|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Jos joku kattos tän
|
|
Senior Member
|
15. marraskuuta 2007 @ 11:39 |
Linkki tähän viestiin
|
Koneella on jotain ylimääräistä:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:35:31, on 15.11.2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\explorer.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telkku.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\Windows\system32\uzxmuzlq.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [dcb2ceb7] rundll32.exe "C:\Windows\system32\qqwpvndu.dll",b
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O13 - Gopher Prefix:
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DomainService - - C:\Windows\system32\hmngkdjf.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 4842 bytes
CM 690 II Advanced, i5 2500K, MSI P67A-C43, Scythe Mugen-2 Revision B, XFX Pro550 80+ pronze, CORSAIR DDR3-1600 2*2G CL9 VENGEANCE, Asus r9 290x directCU II ,Samsung 830 SSD 128Gb+ 4.5 teraa, Win 7.
|
|
tomato71
Suspended due to non-functional email address
|
15. marraskuuta 2007 @ 20:42 |
Linkki tähän viestiin
|
moi
tästä lähtee...
Lataa VundoFix.exe työpöydällesi.
*Tupla-klikkaa VundoFix.exe ajaaksesi sen.
*Klikkaa Scan for Vundo valintaa.
*Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
*Sinulta kysytään haluatko poistaa filut - klikkaa YES.
*Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
*Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
*Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.
Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.
ja sitten
1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix.exe
combofix.exe
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Lähetä vundo-loki ja combo-loki ja uusi hjt-loki
www.virustorjunta.net
|
Senior Member
|
16. marraskuuta 2007 @ 19:57 |
Linkki tähän viestiin
|
Tässäpä nämä ovat:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:34:54, on 16.11.2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=5...www.telkku.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\Windows\system32\dbfcnirp.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [dcb2ceb7] rundll32.exe "C:\Windows\system32\yptpdrlq.dll",b
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
--
End of file - 7138 bytes
ComboFix 07-11-08.1 - SpaDe 2007-11-16 19:42:44.1 - NTFSx86
Microsoft® Windows Vista? Home Premium 6.0.6000.0.1252.1.1035.18.1943 [GMT 2:00]
Running from: C:\Users\SpaDe\Desktop\ComboFix.exe
* Created a new restore point
.
Systeemioikeuksien saaminen epäonnistui
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\ProgramData\Microsoft\Windows\Start Menu\Live Safety Center.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Online Security Guide.lnk
C:\Users\SpaDe\AppData\Roaming\inst.exe
C:\Users\SpaDe\Desktop\Live Safety Center.lnk
C:\Users\SpaDe\Desktop\Online Security Guide.lnk
C:\Users\SpaDe\FAVORI~1\Online Security Guide.lnk
C:\Users\SpaDe\Favorites\Online Security Guide.lnk
C:\Windows\system32\dbfcnirp.dllbox
C:\Windows\System32\hjmoq.ini
C:\Windows\System32\hjmoq.ini2
C:\Windows\system32\qomjh.dll . . . . poisto epäonnistui
.
((((( Tiedostot, jotka on luotu seuraavalla aikav?lill?: 2007-10-16 to 2007-11-16 )))))))))))))))))
.
2007-11-16 19:36 51,200 --a------ C:\Windows\NirCmd.exe
2007-11-16 19:34 <KANSIO> d-------- C:\Program Files\Trend Micro
2007-11-16 19:28 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe
2007-11-16 19:22 <KANSIO> d-------- C:\VundoFix Backups
2007-11-16 18:26 <KANSIO> d-------- C:\Windows\pss
2007-11-16 17:45 145,984 --a------ C:\Windows\System32\vosgthii.dll
2007-11-16 17:45 145,984 --a------ C:\Windows\System32\dbfcnirp.dll
2007-11-16 17:45 85,056 --a------ C:\Windows\System32\yptpdrlq.dll
2007-11-16 17:45 81,984 --a------ C:\Windows\System32\ixmchpry.dll
2007-11-16 17:45 71,232 --a------ C:\Windows\System32\hyidimeo.exe
2007-11-16 14:46 <KANSIO> d-------- C:\Program Files\Gabest
2007-11-16 14:41 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2007-11-16 13:14 <KANSIO> d-------- C:\Users\All Users\PC Suite
2007-11-16 13:14 <KANSIO> d-------- C:\ProgramData\PC Suite
2007-11-16 11:57 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\Nokia
2007-11-16 11:55 <KANSIO> d-------- C:\Program Files\DIFX
2007-11-16 11:55 <KANSIO> d-------- C:\Program Files\Common Files\PCSuite
2007-11-16 11:55 <KANSIO> d-------- C:\Program Files\Common Files\Nokia
2007-11-16 11:54 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\PC Suite
2007-11-16 11:53 <KANSIO> d-------- C:\Program Files\PC Connectivity Solution
2007-11-16 11:51 <KANSIO> d-------- C:\Program Files\Nokia
2007-11-16 11:51 90,624 --a------ C:\Windows\System32\nmwcdcls.dll
2007-11-16 11:50 <KANSIO> d-------- C:\Users\All Users\Installations
2007-11-16 11:50 <KANSIO> d-------- C:\ProgramData\Installations
2007-11-16 10:39 <KANSIO> d-------- C:\Program Files\URUSoft
2007-11-16 10:24 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\Vso
2007-11-16 10:24 <KANSIO> d-------- C:\Program Files\VSO
2007-11-16 10:24 217,127 --a------ C:\Windows\System32\drv43260.dll
2007-11-16 10:24 208,935 --a------ C:\Windows\System32\drv33260.dll
2007-11-16 10:24 176,165 --a------ C:\Windows\System32\drv23260.dll
2007-11-16 10:24 47,360 --a------ C:\Windows\System32\drivers\pcouffin.sys
2007-11-16 10:24 47,360 --a------ C:\Users\SpaDe\AppData\Roaming\pcouffin.sys
2007-11-15 22:56 <KANSIO> d-------- C:\Windows\System32\OEM
2007-11-15 22:56 <KANSIO> d-------- C:\Windows\PANTHER
2007-11-15 22:56 459,304 --a------ C:\Windows\System32\perfh00B.dat
2007-11-15 22:56 274,158 --a------ C:\Windows\System32\perfi00B.dat
2007-11-15 22:56 83,690 --a------ C:\Windows\System32\perfc00B.dat
2007-11-15 22:56 36,790 --a------ C:\Windows\System32\perfd00B.dat
2007-11-15 22:55 <KANSIO> d-------- C:\Windows\System32\fi
2007-11-15 22:55 <KANSIO> d-------- C:\Windows\System32\drivers\fi-FI
2007-11-15 22:55 <KANSIO> d-------- C:\Windows\fi-FI
2007-11-15 20:47 <KANSIO> d-------- C:\Program Files\Music NFO Builder
2007-11-15 19:33 51,072 --a------ C:\Windows\System32\drivers\ikhlayer.sys
2007-11-15 19:33 30,592 --a------ C:\Windows\System32\drivers\ikhfile.sys
2007-11-15 19:32 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\PC Tools
2007-11-15 19:32 <KANSIO> d-------- C:\Program Files\Spyware Doctor
2007-11-15 19:28 <KANSIO> d-------- C:\Program Files\Elaborate Bytes
2007-11-15 19:27 <KANSIO> d-------- C:\Program Files\SlySoft
2007-11-15 19:22 <KANSIO> d-------- C:\Program Files\Alcohol Soft
2007-11-15 18:53 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\Uniblue
2007-11-15 18:52 <KANSIO> d-------- C:\Program Files\Uniblue
2007-11-15 18:41 5,120 --a------ C:\Windows\System32\ff_vfw.dll
2007-11-15 18:28 <KANSIO> d-------- C:\Program Files\AC3Filter
2007-11-15 18:25 <KANSIO> d-------- C:\Program Files\ffdshow
2007-11-15 18:20 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\Media Player Classic
2007-11-15 18:11 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\Nero
2007-11-15 18:04 <KANSIO> d-------- C:\Users\All Users\Nero
2007-11-15 18:04 <KANSIO> d-------- C:\ProgramData\Nero
2007-11-15 18:04 <KANSIO> d-------- C:\Program Files\Nero
2007-11-15 18:04 <KANSIO> d-------- C:\Program Files\Common Files\Nero
2007-11-15 17:41 313,952 --------- C:\Windows\System32\qomjh.dll
2007-11-15 17:36 37,376 --a------ C:\Windows\System32\nnnkjhh.dll
2007-11-15 16:10 <KANSIO> d-------- C:\Windows\System32\Macromed
2007-11-15 15:27 <KANSIO> d-------- C:\Program Files\Microsoft.NET
2007-11-15 15:25 <KANSIO> d-------- C:\Users\All Users\Microsoft Help
2007-11-15 15:25 <KANSIO> d-------- C:\ProgramData\Microsoft Help
2007-11-15 15:14 <KANSIO> d-------- C:\Program Files\DAEMON Tools
