54, ti 29.05.2007
Run from C:\Documents and Settings\Jani\Ty”p”yt„\Uusi kansio (2)\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\RegistryCleanerSetup.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jani

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jani\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Jani\Suosikit

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Nykyinen kotisivu"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32-xpdt

xpdt detected, use a Rootkit scanner

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{4F81C30C-10B9-4D15-B04D-AD4727C1958F}: DhcpNameServer=62.148.192.130 62.148.192.154
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4F81C30C-10B9-4D15-B04D-AD4727C1958F}: DhcpNameServer=62.148.192.130 62.148.192.154
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4F81C30C-10B9-4D15-B04D-AD4727C1958F}: DhcpNameServer=62.148.192.130 62.148.192.154
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=62.148.192.130 62.148.192.154
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=62.148.192.130 62.148.192.154
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=62.148.192.130 62.148.192.154

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

eiköhän rupeen oleen tässä ?
mihinkähän bittien maailmaan noi ohjelmat nyt menee kun poistelen niitä, aina niistä jää jotakin rompetta.

Hujo · 29.05.2007

uudestaan smitfraudfix vikasiedossa ei mennyt oikeen

paina numero 2 ja enter

==============

sitten aja tuo RustBFix by ejvindh uudelleen ohjeet löytyy ylhäältä tässä ketjussa

Auttaja · 29.05.2007

Laita uusi hijackthislogi

AIMKilla · 30.05.2007

SmitFraudFix v2.188

Scan done at 12:39:22,51, ke 30.05.2007
Run from C:\Documents and Settings\Jani\Ty”p”yt„\Uusi kansio (2)\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\RegistryCleanerSetup.exe Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

=======================================================================

************************* Rustock.b-fix v. 1.01 -- By ejvindh *************************
ke 30.05.2007 12:50:44,31

******************* Pre-run Status of system *******************

Rootkit driver xpdt is found. Starting the unload-procedure....

Rustock.b-ADS attached to the System32-folder:
No streams found.

Looking for Rustock.b-files in the System32-folder:
No Rustock.b-files found in system32

******************* Post-run Status of system *******************

Rustock.b-driver on the system: NONE!

Rustock.b-ADS attached to the System32-folder:
No System32-ADS found.

Looking for Rustock.b-files in the System32-folder:
No Rustock.b-files found in system32

******************************* End of Logfile ********************************

=====================================================================

Logfile of HijackThis v1.99.1
Scan saved at 12:59:15, on 30.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir Workstation\avguard.exe
C:\Program Files\AntiVir Workstation\sched.exe
C:\Program Files\AntiVir Workstation\avesvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ULI5289\ALi5289.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\A-Link\RoadRunner 32\CnxDslTb.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\AntiVir Workstation\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
D:\steam\steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
D:\MOZILLA\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Jani\Työpöytä\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Bitcomet\tools\BitCometBHO_1.1.3.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\A-Link\RoadRunner 32\CnxDslTb.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir Workstation\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Download all links using BitComet - res://D:\Bitcomet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://D:\Bitcomet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://D:\Bitcomet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'avsda.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174641095828
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Windows Workstation MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\AntiVir Workstation\avmailc.exe
O23 - Service: AntiVir Windows Workstation Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir Workstation\sched.exe
O23 - Service: AntiVir Windows Workstation Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir Workstation\avguard.exe
O23 - Service: AntiVir Windows Workstation MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\AntiVir Workstation\avesvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Hujo · 30.05.2007

Lataa GMER http://www.gmer.net/gmer.zip ja tallenna se työpöydällesi:

• Pura se työpöydälle ja tuplaklikkaa tiedostoa GMER.exe
• Klikkaa rootkit-välilehteä ja sitten klikkaa scan.
• Älä rastita "Show All" boksia skannauksen aikana!
• Kun skannaus on valmis, klikkaa Copy.
• Tämä kopioi lokin leikepöydälle (voit tallentaa lokin varmuuden vuoksi tekstitiedostoon).
• Liitä loki sitten viestiketjuusi.

=====================

Ohje AVG:n Anti-Spyware 7.5:n käyttöön
Huom! Tässä ohjeessa sammutetaan tuo reaaliaikasuojaus (Shield). Näin vältetään tilanteet joissa suojaus estäisi esim HijackThis:n työkalun toimintaa.

Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta

Lataa AVG:n Anti-Spyware 7.5:n
ja tallenna ohjelma työpöydällesi.
o Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
o Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
o Käynnistä AVG:n Anti-Spyware.
o Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.

o Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.

o Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
o Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".

o Sitten "Reports" valikon alta:
o Laita täppi kohtaan "Automatically generate report after every scan"
o Ota täppi pois kohdasta"Only if threats were found"

o Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
o "Resident shield is", muuta tila active:sta inactive:ksi
o Sulje ohjelma, ÄLÄ skannaa vielä.

Käynnistä koneesi vikasietotilaan,
sammuta ja käynnistä
käynnistyksen yhteydessä naputtele F8
valitse nuoli näppäimellä vikasietotila
paina enter ja enter

HUOM! Älä käytä muita ohjelmia AVG:n skannauksen aikana, tämä saattaa häiritä skannausta.
o Kun vikasietotilassa, käynnistä AVG:n Anti-Spyware.
o Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
o Ewido aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.

Kun skannaus on valmis:
TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
o Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
o Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"

o Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
o Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
o Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestikejuusi.

==========================

Lataa Atribunen ATF Cleaner

Ohjeet;

Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.
Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Jos käytät Operaa selaimenasiKlikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)

AIMKilla · 30.05.2007

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 18:13:19 30.5.2007

+ Scan result:

C:\System Volume Information\_restore{5A3F7C7C-F191-437F-B203-9303DA68FBA3}\RP130\A0009495.exe -> Adware.SaveNow : Cleaned.
C:\System Volume Information\_restore{5A3F7C7C-F191-437F-B203-9303DA68FBA3}\RP131\A0009717.exe -> Adware.SaveNow : Cleaned.
C:\System Volume Information\_restore{5A3F7C7C-F191-437F-B203-9303DA68FBA3}\RP134\A0010079.exe -> Adware.SaveNow : Cleaned.
C:\System Volume Information\_restore{5A3F7C7C-F191-437F-B203-9303DA68FBA3}\RP176\A0024911.exe -> Adware.SaveNow : Cleaned.
D:\VLC\SetupInstRe.exe -> Adware.SaveNow : Cleaned.
C:\System Volume Information\_restore{5A3F7C7C-F191-437F-B203-9303DA68FBA3}\RP174\A0024609.exe -> Dialer.GBDialer.i : Cleaned.
C:\System Volume Information\_restore{5A3F7C7C-F191-437F-B203-9303DA68FBA3}\RP174\A0024615.exe -> Dialer.GBDialer.i : Cleaned.
C:\System Volume Information\_restore{5A3F7C7C-F191-437F-B203-9303DA68FBA3}\RP176\A0024909.exe -> Downloader.Agent.aii : Cleaned.
C:\System Volume Information\_restore{5A3F7C7C-F191-437F-B203-9303DA68FBA3}\RP174\A0024607.exe -> Downloader.Small.cwj : Cleaned.
C:\System Volume Information\_restore{5A3F7C7C-F191-437F-B203-9303DA68FBA3}\RP174\A0024617.exe -> Downloader.Small.cwj : Cleaned.
C:\System Volume Information\_restore{5A3F7C7C-F191-437F-B203-9303DA68FBA3}\RP176\A0024907.exe -> Hijacker.Agent.is : Cleaned.
C:\Documents and Settings\Jani\Cookies\jani@pinnaclesystems.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jani\Cookies\jani@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned.
C:\Documents and Settings\Jani\Cookies\jani@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Jani\Cookies\jani@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\System Volume Information\_restore{5A3F7C7C-F191-437F-B203-9303DA68FBA3}\RP174\A0024598.dll -> Trojan.Agent.qt : Cleaned.
C:\System Volume Information\_restore{5A3F7C7C-F191-437F-B203-9303DA68FBA3}\RP175\A0024832.dll -> Trojan.Agent.qt : Cleaned.
C:\System Volume Information\_restore{5A3F7C7C-F191-437F-B203-9303DA68FBA3}\RP174\A0021307.exe -> Trojan.Obfuscated.en : Cleaned.
C:\System Volume Information\_restore{5A3F7C7C-F191-437F-B203-9303DA68FBA3}\RP174\A0022443.exe -> Trojan.Obfuscated.en : Cleaned.
C:\System Volume Information\_restore{5A3F7C7C-F191-437F-B203-9303DA68FBA3}\RP176\A0024908.exe -> Trojan.Obfuscated.en : Cleaned.
C:\System Volume Information\_restore{5A3F7C7C-F191-437F-B203-9303DA68FBA3}\RP176\A0024913.exe -> Trojan.Obfuscated.en : Cleaned.
C:\System Volume Information\_restore{5A3F7C7C-F191-437F-B203-9303DA68FBA3}\RP176\A0024929.exe -> Trojan.Pakes.edg : Cleaned.
C:\System Volume Information\_restore{5A3F7C7C-F191-437F-B203-9303DA68FBA3}\RP174\A0021422.exe -> Trojan.Rond : Cleaned.