2007-11-15 15:04 685,816 --a------ C:\Windows\System32\drivers\sptd.sys
2007-11-15 15:01 <KANSIO> d-------- C:\Program Files\Musclesoft
2007-11-15 14:23 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\uTorrent
2007-11-15 14:23 <KANSIO> d-------- C:\Program Files\uTorrent
2007-11-15 14:04 <KANSIO> d-------- C:\Users\All Users\NVIDIA
2007-11-15 14:04 <KANSIO> d-------- C:\ProgramData\NVIDIA
2007-11-15 13:54 1,073,152 --a------ C:\Windows\System32\nvcpluir.dll
2007-11-15 13:54 753,664 --a------ C:\Windows\System32\nvcplui.exe
2007-11-15 13:54 376,320 --a------ C:\Windows\System32\winsrv.dll
2007-11-15 13:54 307,200 --a------ C:\Windows\System32\nvexpbar.dll
2007-11-15 13:54 49,664 --a------ C:\Windows\System32\csrsrv.dll
2007-11-15 13:51 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\Winamp
2007-11-15 13:51 <KANSIO> d-------- C:\Program Files\Winamp
2007-11-15 13:50 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2007-11-15 13:50 414,208 --a------ C:\Windows\System32\msscp.dll
2007-11-15 13:50 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2007-11-15 13:50 7,680 --a------ C:\Windows\System32\spwmp.dll
2007-11-15 13:50 4,096 --a------ C:\Windows\System32\dxmasf.dll
2007-11-15 13:48 <KANSIO> d-------- C:\Program Files\Alwil Software
2007-11-15 13:45 1,335,296 --a------ C:\Windows\System32\msxml6.dll
2007-11-15 13:45 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2007-11-15 13:45 2,048 --a------ C:\Windows\System32\msxml6r.dll
2007-11-15 13:43 750,080 --a------ C:\Windows\System32\qmgr.dll
2007-11-15 13:39 <KANSIO> d-------- C:\Windows\PCHEALTH
2007-11-15 13:33 <KANSIO> d--hs---- C:\Windows\Installer
2007-11-15 13:33 <KANSIO> d-------- C:\Users\All Users\WLInstaller
2007-11-15 13:33 <KANSIO> d-------- C:\ProgramData\WLInstaller
2007-11-15 13:33 <KANSIO> d-------- C:\Program Files\Windows Live
2007-11-15 13:33 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-15 13:27 <KANSIO> dr------- C:\Users\SpaDe\Videos
2007-11-15 13:27 <KANSIO> dr------- C:\Users\SpaDe\Searches
2007-11-15 13:27 <KANSIO> dr------- C:\Users\SpaDe\Saved Games
2007-11-15 13:27 <KANSIO> dr------- C:\Users\SpaDe\Pictures
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-16 11:04 --------- d-----w C:\Users\SpaDe\AppData\Roaming\Vso
2007-11-16 08:24 --------- d-----w C:\Program Files\VSO
2007-11-15 20:55 --------- d-----w C:\Program Files\Windows Sidebar
2007-11-15 20:55 --------- d-----w C:\Program Files\Windows Photo Gallery
2007-11-15 20:55 --------- d-----w C:\Program Files\Windows Journal
2007-11-15 20:55 --------- d-----w C:\Program Files\Windows Collaboration
2007-11-15 12:03 174 --sha-w C:\Program Files\desktop.ini
2007-11-15 12:00 --------- d-----w C:\Program Files\Windows Mail
2007-11-15 12:00 --------- d-----w C:\Program Files\Windows Calendar
2007-11-15 11:59 --------- d-----w C:\Program Files\Windows Defender
2007-11-15 11:56 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2007-11-15 11:56 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2007-11-15 11:56 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2007-11-15 11:56 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2007-11-15 11:56 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2007-11-15 11:55 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-11-15 11:49 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2007-11-15 11:49 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2007-11-15 11:49 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2007-11-15 11:48 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2007-11-15 11:48 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2007-11-15 11:48 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2007-11-15 11:48 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2007-11-15 11:48 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2007-11-15 11:48 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys
2007-11-15 11:44 12,800 ----a-w C:\Windows\system32\drivers\fs_rec.sys
2007-11-15 11:22 --------- d-sh--w C:\ProgramData\Työpöytä
2007-11-15 11:22 --------- d-sh--w C:\ProgramData\Tiedostot
2007-11-15 11:22 --------- d-sh--w C:\ProgramData\Suosikit
2007-11-15 11:22 --------- d-sh--w C:\ProgramData\Mallit
2007-11-15 11:22 --------- d-sh--w C:\ProgramData\Käynnistä-valikko
2007-10-25 17:03 23,152 ----a-w C:\Windows\system32\drivers\aswRdr.sys
2007-10-25 17:01 45,648 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2007-10-25 17:01 42,912 ----a-w C:\Windows\system32\drivers\aswTdi.sys
.
(((((((((((((((((((((((((((((( Rekisterin k?ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhji? arvoja ja laillisia oletusarvoja ei n?ytet?
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4db552e3-97d0-43e7-8bbc-24af95995c07}]
2007-11-16 17:45 81984 --a------ C:\Windows\system32\ixmchpry.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{951F00B9-6847-4210-94C7-0DE310966E27}]
2007-11-15 17:41 313952 --------- C:\Windows\system32\qomjh.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-15 13:52]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 18:20]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 05:28]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 05:28]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 21:21]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10]
"dcb2ceb7"="C:\Windows\system32\yptpdrlq.dll" [2007-11-16 17:45]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 14:35]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
"µTorrent"="C:\Program Files\uTorrent\utorrent.exe" [2007-11-15 17:27]
"uTorrent"="C:\Program Files\uTorrent\utorrent.exe" [2007-11-15 17:27]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2006-11-10 16:53]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E0B54BEC-9209-4B5D-94E5-A8906DE18FFB}"= C:\Windows\system32\nnnkjhh.dll [2007-11-15 17:36 37376]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dbfcnirp]
dbfcnirp.dll 2007-11-16 17:45 145984 C:\Windows\System32\dbfcnirp.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnkjhh]
nnnkjhh.dll 2007-11-15 17:36 37376 C:\Windows\System32\nnnkjhh.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\Windows\system32\qomjh.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
C:\Program Files\Uniblue\SpeedUpMyPC 3\StartSUMP2.exe
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
R3 nvlddmkm;nvlddmkm;C:\Windows\system32\DRIVERS\nvlddmkm.sys
R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-16 19:48:35
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-16 19:50:26 - machine was rebooted
.
--- E O F ---
VundoFix V6.6.1
Checking Java version...
Sun Java not detected
Scan started at 19:22:09 16.11.2007
Listing files found while scanning....
C:\windows\System32\dbfcnirp.dll
C:\windows\System32\vosgthii.dll
Beginning removal...
Kerkesin asentamaa windowsinkin uusix, mut paska pysyi...
CM 690 II Advanced, i5 2500K, MSI P67A-C43, Scythe Mugen-2 Revision B, XFX Pro550 80+ pronze, CORSAIR DDR3-1600 2*2G CL9 VENGEANCE, Asus r9 290x directCU II ,Samsung 830 SSD 128Gb+ 4.5 teraa, Win 7.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 16. marraskuuta 2007 @ 20:09
|
|
tomato71
Suspended due to non-functional email address
|
16. marraskuuta 2007 @ 20:27 |
Linkki tähän viestiin
|
|
onko nämä kaikki lokit otettu winukan uudeleen asennuksen jälkeen vai ennen????
vundo lokista puuttuu loppuosa
www.virustorjunta.net
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 16. marraskuuta 2007 @ 20:28
|
Senior Member
|
17. marraskuuta 2007 @ 08:35 |
Linkki tähän viestiin
|
|
On otettu asennuksen jälkeen.
Vundo ei tehny tuon kummempaa lokia.
Se suurin sonta lähti pois, ja jos tää on täs niin kiitän ja kumarran.
Paituvei, mikä roska siel oli?
CM 690 II Advanced, i5 2500K, MSI P67A-C43, Scythe Mugen-2 Revision B, XFX Pro550 80+ pronze, CORSAIR DDR3-1600 2*2G CL9 VENGEANCE, Asus r9 290x directCU II ,Samsung 830 SSD 128Gb+ 4.5 teraa, Win 7.
|
|
tomato71
Suspended due to non-functional email address
|
17. marraskuuta 2007 @ 12:10 |
Linkki tähän viestiin
|
moi
Troijan Virtumonde koneella ja on vieläkin
Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:
Lainaus:
File::
C:\Windows\System32\vosgthii.dll
C:\Windows\System32\dbfcnirp.dll
C:\Windows\System32\yptpdrlq.dll
C:\Windows\System32\ixmchpry.dll
C:\Windows\System32\hyidimeo.exe
C:\Windows\System32\qomjh.dll
C:\Windows\System32\nnnkjhh.dll
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E0B54BEC-9209-4B5D-94E5-A8906DE18FFB}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dbfcnirp]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnkjhh]
Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).
Sitten raahaa CFScript ComboFix.exeen kuten alla.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne + uusi hjt-loki.
www.virustorjunta.net
|
Senior Member
|
17. marraskuuta 2007 @ 17:33 |
Linkki tähän viestiin
|
Tosa combo:
ComboFix 07-11-08.1 - SpaDe 2007-11-17 17:19:16.2 - NTFSx86
Microsoft® Windows Vista? Home Premium 6.0.6000.0.1252.1.1035.18.1862 [GMT 2:00]
Running from: C:\Users\SpaDe\Desktop\ComboFix.exe
Command switches used :: C:\Users\SpaDe\Documents\CFScript.txt
* Created a new restore point
FILE
C:\Windows\System32\dbfcnirp.dll
C:\Windows\System32\hyidimeo.exe
C:\Windows\System32\ixmchpry.dll
C:\Windows\System32\nnnkjhh.dll
C:\Windows\System32\qomjh.dll
C:\Windows\System32\vosgthii.dll
C:\Windows\System32\yptpdrlq.dll
.
Systeemioikeuksien saaminen epäonnistui
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\System32\hjmoq.ini
C:\Windows\System32\hjmoq.ini2
C:\Windows\System32\hyidimeo.exe
C:\Windows\System32\ixmchpry.dll
C:\Windows\System32\nnnkjhh.dll
C:\Windows\System32\qomjh.dll
C:\Windows\System32\yptpdrlq.dll
.
((((( Tiedostot, jotka on luotu seuraavalla aikav?lill?: 2007-10-17 to 2007-11-17 )))))))))))))))))
.
2007-11-17 16:05 <KANSIO> d-------- C:\Program Files\SimpleDivX
2007-11-16 22:26 <KANSIO> d-------- C:\Program Files\Xvid
2007-11-16 22:26 765,952 --a------ C:\Windows\System32\xvidcore.dll
2007-11-16 22:26 180,224 --a------ C:\Windows\System32\xvidvfw.dll
2007-11-16 19:36 51,200 --a------ C:\Windows\NirCmd.exe
2007-11-16 19:34 <KANSIO> d-------- C:\Program Files\Trend Micro
2007-11-16 19:28 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe
2007-11-16 19:22 <KANSIO> d-------- C:\VundoFix Backups
2007-11-16 18:26 <KANSIO> d-------- C:\Windows\pss
2007-11-16 14:46 <KANSIO> d-------- C:\Program Files\Gabest
2007-11-16 14:41 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2007-11-16 13:14 <KANSIO> d-------- C:\Users\All Users\PC Suite
2007-11-16 13:14 <KANSIO> d-------- C:\ProgramData\PC Suite
2007-11-16 11:57 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\Nokia
2007-11-16 11:55 <KANSIO> d-------- C:\Program Files\DIFX
2007-11-16 11:55 <KANSIO> d-------- C:\Program Files\Common Files\PCSuite
2007-11-16 11:55 <KANSIO> d-------- C:\Program Files\Common Files\Nokia
2007-11-16 11:54 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\PC Suite
2007-11-16 11:53 <KANSIO> d-------- C:\Program Files\PC Connectivity Solution
2007-11-16 11:51 <KANSIO> d-------- C:\Program Files\Nokia
2007-11-16 11:51 90,624 --a------ C:\Windows\System32\nmwcdcls.dll
2007-11-16 11:50 <KANSIO> d-------- C:\Users\All Users\Installations
2007-11-16 11:50 <KANSIO> d-------- C:\ProgramData\Installations
2007-11-16 10:39 <KANSIO> d-------- C:\Program Files\URUSoft
2007-11-16 10:24 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\Vso
2007-11-16 10:24 <KANSIO> d-------- C:\Program Files\VSO
2007-11-16 10:24 217,127 --a------ C:\Windows\System32\drv43260.dll
2007-11-16 10:24 208,935 --a------ C:\Windows\System32\drv33260.dll
2007-11-16 10:24 176,165 --a------ C:\Windows\System32\drv23260.dll
2007-11-16 10:24 47,360 --a------ C:\Windows\System32\drivers\pcouffin.sys
2007-11-16 10:24 47,360 --a------ C:\Users\SpaDe\AppData\Roaming\pcouffin.sys
2007-11-15 22:56 <KANSIO> d-------- C:\Windows\System32\OEM
2007-11-15 22:56 <KANSIO> d-------- C:\Windows\PANTHER
2007-11-15 22:56 459,304 --a------ C:\Windows\System32\perfh00B.dat
2007-11-15 22:56 274,158 --a------ C:\Windows\System32\perfi00B.dat
2007-11-15 22:56 83,690 --a------ C:\Windows\System32\perfc00B.dat
2007-11-15 22:56 36,790 --a------ C:\Windows\System32\perfd00B.dat
2007-11-15 22:55 <KANSIO> d-------- C:\Windows\System32\fi
2007-11-15 22:55 <KANSIO> d-------- C:\Windows\System32\drivers\fi-FI
2007-11-15 22:55 <KANSIO> d-------- C:\Windows\fi-FI
2007-11-15 20:47 <KANSIO> d-------- C:\Program Files\Music NFO Builder
2007-11-15 19:33 51,072 --a------ C:\Windows\System32\drivers\ikhlayer.sys
2007-11-15 19:33 30,592 --a------ C:\Windows\System32\drivers\ikhfile.sys
2007-11-15 19:32 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\PC Tools
2007-11-15 19:32 <KANSIO> d-------- C:\Program Files\Spyware Doctor
2007-11-15 19:28 <KANSIO> d-------- C:\Program Files\Elaborate Bytes
2007-11-15 19:27 <KANSIO> d-------- C:\Program Files\SlySoft
2007-11-15 19:22 <KANSIO> d-------- C:\Program Files\Alcohol Soft
2007-11-15 18:53 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\Uniblue
2007-11-15 18:52 <KANSIO> d-------- C:\Program Files\Uniblue
2007-11-15 18:41 5,120 --a------ C:\Windows\System32\ff_vfw.dll
2007-11-15 18:28 <KANSIO> d-------- C:\Program Files\AC3Filter
2007-11-15 18:25 <KANSIO> d-------- C:\Program Files\ffdshow
2007-11-15 18:20 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\Media Player Classic
2007-11-15 18:11 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\Nero
2007-11-15 18:04 <KANSIO> d-------- C:\Users\All Users\Nero
2007-11-15 18:04 <KANSIO> d-------- C:\ProgramData\Nero
2007-11-15 18:04 <KANSIO> d-------- C:\Program Files\Nero
2007-11-15 18:04 <KANSIO> d-------- C:\Program Files\Common Files\Nero
2007-11-15 16:10 <KANSIO> d-------- C:\Windows\System32\Macromed
2007-11-15 15:27 <KANSIO> d-------- C:\Program Files\Microsoft.NET
2007-11-15 15:25 <KANSIO> d-------- C:\Users\All Users\Microsoft Help
2007-11-15 15:25 <KANSIO> d-------- C:\ProgramData\Microsoft Help
2007-11-15 15:14 <KANSIO> d-------- C:\Program Files\DAEMON Tools
2007-11-15 15:04 685,816 --a------ C:\Windows\System32\drivers\sptd.sys
2007-11-15 15:01 <KANSIO> d-------- C:\Program Files\Musclesoft
2007-11-15 14:23 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\uTorrent
2007-11-15 14:23 <KANSIO> d-------- C:\Program Files\uTorrent
2007-11-15 14:04 <KANSIO> d-------- C:\Users\All Users\NVIDIA
2007-11-15 14:04 <KANSIO> d-------- C:\ProgramData\NVIDIA
2007-11-15 13:54 1,073,152 --a------ C:\Windows\System32\nvcpluir.dll
2007-11-15 13:54 753,664 --a------ C:\Windows\System32\nvcplui.exe
2007-11-15 13:54 376,320 --a------ C:\Windows\System32\winsrv.dll
2007-11-15 13:54 307,200 --a------ C:\Windows\System32\nvexpbar.dll
2007-11-15 13:54 49,664 --a------ C:\Windows\System32\csrsrv.dll
2007-11-15 13:51 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\Winamp
2007-11-15 13:51 <KANSIO> d-------- C:\Program Files\Winamp
2007-11-15 13:50 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2007-11-15 13:50 414,208 --a------ C:\Windows\System32\msscp.dll
2007-11-15 13:50 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2007-11-15 13:50 7,680 --a------ C:\Windows\System32\spwmp.dll
2007-11-15 13:50 4,096 --a------ C:\Windows\System32\dxmasf.dll
2007-11-15 13:48 <KANSIO> d-------- C:\Program Files\Alwil Software
2007-11-15 13:45 1,335,296 --a------ C:\Windows\System32\msxml6.dll
2007-11-15 13:45 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2007-11-15 13:45 2,048 --a------ C:\Windows\System32\msxml6r.dll
2007-11-15 13:43 750,080 --a------ C:\Windows\System32\qmgr.dll
2007-11-15 13:39 <KANSIO> d-------- C:\Windows\PCHEALTH
2007-11-15 13:33 <KANSIO> d--hs---- C:\Windows\Installer
2007-11-15 13:33 <KANSIO> d-------- C:\Users\All Users\WLInstaller
2007-11-15 13:33 <KANSIO> d-------- C:\ProgramData\WLInstaller
2007-11-15 13:33 <KANSIO> d-------- C:\Program Files\Windows Live
2007-11-15 13:33 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-15 13:27 <KANSIO> dr------- C:\Users\SpaDe\Videos
2007-11-15 13:27 <KANSIO> dr------- C:\Users\SpaDe\Searches
2007-11-15 13:27 <KANSIO> dr------- C:\Users\SpaDe\Saved Games