tosta gmer en saanut kopiota, sanoo että menee johonkin clipboardiin, mutta en ole löytänyt mistää reporttii, mulla on muuten välis on zonealarm kaas ongelmia, ei meinaa mennä nettii kun se on päällä, en sit tiiä mikkä asetukset auttaa..muutenkin siin on se vihree ja punanen näkyy koko ajan tuol alapalkis, niin se vihree on huipussaan mutta punanen ei..onkohan normaalia. tota noin täs on nyt hijack loki viel tosta avg skannauksen jälkeen..paljonkohan tässä on hommaa viel ? Lisäksi kone sammuu välis yhtäkkiä ja ilmoittaa palaavansa vakavasta virheestä .. *huoh* Lisäksi joihinkin pikakuvakkeisiin on tullut tummia kohtia, en tii' sit.

Logfile of HijackThis v1.99.1
Scan saved at 18:25:52, on 30.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir Workstation\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir Workstation\sched.exe
C:\Program Files\AntiVir Workstation\avesvc.exe
C:\Program Files\ULI5289\ALi5289.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\A-Link\RoadRunner 32\CnxDslTb.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\AntiVir Workstation\avgnt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\MOZILLA\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Jani\Työpöytä\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Bitcomet\tools\BitCometBHO_1.1.3.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\A-Link\RoadRunner 32\CnxDslTb.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir Workstation\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Download all links using BitComet - res://D:\Bitcomet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://D:\Bitcomet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://D:\Bitcomet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'avsda.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174641095828
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Windows Workstation MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\AntiVir Workstation\avmailc.exe
O23 - Service: AntiVir Windows Workstation Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir Workstation\sched.exe
O23 - Service: AntiVir Windows Workstation Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir Workstation\avguard.exe
O23 - Service: AntiVir Windows Workstation MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\AntiVir Workstation\avesvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Auttaja · 30.05.2007

ajappas tää uudestaan

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

========0

myös tää internet explorerila

Tarkista koneesi F-Securen online skannerilla

Huom, skanneri toimii vain Internet Explorer selaimella

* Lue sivun ohjeet huolella läpi
* Klikkaa Start scanning
* Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
* Klikkaa Accept
* Klikkaa Custom Scan
* Säädä asetukset seuraavasti

o "Virus Scan Option" kohdasta valitse Scan whole system
o "Other Scan Option" kohdasta valitse Scan All Files
o Valitse Scan whole system for rootkits
o Valitse Scan whole system for spyware
o Laita ruksi kohtaan Scan inside archives
o Varmista että Use advanced heuristics on valittuna

* Klikkaa Start
* Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
* Odota kärsivällisesti
* Kun sakannaus on suoritettu, klikkaa Automatic cleaning
* Klikkaa Show Report
* Raportti aukeaa selaimessa, kopioi teksti kokonaan
* Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
* Voit sulkea skannerin
* Lähetä raportti viestiketjuusi

AIMKilla · 30.05.2007

Scanning Report
Wednesday, May 30, 2007 21:07:02 - 22:03:05

Computer name: PER-7JTLEFD7PII
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\
Result: 2 malware found
Tracking Cookie (spyware)

* System (Disinfected)
* System

Statistics
Scanned:

* Files: 30895
* System: 3876
* Not scanned: 2

Actions:

* Disinfected: 1
* Renamed: 0
* Deleted: 0
* None: 1
* Submitted: 0

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

Options
Scanning engines:

* F-Secure Libra: 2.4.2, 2007-05-30
* F-Secure AVP: 7.0.171, 2007-05-30
* F-Secure Orion: 1.2.37, 2007-05-30
* F-Secure Blacklight: 1.0.53
* F-Secure Draco: 1.0.35, 0260-23-12
* F-Secure Pegasus: 1.19.0, 2007-04-28

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
* Use Advanced heuristics

"Jani" - 2007-05-30 20:34:30 Service Pack 2
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Jani\Ty”p”yt„\"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

"C:\WINDOWS\system32\xpdt.sys"

((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-30 ))))))))))))))))))))))))))))))))))

2007-05-29 23:18 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2007-05-29 20:44 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-05-29 20:44 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL
2007-05-29 20:44 82,432 --------- C:\WINDOWS\system32\msxml4r.dll
2007-05-29 20:44 81,920 --------- C:\WINDOWS\system32\vdrmux.dll
2007-05-29 20:44 76,800 --------- C:\WINDOWS\system32\Lfwmf13n.dll
2007-05-29 20:44 73,728 --------- C:\WINDOWS\system32\MMAviAx.dll
2007-05-29 20:44 73,728 --------- C:\WINDOWS\system32\lffax13n.dll
2007-05-29 20:44 65,536 --------- C:\WINDOWS\system32\Lfpct13n.dll
2007-05-29 20:44 46,592 --------- C:\WINDOWS\system32\vdrcodec.dll
2007-05-29 20:44 453,120 --------- C:\WINDOWS\system32\ltkrn13n.dll
2007-05-29 20:44 44,544 --------- C:\WINDOWS\system32\msxml4a.dll
2007-05-29 20:44 40,960 --------- C:\WINDOWS\system32\langserv.dll
2007-05-29 20:44 393,216 --------- C:\WINDOWS\system32\LFCMP13n.DLL
2007-05-29 20:44 32,768 --------- C:\WINDOWS\system32\MLPagAx.dll
2007-05-29 20:44 30,208 --------- C:\WINDOWS\system32\lfbmp13n.dll
2007-05-29 20:44 294,912 --------- C:\WINDOWS\system32\pvmjpg21.dll
2007-05-29 20:44 278,016 --------- C:\WINDOWS\system32\LFJ2K13n.dll
2007-05-29 20:44 24,576 --------- C:\WINDOWS\system32\lftga13n.dll
2007-05-29 20:44 204,881 --------- C:\WINDOWS\system32\DiskIO.dll
2007-05-29 20:44 18,432 --------- C:\WINDOWS\system32\Cachex.dll
2007-05-29 20:44 155,721 --------- C:\WINDOWS\system32\RALMain.dll
2007-05-29 20:44 153,088 --------- C:\WINDOWS\system32\ltfil13n.DLL
2007-05-29 20:44 143,360 --------- C:\WINDOWS\system32\lftif13n.dll
2007-05-29 20:44 114,759 --------- C:\WINDOWS\system32\Aviprax.dll
2007-05-29 20:44 1,693,696 --------- C:\WINDOWS\system32\LTCLR13n.dll
2007-05-29 20:43 90,112 --a------ C:\WINDOWS\unvise32.exe
2007-05-29 20:43 406,016 --a------ C:\WINDOWS\system32\PSDrvCheck.exe
2007-05-29 20:43 19,456 --a------ C:\WINDOWS\system32\asapi.dll
2007-05-29 20:43 11,264 --a------ C:\WINDOWS\system32\drivers\asapiW2k.sys
2007-05-29 20:43 <KANSIO> d-------- C:\WINDOWS\system32\Quicktime
2007-05-29 20:43 <KANSIO> d-------- C:\Program Files\SmartSound Software
2007-05-29 20:43 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SmartSound Software Inc
2007-05-29 20:42 974,848 --a------ C:\WINDOWS\system32\MFC70.DLL
2007-05-29 20:42 964,608 --a------ C:\WINDOWS\system32\MFC70U.DLL
2007-05-29 20:42 65,536 --a------ C:\WINDOWS\system32\MFC71DEU.DLL
2007-05-29 20:42 61,440 --a------ C:\WINDOWS\system32\pclepim1.dll
2007-05-29 20:42 61,440 --a------ C:\WINDOWS\system32\MFC71ITA.DLL
2007-05-29 20:42 61,440 --a------ C:\WINDOWS\system32\MFC71FRA.DLL
2007-05-29 20:42 61,440 --a------ C:\WINDOWS\system32\MFC71ESP.DLL
2007-05-29 20:42 57,344 --a------ C:\WINDOWS\system32\MFC71ENU.DLL
2007-05-29 20:42 54,784 --a------ C:\WINDOWS\system32\MSVCI70.DLL
2007-05-29 20:42 49,152 --a------ C:\WINDOWS\system32\PCLEGetGuid.dll
2007-05-29 20:42 49,152 --a------ C:\WINDOWS\system32\MFC71KOR.DLL
2007-05-29 20:42 49,152 --a------ C:\WINDOWS\system32\MFC71JPN.DLL
2007-05-29 20:42 487,424 --a------ C:\WINDOWS\system32\MSVCP70.DLL
2007-05-29 20:42 45,056 --a------ C:\WINDOWS\system32\MFC71CHT.DLL
2007-05-29 20:42 40,960 --a------ C:\WINDOWS\system32\MFC71CHS.DLL
2007-05-29 20:42 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-05-29 20:42 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll
2007-05-29 20:40 14,165 --------- C:\WINDOWS\system32\drivers\Pclepci.sys
2007-05-29 20:40 <KANSIO> d-------- C:\Program Files\Pinnacle
2007-05-29 20:40 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle
2007-05-29 19:50 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-05-29 19:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-05-29 19:50 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-05-29 18:18 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-05-29 18:18 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-05-29 18:18 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-05-29 18:18 <KANSIO> d-------- C:\WINDOWS\system32\ZoneLabs
2007-05-29 18:17 <KANSIO> d-------- C:\WINDOWS\Internet Logs
2007-05-29 18:16 96,374 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\firstlsp.reg.dat
2007-05-29 18:16 <KANSIO> d-------- C:\Program Files\AntiVir Workstation
2007-05-29 18:16 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir Workstation
2007-05-29 18:05 <KANSIO> d-------- C:\Documents and Settings\Jani\DoctorWeb
2007-05-29 18:05 <KANSIO> d-------- C:\DOCUME~1\Jani\DoctorWeb
2007-05-27 12:34 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-26 21:50 <KANSIO> d-------- C:\WINDOWS\pss
2007-05-26 18:51 1,438 --a------ C:\WINDOWS\system32\tmp.reg
2007-05-26 14:24 <KANSIO> d-------- C:\Program Files\Plusthatrule
2007-05-26 14:24 <KANSIO> d-------- C:\DOCUME~1\Jani\APPLIC~1\Plusthatrule
2007-05-25 02:13 <KANSIO> d-------- C:\DOCUME~1\Jani\APPLIC~1\Publish Providers
2007-05-25 02:04 <KANSIO> d-------- C:\DOCUME~1\Jani\APPLIC~1\Sony
2007-05-25 02:03 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
2007-05-25 02:03 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-05-25 02:03 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll
2007-05-25 02:03 <KANSIO> d-------- C:\Program Files\Microsoft SQL Server
2007-05-25 02:03 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony
2007-05-25 02:02 <KANSIO> d-------- C:\Program Files\Vstplugins
2007-05-25 01:40 <KANSIO> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-05-25 01:40 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
2007-05-22 07:08 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-05-04 22:30 <KANSIO> d-------- C:\Program Files\CyberLink
2007-05-04 22:30 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-05-02 18:08 <KANSIO> d-------- C:\DOCUME~1\Jani\APPLIC~1\teamspeak2
2007-04-25 13:56 <KANSIO> d--hs---- C:\WINDOWS\ftpcache
2007-04-06 23:57 <KANSIO> d-------- C:\DOCUME~1\Jani\APPLIC~1\uTorrent
2007-04-06 23:20 <KANSIO> d-------- C:\Downloads