2007-11-15 13:27 <KANSIO> dr------- C:\Users\SpaDe\Pictures
2007-11-15 13:27 <KANSIO> dr------- C:\Users\SpaDe\Music
2007-11-15 13:27 <KANSIO> dr------- C:\Users\SpaDe\Links
2007-11-15 13:27 <KANSIO> dr------- C:\Users\SpaDe\Downloads
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-16 11:04 --------- d-----w C:\Users\SpaDe\AppData\Roaming\Vso
2007-11-16 08:24 --------- d-----w C:\Program Files\VSO
2007-11-15 20:55 --------- d-----w C:\Program Files\Windows Sidebar
2007-11-15 20:55 --------- d-----w C:\Program Files\Windows Photo Gallery
2007-11-15 20:55 --------- d-----w C:\Program Files\Windows Journal
2007-11-15 20:55 --------- d-----w C:\Program Files\Windows Collaboration
2007-11-15 12:03 174 --sha-w C:\Program Files\desktop.ini
2007-11-15 12:00 --------- d-----w C:\Program Files\Windows Mail
2007-11-15 12:00 --------- d-----w C:\Program Files\Windows Calendar
2007-11-15 11:59 --------- d-----w C:\Program Files\Windows Defender
2007-11-15 11:56 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2007-11-15 11:56 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2007-11-15 11:56 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2007-11-15 11:56 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2007-11-15 11:56 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2007-11-15 11:55 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-11-15 11:49 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2007-11-15 11:49 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2007-11-15 11:49 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2007-11-15 11:48 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2007-11-15 11:48 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2007-11-15 11:48 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2007-11-15 11:48 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2007-11-15 11:48 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2007-11-15 11:48 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys
2007-11-15 11:44 12,800 ----a-w C:\Windows\system32\drivers\fs_rec.sys
2007-11-15 11:22 --------- d-sh--w C:\ProgramData\Työpöytä
2007-11-15 11:22 --------- d-sh--w C:\ProgramData\Tiedostot
2007-11-15 11:22 --------- d-sh--w C:\ProgramData\Suosikit
2007-11-15 11:22 --------- d-sh--w C:\ProgramData\Mallit
2007-11-15 11:22 --------- d-sh--w C:\ProgramData\Käynnistä-valikko
2007-10-25 17:03 23,152 ----a-w C:\Windows\system32\drivers\aswRdr.sys
2007-10-25 17:01 45,648 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2007-10-25 17:01 42,912 ----a-w C:\Windows\system32\drivers\aswTdi.sys
.
((((((((((((((((((((((((((((( snapshot@2007-11-16_19.49.32.13 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-16 17:48:06 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2007-11-17 15:24:33 67,584 --s-a-w C:\Windows\bootstat.dat
- 2007-11-16 16:24:59 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2007-11-16 23:58:47 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2007-11-16 17:48:21 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2007-11-17 15:24:44 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2007-11-17 15:24:44 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2007-11-16 16:25:06 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2007-11-16 23:58:47 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2007-11-16 17:48:21 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2007-11-17 15:24:44 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2007-11-17 15:24:44 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2007-11-16 17:48:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-11-17 15:17:55 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-11-16 17:48:45 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-17 15:17:55 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-11-16 17:48:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-11-17 15:17:55 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-11-16 17:42:29 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2007-11-17 15:19:00 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
- 2007-11-16 16:27:00 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2007-11-17 05:51:48 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2007-11-16 17:32:25 4,086 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2509490407-2211767027-993328738-1000_UserData.bin
+ 2007-11-17 05:54:45 4,462 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2509490407-2211767027-993328738-1000_UserData.bin
- 2007-11-16 17:32:25 45,486 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-11-17 05:54:45 46,158 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2007-11-16 17:03:53 23,622 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-11-16 17:49:57 25,368 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
(((((((((((((((((((((((((((((( Rekisterin k?ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhji? arvoja ja laillisia oletusarvoja ei n?ytet?
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-15 13:52]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 18:20]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 05:28]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 05:28]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 21:21]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10]
"dcb2ceb7"="C:\Windows\system32\yptpdrlq.dll" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 14:35]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
"µTorrent"="C:\Program Files\uTorrent\utorrent.exe" [2007-11-15 17:27]
"uTorrent"="C:\Program Files\uTorrent\utorrent.exe" [2007-11-15 17:27]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2006-11-10 16:53]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"=0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\Windows\system32\qomjh.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
C:\Program Files\Uniblue\SpeedUpMyPC 3\StartSUMP2.exe
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
R3 nvlddmkm;nvlddmkm;C:\Windows\system32\DRIVERS\nvlddmkm.sys
R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 17:24:57
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-17 17:26:14 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-16 19:50
.
--- E O F ---
...ja hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:31:39, on 17.11.2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telkku.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [dcb2ceb7] rundll32.exe "C:\Windows\system32\yptpdrlq.dll",b
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
--
End of file - 7127 bytes
CM 690 II Advanced, i5 2500K, MSI P67A-C43, Scythe Mugen-2 Revision B, XFX Pro550 80+ pronze, CORSAIR DDR3-1600 2*2G CL9 VENGEANCE, Asus r9 290x directCU II ,Samsung 830 SSD 128Gb+ 4.5 teraa, Win 7.
|
|
tomato71
Suspended due to non-functional email address
|
17. marraskuuta 2007 @ 17:52 |
Linkki tähän viestiin
|
|
ajotko tuon combofixin järjestelmävlvojana?
www.virustorjunta.net
|
Senior Member
|
17. marraskuuta 2007 @ 18:58 |
Linkki tähän viestiin
|
|
liitin sen muistion ja loput hoitu itestää.
Alalaidassa luki j.valvoja.
CM 690 II Advanced, i5 2500K, MSI P67A-C43, Scythe Mugen-2 Revision B, XFX Pro550 80+ pronze, CORSAIR DDR3-1600 2*2G CL9 VENGEANCE, Asus r9 290x directCU II ,Samsung 830 SSD 128Gb+ 4.5 teraa, Win 7.
|
|
tomato71
Suspended due to non-functional email address
|
17. marraskuuta 2007 @ 19:28 |
Linkki tähän viestiin
|
ja sitten,lisää löytyy
Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:
Lainaus:
File::
C:\Windows\system32\yptpdrlq.dll
C:\Windows\system32\qomjh.dll
Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).
Sitten raahaa CFScript ComboFix.exeen kuten alla.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.
poista vundofix koneelta ja lataa uusi samasta linkistä
ja sitten ajat vundofixin perään
Lähetä combofix.txt + vundon-loki ja uusi hjt-loki
www.virustorjunta.net
|
Senior Member
|
17. marraskuuta 2007 @ 19:54 |
Linkki tähän viestiin
|
Tässä:
ComboFix 07-11-08.1 - SpaDe 2007-11-17 19:39:02.3 - NTFSx86
Microsoft® Windows Vista? Home Premium 6.0.6000.0.1252.1.1035.18.1915 [GMT 2:00]
Running from: C:\Users\SpaDe\Desktop\ComboFix.exe
Command switches used :: C:\Users\SpaDe\Documents\CFScript.txt
* Created a new restore point
FILE
C:\Windows\system32\qomjh.dll
C:\Windows\system32\yptpdrlq.dll
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2007-10-17 to 2007-11-17 )))))))))))))))))
.