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-29 17:43:57 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-29 15:30:58 -------- d-----w C:\DOCUME~1\Jani\APPLIC~1\BSplayer
2007-05-27 10:16:42 -------- d-----w C:\Program Files\Vietcong
2007-05-26 11:21:01 -------- d-----w C:\DOCUME~1\Jani\APPLIC~1\LimeWire
2007-05-24 23:03:27 83,516 ----a-w C:\WINDOWS\system32\perfc00B.dat
2007-05-24 23:03:27 393,762 ----a-w C:\WINDOWS\system32\perfh00B.dat
2007-05-22 21:41:31 1,471 ----a-w C:\WINDOWS\mozver.dat
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-06 20:20:59 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll
2007-03-31 20:01:25 -------- d-----w C:\DOCUME~1\Jani\APPLIC~1\dvdcss
2007-03-31 17:46:48 -------- d-----w C:\DOCUME~1\Jani\APPLIC~1\MyPhoneExplorer
2007-03-30 10:03:27 -------- d-----w C:\DOCUME~1\Jani\APPLIC~1\Lavasoft
2007-03-29 16:08:27 -------- d-----w C:\DOCUME~1\Jani\APPLIC~1\Talkback
2007-03-25 12:53:40 60,416 ----a-w C:\WINDOWS\ALCFDRTM.EXE
2007-03-24 21:43:45 335 ----a-w C:\WINDOWS\mozregistry.dat
2007-03-23 11:06:49 64,393,944 ----a-w C:\Program Files\93.71_forceware_winxp2k_international_whql.exe
2007-03-23 10:09:58 0 ----a-w C:\WINDOWS\nsreg.dat
2007-03-23 08:26:59 0 --sha-r C:\MSDOS.SYS
2007-03-23 08:26:59 0 --sha-r C:\IO.SYS
2007-03-23 08:26:59 0 ----a-w C:\CONFIG.SYS
2007-03-23 08:26:59 0 ----a-w C:\AUTOEXEC.BAT
2007-03-23 08:24:11 21,672 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-03-17 13:44:51 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-16 03:55:58 40,960 ----a-w C:\WINDOWS\system32\frapsvid.dll
2007-03-08 15:38:00 578,048 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:37:59 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:37:59 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:34:26 1,843,840 ----a-w C:\WINDOWS\system32\win32k.sys

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=D:\Bitcomet\tools\BitCometBHO_1.1.3.28.dll [2007-03-29 17:31]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALi5289"="C:\Program Files\ULI5289\ALi5289.exe" [2005-03-10 15:56]
"SoundMan"="SOUNDMAN.EXE" []
"nwiz"="nwiz.exe" [2006-10-22 13:22 C:\WINDOWS\system32\nwiz.exe]
"CnxDslTaskBar"="C:\Program Files\A-Link\RoadRunner 32\CnxDslTb.exe" [2002-07-24 14:48]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" []
"avgnt"="C:\Program Files\AntiVir Workstation\avgnt.exe" [2007-04-02 10:35]
"ZoneAlarm Client"="D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-01-08 14:29]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 17:12]
"Steam"="d:\steam\steam.exe" [2007-03-25 19:33]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-30 20:35:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

********************************************************************

Completion time: 2007-05-30 20:36:17
C:\ComboFix-quarantined-files.txt ... 2007-05-30 20:36

--- E O F ---

ZoneAlarm kaas ongelmia, ei meinaa mennä nettii kun se on päällä, en sit tiiä mikkä asetukset auttaa..muutenkin siin on se vihree ja punanen näkyy koko ajan tuol alapalkis, niin se vihree on huipussaan mutta punanen ei..onkohan normaalia. tota noin täs on nyt hijack loki viel tosta AVG skannauksen jälkeen..paljonkohan tässä on hommaa viel ? Lisäksi kone sammuu välis yhtäkkiä ja ilmoittaa palaavansa vakavasta virheestä .. *huoh* Lisäksi joihinkin pikakuvakkeisiin on tullut tummia kohtia, en tii' sit.ja tälläsii ihme virheitä on tullut työpöytään ja nettiin..ihan missä vaan on..kuvassa on sellasii outoja virhe viivoja.

Auttaja · 30.05.2007

Tämä jos tunnet tietokoneesi olevan hitaan puoleinen, etkä ole eheyttänyt pitkään aikaan:

Avaa Oma tietokone
-> Tee seuraava toimenpide kaikille Paikallisille levyille

==========

Lataa CCleaner ja asenna se:
Avaa "Options", sieltä "Language" ja valitse "Suomi (Finnish)"

Avaa "Virheet" kohta, paina "Etsi rekisterin virheitä", paina "Korjaa valitut rekisterin virheet..". Paina "Kyllä", kun ohjelma kysyy "Haluatko varmuuskopioida muutokset rekisteriin", tallenna tiedosto esim. työpöydälle.

Avaa "Puhdistaja", paina "Tutki" ja tämän jälkeen "Aja Ccleaner". Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.

==========
Lataa RootkitRevealer.zip
[*] Luo uusi kansio nimeltä RKR C asemallesi, C:\
[*] Pura koko RootkitRevealer.zip tiedoston sisältö C:\RKR kansioon.
[*] Avaa C:\RKR kansion ja tuplaklikkaa RootkitRevealer.exe tiedostoa
[*] Klikkaa Scan painiketta ja odota skannauksen päättymistä
[*] HUOM! Älä käytä konettasi skannauksen aikana.
[*] Kun skannaus on päättynyt, klikkaa File (ikkunan yläreunasta)
[*] Sitten klikkaa Save painiketta
[*] Tallenna sitten RootkitRevealer loki työpöydällesi
Lähetä RootkitRevealer:n loki viestiketjuusi.

=========

Lataa MWav eScan työpöydälle.

Tuplaklikkaa mwav.exeä, aukeaa lisenssisopimus, hyväksy se.
Merkitse seuraavat kohdat ennen scannausta.
[*]Muisti
[*]Käynnistyskansiot
[*]Asema - Kaikki paikalliset levyt
[*]Kansio - Paina selaa ja vaihda hakemistoksi C:\
[*]Rekisteri
[*]Järjestelmäkansiot
[*]Palvelut
[*]Vain skannaa
[*]Sisällä alikansiot
[*]Skannaa kaikki tiedostot
Varmistu että kaikki edellämainitut kohdat ovat varmasti merkattu, paina Vain Skannaa.

Huom. eScan voi näyttää siltä että se olisi valmis, mutta se ei välttämättä ole. Ohjelma ilmoittaa kun on valmis.

eScan listaa alempaan ikkunaan saastuneet tiedostot kun scannaus on valmis, kopio(CTRL+C) ja liitä(CTRL+V) kaikki mitä boksiin tulee seuraavaan viestiisi.

Eiköhän tän jälkeen selviä oletko puhdas pöpöistä.

AIMKilla · 31.05.2007

Thu May 31 17:26:24 2007 => Etsitään virusta Parite.b...
Thu May 31 17:26:24 2007 => Etsitään virusta Parite.a...
Thu May 31 17:26:24 2007 => Etsitään virusta Adware.SeekSeek...

Thu May 31 17:26:24 2007 => ***** Skannaus päättynyt. *****
Thu May 31 17:26:24 2007 => Skannattujen määrä: 115248
Thu May 31 17:26:24 2007 => Löydettyjen virusten määrä: 78
Thu May 31 17:26:24 2007 => Puhdistettujen määrä: 0
Thu May 31 17:26:24 2007 => Nimettyjen määrä: 0
Thu May 31 17:26:24 2007 => Poistettujen määrä: 0
Thu May 31 17:26:24 2007 => Virheiden määrä: 133
Thu May 31 17:26:24 2007 => Käytetty aika: 01:22:38
Thu May 31 17:26:24 2007 => Virustietokannan päivämäärä: 5/31/2007
Thu May 31 17:26:24 2007 => Virustietokannan lukumäärä: 334556

Thu May 31 17:26:24 2007 => Skannaus päättynyt.

................................................................