2007-11-17 17:38 292,352 --a------ C:\Windows\System32\psisdecd.dll
2007-11-17 16:05 <KANSIO> d-------- C:\Program Files\SimpleDivX
2007-11-16 22:26 <KANSIO> d-------- C:\Program Files\Xvid
2007-11-16 22:26 765,952 --a------ C:\Windows\System32\xvidcore.dll
2007-11-16 22:26 180,224 --a------ C:\Windows\System32\xvidvfw.dll
2007-11-16 19:36 51,200 --a------ C:\Windows\NirCmd.exe
2007-11-16 19:34 <KANSIO> d-------- C:\Program Files\Trend Micro
2007-11-16 19:28 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe
2007-11-16 19:22 <KANSIO> d-------- C:\VundoFix Backups
2007-11-16 18:26 <KANSIO> d-------- C:\Windows\pss
2007-11-16 14:46 <KANSIO> d-------- C:\Program Files\Gabest
2007-11-16 14:41 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2007-11-16 13:14 <KANSIO> d-------- C:\Users\All Users\PC Suite
2007-11-16 13:14 <KANSIO> d-------- C:\ProgramData\PC Suite
2007-11-16 11:57 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\Nokia
2007-11-16 11:55 <KANSIO> d-------- C:\Program Files\DIFX
2007-11-16 11:55 <KANSIO> d-------- C:\Program Files\Common Files\PCSuite
2007-11-16 11:55 <KANSIO> d-------- C:\Program Files\Common Files\Nokia
2007-11-16 11:54 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\PC Suite
2007-11-16 11:53 <KANSIO> d-------- C:\Program Files\PC Connectivity Solution
2007-11-16 11:51 <KANSIO> d-------- C:\Program Files\Nokia
2007-11-16 11:51 90,624 --a------ C:\Windows\System32\nmwcdcls.dll
2007-11-16 11:50 <KANSIO> d-------- C:\Users\All Users\Installations
2007-11-16 11:50 <KANSIO> d-------- C:\ProgramData\Installations
2007-11-16 10:39 <KANSIO> d-------- C:\Program Files\URUSoft
2007-11-16 10:24 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\Vso
2007-11-16 10:24 <KANSIO> d-------- C:\Program Files\VSO
2007-11-16 10:24 217,127 --a------ C:\Windows\System32\drv43260.dll
2007-11-16 10:24 208,935 --a------ C:\Windows\System32\drv33260.dll
2007-11-16 10:24 176,165 --a------ C:\Windows\System32\drv23260.dll
2007-11-16 10:24 47,360 --a------ C:\Windows\System32\drivers\pcouffin.sys
2007-11-16 10:24 47,360 --a------ C:\Users\SpaDe\AppData\Roaming\pcouffin.sys
2007-11-15 22:56 <KANSIO> d-------- C:\Windows\System32\OEM
2007-11-15 22:56 <KANSIO> d-------- C:\Windows\PANTHER
2007-11-15 22:56 459,304 --a------ C:\Windows\System32\perfh00B.dat
2007-11-15 22:56 274,158 --a------ C:\Windows\System32\perfi00B.dat
2007-11-15 22:56 83,690 --a------ C:\Windows\System32\perfc00B.dat
2007-11-15 22:56 36,790 --a------ C:\Windows\System32\perfd00B.dat
2007-11-15 22:55 <KANSIO> d-------- C:\Windows\System32\fi
2007-11-15 22:55 <KANSIO> d-------- C:\Windows\System32\drivers\fi-FI
2007-11-15 22:55 <KANSIO> d-------- C:\Windows\fi-FI
2007-11-15 20:47 <KANSIO> d-------- C:\Program Files\Music NFO Builder
2007-11-15 19:33 51,072 --a------ C:\Windows\System32\drivers\ikhlayer.sys
2007-11-15 19:33 30,592 --a------ C:\Windows\System32\drivers\ikhfile.sys
2007-11-15 19:32 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\PC Tools
2007-11-15 19:32 <KANSIO> d-------- C:\Program Files\Spyware Doctor
2007-11-15 19:28 <KANSIO> d-------- C:\Program Files\Elaborate Bytes
2007-11-15 19:27 <KANSIO> d-------- C:\Program Files\SlySoft
2007-11-15 19:22 <KANSIO> d-------- C:\Program Files\Alcohol Soft
2007-11-15 18:53 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\Uniblue
2007-11-15 18:52 <KANSIO> d-------- C:\Program Files\Uniblue
2007-11-15 18:41 5,120 --a------ C:\Windows\System32\ff_vfw.dll
2007-11-15 18:28 <KANSIO> d-------- C:\Program Files\AC3Filter
2007-11-15 18:25 <KANSIO> d-------- C:\Program Files\ffdshow
2007-11-15 18:20 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\Media Player Classic
2007-11-15 18:11 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\Nero
2007-11-15 18:04 <KANSIO> d-------- C:\Users\All Users\Nero
2007-11-15 18:04 <KANSIO> d-------- C:\ProgramData\Nero
2007-11-15 18:04 <KANSIO> d-------- C:\Program Files\Nero
2007-11-15 18:04 <KANSIO> d-------- C:\Program Files\Common Files\Nero
2007-11-15 16:10 <KANSIO> d-------- C:\Windows\System32\Macromed
2007-11-15 15:27 <KANSIO> d-------- C:\Program Files\Microsoft.NET
2007-11-15 15:25 <KANSIO> d-------- C:\Users\All Users\Microsoft Help
2007-11-15 15:25 <KANSIO> d-------- C:\ProgramData\Microsoft Help
2007-11-15 15:14 <KANSIO> d-------- C:\Program Files\DAEMON Tools
2007-11-15 15:04 685,816 --a------ C:\Windows\System32\drivers\sptd.sys
2007-11-15 15:01 <KANSIO> d-------- C:\Program Files\Musclesoft
2007-11-15 14:23 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\uTorrent
2007-11-15 14:23 <KANSIO> d-------- C:\Program Files\uTorrent
2007-11-15 14:04 <KANSIO> d-------- C:\Users\All Users\NVIDIA
2007-11-15 14:04 <KANSIO> d-------- C:\ProgramData\NVIDIA
2007-11-15 13:54 1,073,152 --a------ C:\Windows\System32\nvcpluir.dll
2007-11-15 13:54 753,664 --a------ C:\Windows\System32\nvcplui.exe
2007-11-15 13:54 376,320 --a------ C:\Windows\System32\winsrv.dll
2007-11-15 13:54 307,200 --a------ C:\Windows\System32\nvexpbar.dll
2007-11-15 13:54 49,664 --a------ C:\Windows\System32\csrsrv.dll
2007-11-15 13:51 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\Winamp
2007-11-15 13:51 <KANSIO> d-------- C:\Program Files\Winamp
2007-11-15 13:50 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2007-11-15 13:50 414,208 --a------ C:\Windows\System32\msscp.dll
2007-11-15 13:50 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2007-11-15 13:50 7,680 --a------ C:\Windows\System32\spwmp.dll
2007-11-15 13:50 4,096 --a------ C:\Windows\System32\dxmasf.dll
2007-11-15 13:48 <KANSIO> d-------- C:\Program Files\Alwil Software
2007-11-15 13:45 1,335,296 --a------ C:\Windows\System32\msxml6.dll
2007-11-15 13:45 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2007-11-15 13:45 2,048 --a------ C:\Windows\System32\msxml6r.dll
2007-11-15 13:43 750,080 --a------ C:\Windows\System32\qmgr.dll
2007-11-15 13:39 <KANSIO> d-------- C:\Windows\PCHEALTH
2007-11-15 13:33 <KANSIO> d--hs---- C:\Windows\Installer
2007-11-15 13:33 <KANSIO> d-------- C:\Users\All Users\WLInstaller
2007-11-15 13:33 <KANSIO> d-------- C:\ProgramData\WLInstaller
2007-11-15 13:33 <KANSIO> d-------- C:\Program Files\Windows Live
2007-11-15 13:33 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-15 13:27 <KANSIO> dr------- C:\Users\SpaDe\Videos
2007-11-15 13:27 <KANSIO> dr------- C:\Users\SpaDe\Searches
2007-11-15 13:27 <KANSIO> dr------- C:\Users\SpaDe\Saved Games
2007-11-15 13:27 <KANSIO> dr------- C:\Users\SpaDe\Pictures
2007-11-15 13:27 <KANSIO> dr------- C:\Users\SpaDe\Music
2007-11-15 13:27 <KANSIO> dr------- C:\Users\SpaDe\Links
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-16 17:28 24,576 ----a-w C:\Windows\System32\VundoFixSVC.exe
2007-11-16 11:04 --------- d-----w C:\Users\SpaDe\AppData\Roaming\Vso
2007-11-16 08:24 --------- d-----w C:\Program Files\VSO
2007-11-15 20:55 --------- d-----w C:\Program Files\Windows Sidebar
2007-11-15 20:55 --------- d-----w C:\Program Files\Windows Photo Gallery
2007-11-15 20:55 --------- d-----w C:\Program Files\Windows Journal
2007-11-15 20:55 --------- d-----w C:\Program Files\Windows Collaboration
2007-11-15 12:03 174 --sha-w C:\Program Files\desktop.ini
2007-11-15 12:00 --------- d-----w C:\Program Files\Windows Mail
2007-11-15 12:00 --------- d-----w C:\Program Files\Windows Calendar
2007-11-15 11:59 --------- d-----w C:\Program Files\Windows Defender
2007-11-15 11:56 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-11-15 11:56 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-11-15 11:56 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2007-11-15 11:56 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-11-15 11:56 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2007-11-15 11:56 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2007-11-15 11:56 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-11-15 11:56 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2007-11-15 11:56 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-11-15 11:56 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-11-15 11:56 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-11-15 11:56 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-11-15 11:56 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-11-15 11:56 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-11-15 11:56 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2007-11-15 11:56 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-11-15 11:56 134,656 ----a-w C:\Windows\System32\dps.dll
2007-11-15 11:56 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-11-15 11:56 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-11-15 11:55 87,040 ----a-w C:\Windows\System32\msoert2.dll
2007-11-15 11:55 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-15 11:55 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-15 11:55 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-15 11:55 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-15 11:55 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-15 11:55 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2007-11-15 11:55 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-11-15 11:55 3,471,032 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-11-15 11:55 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-15 11:55 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-15 11:55 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-11-15 11:55 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-15 11:55 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2007-11-15 11:55 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-15 11:55 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-15 11:49 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2007-11-15 11:49 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2007-11-15 11:49 61,952 ----a-w C:\Windows\System32\cmifw.dll
2007-11-15 11:49 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2007-11-15 11:49 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2007-11-15 11:49 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2007-11-15 11:49 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2007-11-15 11:49 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2007-11-15 11:49 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2007-11-15 11:49 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
2007-11-15 11:48 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2007-11-15 11:48 8,704 ----a-w C:\Windows\System32\hccoin.dll
2007-11-15 11:48 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2007-11-15 11:48 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2007-11-15 11:48 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2007-11-15 11:48 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2007-11-15 11:48 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2007-11-15 11:48 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2007-11-15 11:48 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2007-11-15 11:48 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2007-11-15 11:48 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2007-11-15 11:48 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys
2007-11-15 11:48 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2007-11-15 11:48 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2007-11-15 11:48 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2007-11-15 11:46 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2007-11-15 11:46 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2007-11-15 11:46 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-11-15 11:46 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-11-15 11:46 39,936 ----a-w C:\Windows\System32\slcinst.dll
2007-11-15 11:46 351,232 ----a-w C:\Windows\System32\SLUI.exe
2007-11-15 11:46 33,280 ----a-w C:\Windows\System32\slwmi.dll
2007-11-15 11:46 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2007-11-15 11:46 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-11-15 11:46 223,232 ----a-w C:\Windows\System32\SLC.dll
2007-11-15 11:46 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2007-11-15 11:46 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2007-11-15 11:44 88,576 ----a-w C:\Windows\System32\avifil32.dll
2007-11-15 11:44 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-11-15 11:44 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2007-11-15 11:44 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2007-11-15 11:44 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2007-11-15 11:44 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-11-15 11:44 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2007-11-15 11:44 69,632 ----a-w C:\Windows\System32\sendmail.dll
2007-11-15 11:44 65,024 ----a-w C:\Windows\System32\avicap32.dll
2007-11-15 11:44 633,856 ----a-w C:\Windows\System32\user32.dll
2007-11-15 11:44 61,440 ----a-w C:\Windows\System32\ntprint.exe
2007-11-15 11:44 5,120 ----a-w C:\Windows\System32\wmi.dll
2007-11-15 11:44 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2007-11-15 11:44 269,824 ----a-w C:\Windows\System32\schannel.dll
2007-11-15 11:44 220,160 ----a-w C:\Windows\System32\ntprint.dll
2007-11-15 11:44 152,576 ----a-w C:\Windows\System32\imagehlp.dll
2007-11-15 11:44 123,904 ----a-w C:\Windows\System32\msvfw32.dll
.
((((((((((((((((((((((((((((( snapshot@2007-11-16_19.49.32.13 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-16 17:48:06 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2007-11-17 15:49:23 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2007-11-17 15:38:03 32,768 ----a-r C:\Windows\Installer\{C523D256-313D-4866-B36A-F3DE528246EF}\icon.exe
- 2007-11-16 16:24:59 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2007-11-16 23:58:47 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2007-11-16 17:48:21 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2007-11-17 15:50:13 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2007-11-17 15:50:13 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2007-11-16 16:25:06 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2007-11-16 23:58:47 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2007-11-16 17:48:21 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2007-11-17 15:50:08 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2007-11-17 15:50:08 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2007-11-16 17:48:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-11-17 17:17:17 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-11-16 17:48:45 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-17 17:17:17 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-11-16 17:48:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-11-17 17:17:17 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-11-16 17:42:29 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2007-11-17 17:38:54 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2007-11-17 17:38:54 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
- 2007-05-08 13:03:04 1,275,392 ----a-w C:\Windows\System32\msxml4.dll
+ 2007-08-24 16:08:24 1,275,392 ----a-w C:\Windows\System32\msxml4.dll
- 2007-11-16 16:27:00 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2007-11-17 15:48:31 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2007-11-16 17:32:25 4,086 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2509490407-2211767027-993328738-1000_UserData.bin
+ 2007-11-17 15:51:20 4,784 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2509490407-2211767027-993328738-1000_UserData.bin
- 2007-11-16 17:32:25 45,486 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-11-17 15:51:20 46,562 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2007-11-16 17:03:53 23,622 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-11-17 15:51:19 26,522 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-11-17 15:38:11 292,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.16398_none_d9bda6d65a2ae248\psisdecd.dll
+ 2007-11-17 15:38:11 292,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.20493_none_da42422f734d035f\psisdecd.dll
+ 2007-11-17 15:38:05 1,275,392 ----a-w C:\Windows\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_b7e911727b2899b7\msxml4.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-15 13:52]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 18:20]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 05:28]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 05:28]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 21:21]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10]
"dcb2ceb7"="C:\Windows\system32\yptpdrlq.dll" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 14:35]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
"µTorrent"="C:\Program Files\uTorrent\utorrent.exe" [2007-11-15 17:27]
"uTorrent"="C:\Program Files\uTorrent\utorrent.exe" [2007-11-15 17:27]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2006-11-10 16:53]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
C:\Program Files\Uniblue\SpeedUpMyPC 3\StartSUMP2.exe
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
R3 nvlddmkm;nvlddmkm;C:\Windows\system32\DRIVERS\nvlddmkm.sys
R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 19:40:52
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-17 19:41:43
C:\ComboFix2.txt ... 2007-11-17 17:26
.
--- E O F ---
C:\windows\System32\dbfcnirp.dll
C:\windows\System32\vosgthii.dll
Beginning removal...
VundoFix V6.6.2
Checking Java version...
Sun Java not detected
Scan started at 19:43:13 17.11.2007
Listing files found while scanning....
No infected files were found.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:51:14, on 17.11.2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telkku.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [dcb2ceb7] rundll32.exe "C:\Windows\system32\yptpdrlq.dll",b
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
--
End of file - 6801 bytes
Herjaa käynnistäessä tämmöstä: Virhe ladattaessa: C:\windows\system32\yptpdrlq.dll
Määritettyä osaa ei löydy.