HKLM\.DEFAULT\Control Panel\International 30.5.2007 20:36 0 bytes Security mismatch.
HKLM\.DEFAULT\Control Panel\International\Geo 30.5.2007 20:36 0 bytes Security mismatch.
HKLM\S-1-5-21-746137067-261903793-725345543-1004\Control Panel\International 30.5.2007 20:36 0 bytes Security mismatch.
HKLM\S-1-5-21-746137067-261903793-725345543-1004\Control Panel\International\Geo 30.5.2007 20:36 0 bytes Security mismatch.
HKLM\S-1-5-21-746137067-261903793-725345543-1004\Software\Valve\Steam\LastSteamExecutionTime 31.5.2007 15:59 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\S-1-5-18\Control Panel\International 30.5.2007 20:36 0 bytes Security mismatch.
HKLM\S-1-5-18\Control Panel\International\Geo 30.5.2007 20:36 0 bytes Security mismatch.
HKLM\SOFTWARE\Classes\cfexefile\DefaultIcon 27.5.2007 12:31 0 bytes Security mismatch.
HKLM\SOFTWARE\Classes\cfexefile\shell 27.5.2007 12:31 0 bytes Security mismatch.
HKLM\SOFTWARE\Classes\cfexefile\shellex 27.5.2007 12:31 0 bytes Security mismatch.
HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32* 29.5.2007 20:40 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32* 29.5.2007 20:40 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32* 29.5.2007 20:40 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32* 29.5.2007 20:40 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32* 29.5.2007 20:40 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32* 29.5.2007 20:40 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32* 29.5.2007 20:40 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32* 29.5.2007 20:40 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32* 29.5.2007 20:40 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32* 29.5.2007 20:40 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32* 29.5.2007 20:40 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32* 29.5.2007 20:40 0 bytes Key name contains embedded nulls (*)
C:\Documents and Settings\All Users\Application Data\AntiVir Workstation\INFECTED\468ec733.qua 31.5.2007 16:00 49.96 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\AntiVir Workstation\INFECTED\468ec73e.qua 31.5.2007 16:01 47.41 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\00184596.key 31.5.2007 16:01 1016 bytes Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\00184597.key 31.5.2007 16:01 1.02 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\0092CF7E.key 31.5.2007 16:01 3.17 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\about.bmp 31.5.2007 16:01 57.16 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\advdis.ppl 31.5.2007 16:01 51.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\antispy.ppl 31.5.2007 16:01 11.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\aphish.ppl 31.5.2007 16:01 39.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\aphisht.ppl 31.5.2007 16:01 12.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\appinfo.kli 31.5.2007 16:01 889 bytes Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Arj.ppl 31.5.2007 16:01 17.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\ArjPack.ppl 31.5.2007 16:01 12.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\avlib.ppl 31.5.2007 16:01 12.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\avp.klb 31.5.2007 16:01 22.10 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\avp.set 31.5.2007 16:01 3.04 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\avp.vnd 31.5.2007 16:01 6.43 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Avp1.ppl 31.5.2007 16:01 128.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\AVP3Info.ppl 31.5.2007 16:01 16.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\avp_ext.set 31.5.2007 16:01 3.04 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\avpgs.ppl 31.5.2007 16:01 96.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\AvpMgr.ppl 31.5.2007 16:01 39.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\avpmhook.dll 31.5.2007 16:01 116.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\avs.ppl 31.5.2007 16:01 116.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\avspm.ppl 31.5.2007 16:01 19.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base001.avc 31.5.2007 16:01 48.48 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base001c.avc 31.5.2007 16:01 48.74 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base002.avc 31.5.2007 16:01 46.88 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base002c.avc 31.5.2007 16:01 48.78 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base003.avc 31.5.2007 16:01 46.66 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base003c.avc 31.5.2007 16:01 48.69 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base004.avc 31.5.2007 16:01 48.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base004c.avc 31.5.2007 16:01 48.99 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base005.avc 31.5.2007 16:01 48.45 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base005c.avc 31.5.2007 16:01 48.86 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base006.avc 31.5.2007 16:01 47.63 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base006c.avc 31.5.2007 16:01 49.18 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base007.avc 31.5.2007 16:01 47.53 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base007c.avc 31.5.2007 16:01 49.16 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base008.avc 31.5.2007 16:01 47.86 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base008c.avc 31.5.2007 16:01 48.92 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base009.avc 31.5.2007 16:01 47.41 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base009c.avc 31.5.2007 16:01 49.49 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base010.avc 31.5.2007 16:01 47.45 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base010c.avc 31.5.2007 16:01 48.63 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base011.avc 31.5.2007 16:01 47.86 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base011c.avc 31.5.2007 16:01 48.76 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base012.avc 31.5.2007 16:01 47.55 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base012c.avc 31.5.2007 16:01 49.11 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base013.avc 31.5.2007 16:01 47.61 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base013c.avc 31.5.2007 16:01 48.86 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base014.avc 31.5.2007 16:01 47.07 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base014c.avc 31.5.2007 16:01 48.97 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base015.avc 31.5.2007 16:01 47.08 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base015c.avc 31.5.2007 16:01 48.67 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base016.avc 31.5.2007 16:01 47.21 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base016c.avc 31.5.2007 16:01 48.87 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base017.avc 31.5.2007 16:01 47.38 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base017c.avc 31.5.2007 16:01 48.94 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base018.avc 31.5.2007 16:01 47.68 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base018c.avc 31.5.2007 16:01 48.93 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base019.avc 31.5.2007 16:01 47.97 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base019c.avc 31.5.2007 16:01 48.82 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base020.avc 31.5.2007 16:01 48.53 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base020c.avc 31.5.2007 16:01 48.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base021.avc 31.5.2007 16:01 47.88 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base022.avc 31.5.2007 16:01 48.19 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base023.avc 31.5.2007 16:01 48.65 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base024.avc 31.5.2007 16:01 48.47 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base025.avc 31.5.2007 16:01 48.20 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base026.avc 31.5.2007 16:01 48.36 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base027.avc 31.5.2007 16:01 49.32 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base028.avc 31.5.2007 16:01 49.79 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base029.avc 31.5.2007 16:01 48.14 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base030.avc 31.5.2007 16:01 49.70 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base031.avc 31.5.2007 16:01 48.29 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base032.avc 31.5.2007 16:01 48.46 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base033.avc 31.5.2007 16:01 48.28 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base034.avc 31.5.2007 16:01 49.08 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base035.avc 31.5.2007 16:01 45.79 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base036.avc 31.5.2007 16:01 8.09 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base037.avc 31.5.2007 16:01 48.09 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base038.avc 31.5.2007 16:01 46.71 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base039.avc 31.5.2007 16:01 48.73 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base040.avc 31.5.2007 16:01 48.53 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base041.avc 31.5.2007 16:01 48.62 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base042.avc 31.5.2007 16:01 48.70 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base043.avc 31.5.2007 16:01 48.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base044.avc 31.5.2007 16:01 48.52 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base045.avc 31.5.2007 16:01 48.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base046.avc 31.5.2007 16:01 48.25 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base047.avc 31.5.2007 16:01 48.74 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base048.avc 31.5.2007 16:01 48.70 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base049.avc 31.5.2007 16:01 48.70 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base050.avc 31.5.2007 16:01 48.28 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base051.avc 31.5.2007 16:01 49.57 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base052.avc 31.5.2007 16:01 48.68 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base053.avc 31.5.2007 16:01 48.49 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base054.avc 31.5.2007 16:01 48.68 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base055.avc 31.5.2007 16:01 48.24 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base056.avc 31.5.2007 16:01 48.58 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base057.avc 31.5.2007 16:01 48.07 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base058.avc 31.5.2007 16:01 48.40 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base059.avc 31.5.2007 16:01 48.01 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base060.avc 31.5.2007 16:01 48.33 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base061.avc 31.5.2007 16:01 48.59 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base062.avc 31.5.2007 16:01 48.40 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base063.avc 31.5.2007 16:01 48.40 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base064.avc 31.5.2007 16:01 48.71 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base065.avc 31.5.2007 16:01 48.87 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base066.avc 31.5.2007 16:01 48.85 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base067.avc 31.5.2007 16:01 48.45 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base068.avc 31.5.2007 16:01 48.51 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base069.avc 31.5.2007 16:01 48.68 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base070.avc 31.5.2007 16:01 48.72 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base071.avc 31.5.2007 16:01 48.85 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base072.avc 31.5.2007 16:01 48.76 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base073.avc 31.5.2007 16:01 48.40 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base074.avc 31.5.2007 16:01 48.73 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base075.avc 31.5.2007 16:01 48.80 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base076.avc 31.5.2007 16:01 48.13 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base077.avc 31.5.2007 16:01 48.30 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base078.avc 31.5.2007 16:01 49.01 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base079.avc 31.5.2007 16:01 48.35 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base080.avc 31.5.2007 16:01 47.77 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base081.avc 31.5.2007 16:01 49.32 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base082.avc 31.5.2007 16:01 48.53 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base083.avc 31.5.2007 16:01 48.58 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base084.avc 31.5.2007 16:01 48.48 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base085.avc 31.5.2007 16:01 47.85 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base086.avc 31.5.2007 16:01 48.09 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base087.avc 31.5.2007 16:01 48.30 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base088.avc 31.5.2007 16:01 47.92 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base089.avc 31.5.2007 16:01 48.40 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base090.avc 31.5.2007 16:01 47.19 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base091.avc 31.5.2007 16:01 47.71 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base092.avc 31.5.2007 16:01 40.22 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base093.avc 31.5.2007 16:01 47.83 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base094.avc 31.5.2007 16:01 48.67 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base095.avc 31.5.2007 16:01 47.12 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base096.avc 31.5.2007 16:01 48.67 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base097.avc 31.5.2007 16:01 48.41 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base098.avc 31.5.2007 16:01 49.32 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base099.avc 31.5.2007 16:01 48.05 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base100.avc 31.5.2007 16:01 48.65 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base101.avc 31.5.2007 16:01 47.93 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base102.avc 31.5.2007 16:01 48.71 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base103.avc 31.5.2007 16:01 48.15 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base104.avc 31.5.2007 16:01 48.71 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base105.avc 31.5.2007 16:01 48.29 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base106.avc 31.5.2007 16:01 48.26 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base107.avc 31.5.2007 16:01 48.75 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base108.avc 31.5.2007 16:01 48.64 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base109.avc 31.5.2007 16:01 49.28 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base110.avc 31.5.2007 16:01 48.39 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base111.avc 31.5.2007 16:01 48.57 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base112.avc 31.5.2007 16:01 48.65 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base113.avc 31.5.2007 16:01 48.71 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base114.avc 31.5.2007 16:01 48.53 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base115.avc 31.5.2007 16:01 48.39 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base116.avc 31.5.2007 16:01 48.86 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base117.avc 31.5.2007 16:01 48.55 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base118.avc 31.5.2007 16:01 48.62 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base119.avc 31.5.2007 16:01 49.22 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base120.avc 31.5.2007 16:01 49.02 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base121.avc 31.5.2007 16:01 48.78 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base122.avc 31.5.2007 16:01 48.72 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base123.avc 31.5.2007 16:01 48.79 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base124.avc 31.5.2007 16:01 48.77 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base125.avc 31.5.2007 16:01 48.80 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base126.avc 31.5.2007 16:01 48.62 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base127.avc 31.5.2007 16:01 48.82 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base128.avc 31.5.2007 16:01 48.83 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base129.avc 31.5.2007 16:01 48.61 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base130.avc 31.5.2007 16:01 48.43 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base131.avc 31.5.2007 16:01 48.84 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base132.avc 31.5.2007 16:01 48.70 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base133.avc 31.5.2007 16:01 48.87 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base134.avc 31.5.2007 16:01 48.63 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base135.avc 31.5.2007 16:01 60.76 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base136.avc 31.5.2007 16:01 49.39 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base137.avc 31.5.2007 16:01 48.67 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base138.avc 31.5.2007 16:01 48.70 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base139.avc 31.5.2007 16:01 46.88 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Base64.ppl 31.5.2007 16:01 6.