CM 690 II Advanced, i5 2500K, MSI P67A-C43, Scythe Mugen-2 Revision B, XFX Pro550 80+ pronze, CORSAIR DDR3-1600 2*2G CL9 VENGEANCE, Asus r9 290x directCU II ,Samsung 830 SSD 128Gb+ 4.5 teraa, Win 7.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 17. marraskuuta 2007 @ 20:43
|
|
tomato71
Suspended due to non-functional email address
|
17. marraskuuta 2007 @ 21:02 |
Linkki tähän viestiin
|
ei nyt meinaa irtoa :(
Tee uusi hjt-scannaus Do a System scan only
Sulje kaikki muut ikkunat ja selaimen.Merkkaa nämä rivit ja paina Fix checked
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [dcb2ceb7] rundll32.exe "C:\Windows\system32\yptpdrlq.dll",b
Tupla-klikkaa VundoFix.exe ajaaksesi sen.
Klikkaa Scan for Vundo valintaa.
Kun skannaus on valmis, oikea-klikkaa kyseisen listaboksin sisällä (valkoinen laatikko jossa on löydetyt tiedostot listattu) ja valitse Add more files
Kopioi ja liitä seuraavat 2 riviä kahteen ylimmäiseen boksiin
C:\Windows\system32\yptpdrlq.dll
C:\WINDOWS\system32\qlrdptpy.*
Klikkaa Add Files ja sitten klikkaa Close Window.
Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
Sinulta kysytään haluatko poistaa filut - klikkaa YES.
Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
Postita C:\ vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.
Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.
* Lataa Dr.Web Cureit työpöydällesi: Dr.Web
*Tupla klikkaa drweb-cureit.exe ja anna ohjelman tehdä *muistin- /koneen pikatarkistus.
(tämä on vain lyhyt tarkistus)
*Kun tarkistus on valmis, pistä ruksi kohtaan *Complete scan*.
*Klikkaa vihreää nuolta Dr.Web:in logon alta ,jotta tarkistus käynnistyy.
*Kun tarkistus on loppu. Paina *select all*-nappia. Sen jälkeen paina *move*-nappia.
*Kohteet siirtyvät karanteeniin seuraavaan %userprofile%\DoctorWeb\quarantine-hakemistoon.
*Avaa Dr.Webin työkalurivistä *file* ja paina *Save report list*
*Tallenna raportti työpöydälle.Tallenna se nimellä *DrWeb*.
*Sulje Dr.web.
* Käynnistä kone uudelleen!!Jotta valitut tiedostot poistetaan/siirretään käynnistyksen yhteydessä, karanteeniin.
*Kun olet uudelleen käynnistänyt tietokoneesesi, liitä Dr.Web-lokin, sisältö seuraavaan vastaukseesi.
Lähetä vundon-loki ja DrWeb-loki ja uusi hjt-loki
www.virustorjunta.net
|
Senior Member
|
17. marraskuuta 2007 @ 23:05 |
Linkki tähän viestiin
|
C:\windows\System32\dbfcnirp.dll
C:\windows\System32\vosgthii.dll
Beginning removal...
VundoFix V6.6.2
Checking Java version...
Sun Java not detected
Scan started at 19:43:13 17.11.2007
Listing files found while scanning....
No infected files were found.
VundoFix V6.6.2
Checking Java version...
Sun Java not detected
Scan started at 21:19:49 17.11.2007
Listing files found while scanning....
No infected files were found.
Beginning removal...
VundoFix V6.6.2
Checking Java version...
Sun Java not detected
Scan started at 22:58:01 17.11.2007
Listing files found while scanning....
hyidimeo.exe.vir;C:\qoobox\Quarantine\C\Windows\System32;Trojan.EzulaAd;Deleted.;
nnnkjhh.dll.vir;C:\qoobox\Quarantine\C\Windows\System32;Trojan.Virtumod.211;Deleted.;
07 - Irwin Goodman - Terveisiä Perseestä.mp3;E:\Irwin Goodman\1984 - Härmäläinen Perusjuntti;Modification of Trojan.Nadoel;Moved.;
patch.exe;G:\Ohjelmat\Mobiilipaketti\Mobile.Music.Polyphonic.v1.3-HERiTAGE;Tool.ASEye.2;Moved.;
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:05:00, on 17.11.2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\SpaDe\Desktop\VundoFix.exe
C:\Program Files\Digital TV\Digital TV Stick\dvbapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telkku.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
--
End of file - 6306 bytes
CM 690 II Advanced, i5 2500K, MSI P67A-C43, Scythe Mugen-2 Revision B, XFX Pro550 80+ pronze, CORSAIR DDR3-1600 2*2G CL9 VENGEANCE, Asus r9 290x directCU II ,Samsung 830 SSD 128Gb+ 4.5 teraa, Win 7.
|
|
tomato71
Suspended due to non-functional email address
|
17. marraskuuta 2007 @ 23:19 |
Linkki tähän viestiin
|
|
moi
sitkeetä touhua :D
aja combofix uudestaan ja lähetä loki
www.virustorjunta.net
|
Senior Member
|
18. marraskuuta 2007 @ 08:34 |
Linkki tähän viestiin
|
|
Combofix valittaa että on vanhentunut, latasin uuden mut sama juttu.
CM 690 II Advanced, i5 2500K, MSI P67A-C43, Scythe Mugen-2 Revision B, XFX Pro550 80+ pronze, CORSAIR DDR3-1600 2*2G CL9 VENGEANCE, Asus r9 290x directCU II ,Samsung 830 SSD 128Gb+ 4.5 teraa, Win 7.
|
|
tomato71
Suspended due to non-functional email address
|
18. marraskuuta 2007 @ 10:29 |
Linkki tähän viestiin
|
kokeile tämä
Lataa Deckard's System Scanner Työpöydällesi.
Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman.
Sulje kaikki avoimet ikkunat ja ohjelmat.
[*]Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita.
[*]Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt
[*]Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V )
[*]kopioi ja liitä Extra.txt & Main.txt sisältö seuraavaan vastaukseesi. [/list]
www.virustorjunta.net
|
Senior Member
|
18. marraskuuta 2007 @ 11:53 |
Linkki tähän viestiin
|
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft® Windows Vista? Home Premium (build 6000)
Architecture: X86; Language: Other (040B) - see http://preview.tinyurl.com/mhhp6
CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+
Percentage of Memory in Use: 30%
Physical Memory (total/avail): 3070.88 MiB / 2122.57 MiB
Pagefile Memory (total/avail): 3207.64 MiB / 2246.68 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1914.8 MiB
C: is Fixed (NTFS) - 48.83 GiB total, 20.48 GiB free.
D: is Fixed (NTFS) - 195.31 GiB total, 24.88 GiB free.
E: is Fixed (NTFS) - 200.2 GiB total, 29.96 GiB free.
F: is Fixed (NTFS) - 195.31 GiB total, 195.21 GiB free.
G: is Fixed (NTFS) - 75.13 GiB total, 65.22 GiB free.
H: is CDROM (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)
L: is Removable (No Media)
M: is Removable (No Media)
N: is Fixed (NTFS) - 205.02 GiB total, 121.12 GiB free.