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Base64P.ppl 31.5.2007 16:01 6.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\base999.avc 31.5.2007 16:01 5.08 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\bitmap1.bmp 31.5.2007 16:01 57.16 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\blank.avc 31.5.2007 16:01 371 bytes Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\btdisk.ppl 31.5.2007 16:01 15.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\btimages.ppl 31.5.2007 16:01 14.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\buffer.ppl 31.5.2007 16:01 5.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\ca.avc 31.5.2007 16:01 77.60 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\CAB.ppl 31.5.2007 16:01 15.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Chinese.Age 31.5.2007 16:01 98.88 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Chinese.con 31.5.2007 16:01 8.43 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Chinese.dow 31.5.2007 16:01 3.96 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Chinese.lic 31.5.2007 16:01 4.33 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Chinese.tcp 31.5.2007 16:01 1.36 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\ChineseSimplified.con 31.5.2007 16:01 8.28 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\ChineseSimplified.dow 31.5.2007 16:01 4.11 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\ChineseSimplified.tcp 31.5.2007 16:01 1.44 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\chuka.avc 31.5.2007 16:01 1.79 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Cid.sdb 31.5.2007 16:07 1.13 MB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\ComStmIO.ppl 31.5.2007 16:01 14.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\config.lan 31.5.2007 16:01 11.23 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\crpthlpr.ppl 31.5.2007 16:01 30.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Czech.Age 31.5.2007 16:01 49.69 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\czech.con 31.5.2007 16:01 10.67 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Czech.dow 31.5.2007 16:01 5.03 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Czech.lan 31.5.2007 16:01 9.35 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Czech.lic 31.5.2007 16:01 7.24 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Czech.tcp 31.5.2007 16:01 1.68 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\daily-ec.avc 31.5.2007 16:01 7.91 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\daily-ex.avc 31.5.2007 16:01 3.06 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\daily.avc 31.5.2007 16:01 72.90 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\dailyc.avc 31.5.2007 16:01 73.92 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\deflate.ppl 31.5.2007 16:01 17.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\diff.ppl 31.5.2007 16:01 23.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Dir.sdb 31.5.2007 16:07 673.12 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\dmap.ppl 31.5.2007 16:01 6.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Download.exe 31.5.2007 16:01 488.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Download.lan 31.5.2007 16:01 5.27 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\dtreg.ppl 31.5.2007 16:01 48.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\eicar.avc 31.5.2007 16:01 1.66 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\engine.dt 31.5.2007 16:01 11.74 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\English.Age 31.5.2007 16:01 49.65 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\English.con 31.5.2007 16:01 10.81 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\English.dow 31.5.2007 16:01 5.07 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\English.lan 31.5.2007 16:01 9.38 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\English.lic 31.5.2007 16:01 7.24 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\English.tcp 31.5.2007 16:01 1.65 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\esupd.ini 31.5.2007 16:01 677 bytes Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\esupdate.exe 31.5.2007 16:01 156.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Explode.ppl 31.5.2007 16:01 9.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\ext001.avc 31.5.2007 16:01 47.60 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\ext001c.avc 31.5.2007 16:01 48.56 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\ext002.avc 31.5.2007 16:01 46.70 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\ext002c.avc 31.5.2007 16:01 47.47 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\ext003.avc 31.5.2007 16:01 46.63 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\ext004.avc 31.5.2007 16:01 46.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\ext005.avc 31.5.2007 16:01 48.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\ext006.avc 31.5.2007 16:01 48.31 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\ext007.avc 31.5.2007 16:01 48.88 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\ext008.avc 31.5.2007 16:01 41.81 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\ext999.avc 31.5.2007 16:01 13.29 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\fa.avc 31.5.2007 16:01 30.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\fa001.avc 31.5.2007 16:01 13.96 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\farbuffer.ppl 31.5.2007 16:01 14.56 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\faristream.ppl 31.5.2007 16:01 14.06 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\File1.sdb 31.5.2007 16:07 1.96 MB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\File2.sdb 31.5.2007 16:07 962.59 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Finnish.Age 31.5.2007 16:01 108.47 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Finnish.con 31.5.2007 16:01 11.23 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Finnish.dow 31.5.2007 16:01 5.27 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\finnish.lan 31.5.2007 16:01 9.75 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Finnish.lic 31.5.2007 16:01 6.48 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Finnish.tcp 31.5.2007 16:01 1.71 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\French.Age 31.5.2007 16:01 112.80 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\French.con 31.5.2007 16:01 12.41 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\French.dow 31.5.2007 16:01 5.77 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\french.lan 31.5.2007 16:01 9.81 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\French.lic 31.5.2007 16:01 7.02 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\French.tcp 31.5.2007 16:01 1.84 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\FsDrvPlg.ppl 31.5.2007 16:01 18.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\FSSync.dll 31.5.2007 16:01 37.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\gen001.avc 31.5.2007 16:01 28.84 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\gen002.avc 31.5.2007 16:01 37.43 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\gen003.avc 31.5.2007 16:01 30.87 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\gen004.avc 31.5.2007 16:01 39.97 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\gen005.avc 31.5.2007 16:01 20.36 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\gen999.avc 31.5.2007 16:01 31.27 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\German.Age 31.5.2007 16:01 121.16 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\German.con 31.5.2007 16:01 14.59 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\German.dow 31.5.2007 16:01 5.48 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\german.lan 31.5.2007 16:01 9.40 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\German.lic 31.5.2007 16:01 7.02 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\German.tcp 31.5.2007 16:01 1.70 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Getvlist.exe 31.5.2007 16:01 43.06 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\global.dat 31.5.2007 16:01 52.97 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\global.daz 31.5.2007 16:01 18.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\HashCont.ppl 31.5.2007 16:01 5.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\HashMD5.PPL 31.5.2007 16:01 8.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\HCCMP.ppl 31.5.2007 16:01 5.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Icelandic.Age 31.5.2007 16:01 106.79 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Icelandic.con 31.5.2007 16:01 11.35 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Icelandic.dow 31.5.2007 16:01 5.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Icelandic.lic 31.5.2007 16:01 7.24 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Icelandic.tcp 31.5.2007 16:01 1.62 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\ichk2.ppl 31.5.2007 16:01 12.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\iChkSA.ppl 31.5.2007 16:01 23.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\ikave.dll 31.5.2007 16:01 64.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\IMAPprtc.ppl 31.5.2007 16:01 76.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Inflate.ppl 31.5.2007 16:01 18.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\IniFile.ppl 31.5.2007 16:01 15.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\ipc.dll 31.5.2007 16:01 36.06 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Italian.Age 31.5.2007 16:01 118.78 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Italian.con 31.5.2007 16:01 11.22 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Italian.dow 31.5.2007 16:01 5.35 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\italian.lan 31.5.2007 16:01 9.41 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Italian.lic 31.5.2007 16:01 7.02 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Italian.tcp 31.5.2007 16:01 1.68 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\IWGen.ppl 31.5.2007 16:01 10.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\kave.dll 31.5.2007 16:01 256.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\kavsign.exe 31.5.2007 16:01 96.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\kavss.dat 31.5.2007 16:01 20.05 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\kavss.dll 31.5.2007 16:01 140.05 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\kavss.exe 31.5.2007 16:01 20.05 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\kavssd.dll 31.5.2007 16:01 156.12 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\kavssdi.dll 31.5.2007 16:01 52.06 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\kavssi.dll 31.5.2007 16:01 36.06 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\kavvlg.dll 31.5.2007 16:01 100.08 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\kernel.avc 31.5.2007 16:01 12.07 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\keyid.dat 31.5.2007 16:01 304 bytes Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\klavsrch.ppl 31.5.2007 16:01 15.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\krn001.avc 31.5.2007 16:01 64.52 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\krn002.avc 31.5.2007 16:01 37.58 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\krn003.avc 31.5.2007 16:01 8.11 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\krn004.avc 31.5.2007 16:01 12.83 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\krndos.avc 31.5.2007 16:01 4.91 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\krnengn.avc 31.5.2007 16:01 29.30 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\krnexe.avc 31.5.2007 16:01 31.25 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\krnexe32.avc 31.5.2007 16:01 76.99 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\krnjava.avc 31.5.2007 16:01 36.49 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\krnmacro.avc 31.5.2007 16:01 87.85 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\krnunp.avc 31.5.2007 16:01 113.24 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\L_llio.ppl 31.5.2007 16:01 8.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\language.ini 31.5.2007 16:01 108.47 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\LatinSpanish.lan 31.5.2007 16:01 7.34 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\lha.ppl 31.5.2007 16:01 24.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\lic60.ppl 31.5.2007 16:01 188.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\license.lck 31.5.2007 16:03 0 bytes Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\license.txt 31.5.2007 16:01 6.48 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\LicMgr.ppl 31.5.2007 16:01 15.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\mail.avc 31.5.2007 16:01 13.04 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\MailDisp.ppl 31.5.2007 16:01 208.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\MailMsg.ppl 31.5.2007 16:01 26.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\main.avi 31.5.2007 16:01 7.76 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\mc.ppl 31.5.2007 16:01 52.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\mdb.ppl 31.5.2007 16:01 56.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\MDMAP.ppl 31.5.2007 16:01 6.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\MDownload.exe 31.5.2007 16:01 374.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\MemModSc.ppl 31.5.2007 16:01 22.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\MemScan.ppl 31.5.2007 16:01 16.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\mexe.com 31.5.2007 16:01 405.06 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Microsoft.VC80.CRT.manifest 31.5.2007 16:01 522 bytes Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\MicroWorld Toolkit Utility.txt 31.5.2007 16:01 788 bytes Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\minizip.ppl 31.5.2007 16:01 18.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\MKavIO.ppl 31.5.2007 16:01 27.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\msoe.ppl 31.5.2007 16:01 68.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\msvcp80.dll 31.5.2007 16:01 536.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\msvcr80.dll 31.5.2007 16:01 612.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\msvl64.dll 31.5.2007 16:01 1.86 MB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\msvlclnt.dll 31.5.2007 16:01 140.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\mwav.bmp 31.5.2007 16:01 57.49 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\mwav.ini 31.5.2007 16:01 2.65 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\MWAV.LOG 31.5.2007 16:07 256.72 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\MWAVL.exe 31.5.2007 16:01 96.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\MWAVReg.EXE 31.5.2007 16:03 170.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\mwavscan.com 31.5.2007 16:01 405.06 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\mwti.sgn 31.5.2007 16:01 313 bytes Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\mwXface.log 31.5.2007 16:07 2.20 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\MYDB.DLL 31.5.2007 16:01 236.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\ndetect.ppl 31.5.2007 16:01 12.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\nfio.ppl 31.5.2007 16:01 84.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\NNTPprtc.ppl 31.5.2007 16:01 60.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\NTFSstrm.ppl 31.5.2007 16:01 16.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\oas.ppl 31.5.2007 16:01 60.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\ocr.avc 31.5.2007 16:01 11.17 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\ods.ppl 31.5.2007 16:01 80.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\og.ppl 31.5.2007 16:01 21.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\params.ppl 31.5.2007 16:01 384.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\passdmap.ppl 31.5.2007 16:01 9.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\PDM.ppl 31.5.2007 16:01 320.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\pdm2rt.ppl 31.5.2007 16:01 272.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\phupdn.txt 31.5.2007 16:01 161.56 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\phupdn.txz 31.5.2007 16:01 49.95 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Polish.Age 31.5.2007 16:01 111.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Polish.con 31.5.2007 16:01 12.38 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Polish.dow 31.5.2007 16:01 5.88 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Polish.lic 31.5.2007 16:01 7.02 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Polish.tcp 31.5.2007 16:01 1.80 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\PopupChk.ppl 31.5.2007 16:01 20.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Portuguese.Age 31.5.2007 16:01 110.87 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Portuguese.con 31.5.2007 16:01 12.17 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Portuguese.dow 31.5.2007 16:01 5.66 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\portuguese.lan 31.5.2007 16:01 10.10 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Portuguese.lic 31.5.2007 16:01 7.66 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Portuguese.tcp 31.5.2007 16:01 1.85 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\prKernel.ppl 31.5.2007 16:01 144.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\prloader.dll 31.5.2007 16:01 180.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\procmon.ppl 31.5.2007 16:01 60.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\product.bmp 31.5.2007 16:01 15.31 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\prseqio.ppl 31.5.2007 16:01 10.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\PrUpdate.ppl 31.5.2007 16:01 216.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\PrUtil.ppl 31.5.2007 16:01 16.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\pxstub.ppl 31.5.2007 16:01 22.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\rar.ppl 31.5.2007 16:01 96.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\red32.dll 31.5.2007 16:01 170.27 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\reggrd.ppl 31.5.2007 16:01 84.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\resip.ppl 31.5.2007 16:01 21.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Romanian.Age 31.5.2007 16:01 107.46 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Romanian.con 31.5.2007 16:01 11.20 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Romanian.dow 31.5.2007 16:01 5.33 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\romanian.lan 31.5.2007 16:01 9.76 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Romanian.lic 31.5.2007 16:01 7.02 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Romanian.tcp 31.5.2007 16:01 1.68 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\sc.ppl 31.5.2007 16:01 19.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\ScanningProcess.exe 31.5.2007 16:01 116.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\schedule.ppl 31.5.2007 16:01 25.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\setpriv.exe 31.5.2007 16:01 42.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\sfdb.dat 31.5.2007 16:01 84 bytes Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\sfdb.PPL 31.5.2007 16:01 30.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\smart.avc 31.5.2007 16:01 6.49 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Spanish.Age 31.5.2007 16:01 111.62 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Spanish.con 31.5.2007 16:01 11.53 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Spanish.dow 31.5.2007 16:01 5.42 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\spanish.lan 31.5.2007 16:01 10.09 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Spanish.lic 31.5.2007 16:01 7.96 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Spanish.tcp 31.5.2007 16:01 1.75 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Spanishl.Age 31.5.2007 16:01 111.44 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Spanishl.con 31.5.2007 16:01 11.55 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Spanishl.dow 31.5.2007 16:01 5.70 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Spanishl.lic 31.5.2007 16:01 7.02 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Spanishl.tcp 31.5.2007 16:01 1.68 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\spydb.avs 31.5.2007 16:01 224.29 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\spydb.old 31.5.2007 16:01 224.29 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Spyware.sdb 31.5.2007 16:07 151.92 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\StdComp.ppl 31.5.2007 16:01 5.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\StEnum2.ppl 31.5.2007 16:01 108.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\stored.ppl 31.5.2007 16:01 5.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\superio.ppl 31.5.2007 16:01 6.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\sysr.txt 31.5.2007 16:01 1.67 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Tamil.age 31.5.2007 16:01 48.28 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\tamil.con 31.5.2007 16:01 10.39 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Tamil.dow 31.5.2007 16:01 4.97 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Tamil.lic 31.5.2007 16:01 2.88 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Tamil.tcp 31.5.2007 16:01 1.49 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\TempFile.ppl 31.5.2007 16:01 9.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\thpimpl.ppl 31.5.2007 16:01 19.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Timer.ppl 31.5.2007 16:01 12.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\tm.ppl 31.5.2007 16:01 136.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\TrainSup.ppl 31.5.2007 16:01 48.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\UnArj.ppl 31.5.2007 16:01 9.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\UniArc.ppl 31.5.2007 16:01 15.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\UnLZX.ppl 31.5.2007 16:01 10.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\unp000.avc 31.5.2007 16:01 22.10 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\unp001.avc 31.5.2007 16:01 45.57 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\unp002.avc 31.5.2007 16:01 68.26 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\unp003.avc 31.5.2007 16:01 51.85 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\unp004.avc 31.5.2007 16:01 25.39 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\unp005.avc 31.5.2007 16:01 52.20 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\unp006.avc 31.5.2007 16:01 54.07 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\unp007.avc 31.5.2007 16:01 73.95 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\unp008.avc 31.5.2007 16:01 51.88 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\unp009.avc 31.5.2007 16:01 47.61 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\unp010.avc 31.5.2007 16:01 64.28 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\unp011.avc 31.5.2007 16:01 51.69 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\unp012.avc 31.5.2007 16:01 33.41 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\unp013.avc 31.5.2007 16:01 47.83 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\unp014.avc 31.5.2007 16:01 54.22 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\unp015.avc 31.5.2007 16:01 56.51 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\unp016.avc 31.5.2007 16:01 63.22 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\unp017.avc 31.5.2007 16:01 30.73 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\unp018.avc 31.5.2007 16:01 41.41 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\unp019.avc 31.5.2007 16:01 55.95 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\unp020.avc 31.5.2007 16:01 33.16 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\unp021.avc 31.5.2007 16:01 23.18 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\unp022.avc 31.5.2007 16:01 41.82 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\unp023.avc 31.5.2007 16:01 64.91 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\unp024.avc 31.5.2007 16:01 30.44 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\unp025.avc 31.5.2007 16:01 35.68 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\unp026.avc 31.5.2007 16:01 38.86 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\unp027.avc 31.5.2007 16:01 46.88 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\unp028.avc 31.5.2007 16:01 39.22 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\unp029.avc 31.5.2007 16:01 17.43 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\unp030.avc 31.5.2007 16:01 49.25 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\unp031.avc 31.5.2007 16:01 36.48 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\unp032.avc 31.5.2007 16:01 42.70 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\unp033.avc 31.5.2007 16:01 46.88 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\unp034.avc 31.5.2007 16:01 46.34 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\unp035.avc 31.5.2007 16:01 61.41 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\unp036.avc 31.5.2007 16:01 45.69 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\unp037.avc 31.5.2007 16:01 47.49 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\unp038.avc 31.5.2007 16:01 18.12 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\Unreduce.ppl 31.5.2007 16:01 6.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\unregx.exe 31.5.2007 16:01 37.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\UNSHRINK.ppl 31.5.2007 16:01 6.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\UnStored.ppl 31.5.2007 16:01 6.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\viewtcp.exe 31.5.2007 16:01 397.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\ViewTcp.lan 31.5.2007 16:01 1.71 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\virus.avi 31.5.2007 16:01 9.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\vssver.scc 31.5.2007 16:01 48 bytes Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\WDiskIO.ppl 31.5.2007 16:01 35.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\WIN.PRO 31.5.2007 16:01 4 bytes Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\WinReg.ppl 31.5.2007 16:01 24.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\wmihlpr.ppl 31.5.2007 16:01 27.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\xorio.ppl 31.5.2007 16:01 6.50 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Local Settings\Temp\zcompare.ppl 31.5.2007 16:01 5.00 KB Hidden from Windows API.
C:\Documents and Settings\Jani\Työpöytä\mwav.exe.part 31.5.2007 15:57 13.54 MB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{5A3F7C7C-F191-437F-B203-9303DA68FBA3}\RP174\A0024608.exe 26.5.2007 14:46 6.00 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{5A3F7C7C-F191-437F-B203-9303DA68FBA3}\RP174\A0024614.exe 26.5.2007 14:46 6.00 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{5A3F7C7C-F191-437F-B203-9303DA68FBA3}\RP174\A0024619.exe 26.5.2007 21:16 26.00 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{5A3F7C7C-F191-437F-B203-9303DA68FBA3}\RP174\A0024661.dll 26.5.2007 15:00 74.62 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{5A3F7C7C-F191-437F-B203-9303DA68FBA3}\RP174\A0024683.dll 26.5.2007 15:03 49.56 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{5A3F7C7C-F191-437F-B203-9303DA68FBA3}\RP174\A0024684.dll 26.5.2007 14:46 19.00 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{5A3F7C7C-F191-437F-B203-9303DA68FBA3}\RP176\A0024906.exe 26.5.2007 14:46 47.00 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{5A3F7C7C-F191-437F-B203-9303DA68FBA3}\RP176\A0024912.exe 26.5.2007 14:24 425.00 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{5A3F7C7C-F191-437F-B203-9303DA68FBA3}\RP176\A0024914.exe 26.5.2007 14:24 203.50 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{5A3F7C7C-F191-437F-B203-9303DA68FBA3}\RP180\A0029414.sys 26.5.2007 14:46 59.15 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Lic.xxx 31.5.2007 16:01 26 bytes Hidden from Windows API.
C:\WINDOWS\logo1_.exe 31.5.2007 16:07 0 bytes Hidden from Windows API.
C:\WINDOWS\Prefetch\MEXE.COM-1EEB0F5C.pf 31.5.2007 16:01 39.14 KB Hidden from Windows API.
C:\WINDOWS\Prefetch\MWAV.EXE-32365081.pf 31.5.2007 16:01 74.65 KB Hidden from Windows API.
C:\WINDOWS\Prefetch\MWAVL.EXE-1A557A81.pf 31.5.2007 16:01 16.28 KB Hidden from Windows API.
C:\WINDOWS\Prefetch\MWAVREG.EXE-048B0550.pf 31.5.2007 16:03 89.75 KB Hidden from Windows API.
C:\WINDOWS\Prefetch\SCANNINGPROCESS.EXE-19AD7DA0.pf 31.5.2007 16:01 50.95 KB Hidden from Windows API.
C:\WINDOWS\R.COM 14.9.2004 17:12 143.50 KB Hidden from Windows API.
C:\WINDOWS\REGEDIT.COM 14.9.2004 17:12 143.50 KB Hidden from Windows API.
C:\WINDOWS\rundl132.dll 31.5.2007 16:07 0 bytes Hidden from Windows API.
C:\WINDOWS\rundll16.exe 31.5.2007 16:07 0 bytes Hidden from Windows API.
C:\WINDOWS\system32\iifgfgf.dll 31.5.2007 16:07 0 bytes Hidden from Windows API.
C:\WINDOWS\system32\T.COM 14.9.2004 17:12 135.00 KB Hidden from Windows API.
C:\WINDOWS\system32\TASKMGR.COM 14.9.2004 17:12 135.00 KB Hidden from Windows API.
C:\WINDOWS\system32\vcmgcd32.dll 31.5.2007 16:07 0 bytes Hidden from Windows API.
C:\WINDOWS\zts2.exe 31.5.2007 16:07 0 bytes Hidden from Windows API.

Auttaja · 31.05.2007

Pysy puhtaana

-> Tyhjennä järjestelmänpalautus Ohjeet
Tyhjennä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä.

-> Käytä CCleaneria -> CCleaner
Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.

-> Asenna SpywareBlaster -> SpywareBlaster
SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia!
Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas

-> Asenna MVPS Hosts tiedosto -> MVPS Hosts
Estää koneesi yhteyden haitallisiin sivustoihin.
Opas saatavilla suomeksi! Nimimerkki Axelin opas

-> Vaihda selaimesi Firefoxiin -> Firefox
Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer.

-> Pidä järjestelmäsi ajantasalla. -> Windows Update
Vieraile Windows Updatessa säännöllisesti.

-> Pidä palomuuri ja virustorjunta ajantasalla
Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi.
ja hyvä myös escan http://koti.mbnet.fi/pattaya1/escanmwav.htm

->Pidä ohjelmistosi ajantasalla. -> Secunia Software Inspector
Secunia Software Inspector tutkii sinun järjestälmäsi ja ohjelmistosi puuttuvien turvallisuuspäivityksien osalta. Tavallinen tutkinta kestää normaalisti 5-40 sekuntia, kun läpikotainen (thorough system inspection) voi kestää useita minuutteja.

->Seuraa säännöllisesti viestintäviraston tietoja uusista haavoittuvuuksista -> CERT-FI

Jos tulevaisuudessa tulee haittaohjelmien kanssa ongelmia, älä epäröi laittaa Hijackthis-logia tarkistettavaksi!

AIMKilla · 31.05.2007

jep jep..kone tykkää välis sammuilla..ei ole ennen tehnyt ja niitä virheitä näkyy vieläkin pikakuvakkeis ja sivustoilla. on noita ohjelmia tullu jo kokeeltua..en sit tiiä.

Auttaja · 31.05.2007

Jees, eli jos kone sammuilee niin putsaa pölyt tutki lämmöt, pikakuvakeongelmaa voit windowsongelmien puolella pohtia, laita vaikka esimerkkikuvia asiasta.

AIMKilla · 31.05.2007

noi ongelmat vaan tuli kun näitä tuhansia ohjelmia on käynyt läpi sun muuta. täs on nyt hijackthis loki viel:

Logfile of HijackThis v1.99.1
Scan saved at 20:51:02, on 31.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir Workstation\avguard.exe
C:\Program Files\AntiVir Workstation\sched.exe
C:\Program Files\AntiVir Workstation\avesvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ULI5289\ALi5289.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\A-Link\RoadRunner 32\CnxDslTb.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\AntiVir Workstation\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wscntfy.exe
D:\MOZILLA\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jani\Työpöytä\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Bitcomet\tools\BitCometBHO_1.1.3.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\A-Link\RoadRunner 32\CnxDslTb.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir Workstation\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Download all links using BitComet - res://D:\Bitcomet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://D:\Bitcomet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://D:\Bitcomet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'avsda.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174641095828
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Windows Workstation MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\AntiVir Workstation\avmailc.exe
O23 - Service: AntiVir Windows Workstation Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir Workstation\sched.exe
O23 - Service: AntiVir Windows Workstation Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir Workstation\avguard.exe
O23 - Service: AntiVir Windows Workstation MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\AntiVir Workstation\avesvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Auttaja · 31.05.2007

Jees kuten sanottua kaikki logit on puhtaita

Laita tarkkoja ongelmakuvauksi print screenien kanssa, tähän ketjuun sekä windows ongelmiin. Ja putsaa ne hemmetin pölyt ja tutki lämmöt.

AIMKilla · 01.06.2007

no joo millä otan niitä screenejä..pelkällä näppäimistö avulla ei saa otettuu kuvii. ja ei tässä enää mitään pölyjä oo.................

Hujo · 01.06.2007

katos tolla ne lämmöt
Linkki EVEREST Free Edition 2.20

Kirjaudu tai liity jäseneksi

nyt apua! tässä hijackthis logi

Hujo Guest

AIMKilla Member

Hujo Guest

AIMKilla Member

Hujo Guest

Auttaja Guest

AIMKilla Member

Hujo Guest

AIMKilla Member

Auttaja Guest

AIMKilla Member

Auttaja Guest

AIMKilla Member

Auttaja Guest

AIMKilla Member

Auttaja Guest

AIMKilla Member

Auttaja Guest

AIMKilla Member

Hujo Guest

Jaa tämä sivu

Kirjaudu tai liity jäseneksi

nyt apua! tässä hijackthis logi

Hujo Guest

AIMKilla Member

Hujo Guest

AIMKilla Member

Hujo Guest

Auttaja Guest

AIMKilla Member

Hujo Guest

AIMKilla Member

Auttaja Guest

AIMKilla Member

Auttaja Guest

AIMKilla Member

Auttaja Guest

AIMKilla Member

Auttaja Guest

AIMKilla Member

Auttaja Guest

AIMKilla Member

Hujo Guest

Jaa tämä sivu

Hyödyllisiä hakuja