O: is CDROM (UDF)
\\.\PHYSICALDRIVE0 - WDC WD5000AAKS-07TMA0 ATA Device - 465.76 GiB - 4 partitions
\PARTITION0 - Unknown - 11.72 GiB
\PARTITION1 (bootable) - Installable File System - 48.83 GiB - C:
\PARTITION2 - Installable File System - 200.2 GiB - E:
\PARTITION3 - Extended w/Extended Int 13 - 205.02 GiB - N:
\\.\PHYSICALDRIVE1 - WDC WD5000AAKS-07TMA0 ATA Device - 465.76 GiB - 3 partitions
\PARTITION0 - Installable File System - 195.31 GiB - D:
\PARTITION1 - Installable File System - 195.31 GiB - F:
\PARTITION2 - Installable File System - 75.13 GiB - G:
\\.\PHYSICALDRIVE2 - Generic 2.0 Reader -0 USB Device
\\.\PHYSICALDRIVE3 - Generic 2.0 Reader -1 USB Device
\\.\PHYSICALDRIVE4 - Generic 2.0 Reader -2 USB Device
\\.\PHYSICALDRIVE5 - Generic 2.0 Reader -3 USB Device
\\.\PHYSICALDRIVE6 - Generic 2.0 Reader -4 USB Device
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
AV: avast! antivirus 4.7.1074 [VPS 071117-0] v4.7.1074 (ALWIL Software)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\SpaDe\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SPADE-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\SpaDe
LOCALAPPDATA=C:\Users\SpaDe\AppData\Local
LOGONSERVER=\\SPADE-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Nero\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 67 Stepping 3, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4303
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\SpaDe\AppData\Local\Temp
TMP=C:\Users\SpaDe\AppData\Local\Temp
USERDOMAIN=SpaDe-PC
USERNAME=SpaDe
USERPROFILE=C:\Users\SpaDe
windir=C:\Windows
-- User Profiles ---------------------------------------------------------------
SpaDe (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
µTorrent --> "C:\Program Files\uTorrent\uninstall.exe"
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
CloneCD --> "C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
CloneDVD2 --> "C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
ConvertXtoDVD 2.2.3.258 --> "C:\Program Files\VSO\ConvertXtoDVD\unins000.exe"
Digital TV Stick --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6F30A12A-3E37-43F4-82DC-89628D347E2B}\setup.exe" -l0x9 -removeonly
ffdshow [rev 610] [2006-12-01] --> "C:\Program Files\ffdshow\unins000.exe"
GTA San Andreas --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Microsoft Office Access MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-0015-040B-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-0016-040B-0000-0000000FF1CE}
Microsoft Office Groove MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-00BA-040B-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-0044-040B-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-00A1-040B-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-001A-040B-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-0018-040B-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (Finnish) 2007 --> MsiExec.exe /X{90120000-001F-040B-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Swedish) 2007 --> MsiExec.exe /X{90120000-001F-041D-0000-0000000FF1CE}
Microsoft Office Proofing (Finnish) 2007 --> MsiExec.exe /X{90120000-002C-040B-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-0019-040B-0000-0000000FF1CE}
Microsoft Office Shared MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-006E-040B-0000-0000000FF1CE}
Microsoft Office Word MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-001B-040B-0000-0000000FF1CE}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Music NFO Builder 1.17 --> "C:\Program Files\Music NFO Builder\unins000.exe"
Nero 8 --> MsiExec.exe /X{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1035}
Nokia Connectivity Cable Driver --> MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7}
Nokia PC Suite --> C:\ProgramData\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Nokia_PC_Suite_6_84_10_3_fin_web[1].exe
Nokia PC Suite --> MsiExec.exe /I{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
PC Connectivity Solution --> MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF}
Security Update for Excel 2007 (KB936509) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB936514) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}
Security Update for Publisher 2007 (KB936646) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A32E4BAF-6477-45FA-B8AB-E743FA8D63FF}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
SimpleDivX --> "C:\Program Files\SimpleDivX\unins000.exe"
Spyware Doctor 4.0 --> "C:\Program Files\Spyware Doctor\unins000.exe"
Subtitle Workshop 2.51 --> "C:\Program Files\URUSoft\Subtitle Workshop\uninstall.exe"
Uniblue PowerSuite --> "C:\Program Files\Uniblue\unins000.exe"
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB934393) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
Update for Outlook 2007 (KB937608) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CBB2454D-193F-4523-8A31-FEB343B7C30E}
Update for Outlook 2007 Junk Email Filter (kb943559) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {2BE2B020-CE6A-4AD1-8291-2B881CF923B6}
Update for Word 2007 (KB934173) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live installer --> MsiExec.exe /X{5C29C5F5-A9C9-4E89-A606-13E165E7C55F}
Windows Live Messenger --> MsiExec.exe /X{A9174A72-1B46-445B-B3CF-90ED2C63D83B}
Windows Liven kirjautumisavustaja --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windowsin ohjainpaketti - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\pccswpddriver.inf_a419b392\pccswpddriver.inf
Windowsin ohjainpaketti - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\pccs_bluetooth.inf_48f6f624\pccs_bluetooth.inf
Windowsin ohjainpaketti - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\pccs_bluetooth.inf_51d2d3e1\pccs_bluetooth.inf
Windowsin ohjainpaketti - Nokia Modem (05/24/2007 6.84.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_e5643fdd\nokbtmdm.inf
Windowsin ohjainpaketti - Nokia Modem (08/03/2007 6.84.0.2) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_7837a5db\nokbtmdm.inf
Windowsin ohjainpaketti - Nokia Modem (08/08/2007 3.3) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\pccs_bluetooth.inf_a81bde77\pccs_bluetooth.inf
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
-- Application Event Log -------------------------------------------------------
Event Record #/Type1151 / Error
Event Submitted/Written: 11/18/2007 10:12:42 AM
Event ID/Source: 8194 / VSS
Event Description:
Aseman tilannevedospalvelun virhe: Odottamaton virhe kyseltäessä IVssWriterCallback-liittymää. hr = 0x80070005.
Syynä ovat usein joko kirjoittaja- tai pyytäjäprosessin virheelliset suojausasetukset.
Toiminto:
Kerätään kirjoitustoiminnon tietoja
Sijainti:
Kirjoitustoiminnon luokkatunnus: {e8132975-6f93-4464-a53e-1050253ae220}
Kirjoitustoiminnon nimi: System Writer
Kirjoitustoiminnon esiintymän tunnus: {a0ba38cd-d47b-4e22-9567-d1344cdd3144}
Event Record #/Type1131 / Success
Event Submitted/Written: 11/18/2007 08:38:57 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type1127 / Success
Event Submitted/Written: 11/18/2007 08:38:38 AM
Event ID/Source: 5617 / WinMgmt
Event Description:
Event Record #/Type1126 / Success
Event Submitted/Written: 11/18/2007 08:38:37 AM
Event ID/Source: 5615 / WinMgmt
Event Description:
Event Record #/Type1124 / Success
Event Submitted/Written: 11/18/2007 08:38:28 AM
Event ID/Source: 902 / Software Licensing Service
Event Description:
Ohjelmistojen käyttöoikeuspalvelu käynnistyi.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type9759 / Warning
Event Submitted/Written: 11/18/2007 11:46:59 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%SpaDe-PC27 reaaliaikainen suojausagentti havaitsi muutoksia. Microsoft suosittelee, että analysoit muutokset tehneen ohjelman mahdollisten riskien varalta. Ohjelmien toimintaa koskevien tietojen avulla voit valita, haluatko sallia niiden suorittamisen vai poistaa ne tietokoneesta. Salli muutokset vain, jos luotat ohjelmaan tai ohjelmiston julkaisijaan. %SpaDe-PC27 ei voi kumota sallimiasi muutoksia.
Lisätietoja:
%SpaDe-PC275
Tarkistustunnus: {2507AC13-05A2-4175-82ED-E16169ABA339}
Käyttäjä: SpaDe-PC\SpaDe
Nimi: %SpaDe-PC271
Tunnus: %SpaDe-PC272
Vakavuustunnus: %SpaDe-PC273
Luokan tunnus: %SpaDe-PC274
Löytynyt polku: %SpaDe-PC276
Hälytystyyppi: %SpaDe-PC278
Havaitsemistyyppi: 1.1.1505.02
Event Record #/Type9758 / Warning
Event Submitted/Written: 11/18/2007 11:46:59 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%SpaDe-PC27 reaaliaikainen suojausagentti havaitsi muutoksia. Microsoft suosittelee, että analysoit muutokset tehneen ohjelman mahdollisten riskien varalta. Ohjelmien toimintaa koskevien tietojen avulla voit valita, haluatko sallia niiden suorittamisen vai poistaa ne tietokoneesta. Salli muutokset vain, jos luotat ohjelmaan tai ohjelmiston julkaisijaan. %SpaDe-PC27 ei voi kumota sallimiasi muutoksia.
Lisätietoja:
%SpaDe-PC275
Tarkistustunnus: {5709715B-EFFC-451F-B886-19BEF0F5FB1E}
Käyttäjä: SpaDe-PC\SpaDe
Nimi: %SpaDe-PC271
Tunnus: %SpaDe-PC272
Vakavuustunnus: %SpaDe-PC273
Luokan tunnus: %SpaDe-PC274
Löytynyt polku: %SpaDe-PC276
Hälytystyyppi: %SpaDe-PC278
Havaitsemistyyppi: 1.1.1505.02
Event Record #/Type9757 / Warning
Event Submitted/Written: 11/18/2007 11:46:59 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%SpaDe-PC27 reaaliaikainen suojausagentti havaitsi muutoksia. Microsoft suosittelee, että analysoit muutokset tehneen ohjelman mahdollisten riskien varalta. Ohjelmien toimintaa koskevien tietojen avulla voit valita, haluatko sallia niiden suorittamisen vai poistaa ne tietokoneesta. Salli muutokset vain, jos luotat ohjelmaan tai ohjelmiston julkaisijaan. %SpaDe-PC27 ei voi kumota sallimiasi muutoksia.
Lisätietoja:
%SpaDe-PC275
Tarkistustunnus: {929B71B9-B2A6-4792-9867-ACB83BFBE319}
Käyttäjä: SpaDe-PC\SpaDe
Nimi: %SpaDe-PC271
Tunnus: %SpaDe-PC272
Vakavuustunnus: %SpaDe-PC273
Luokan tunnus: %SpaDe-PC274
Löytynyt polku: %SpaDe-PC276
Hälytystyyppi: %SpaDe-PC278
Havaitsemistyyppi: 1.1.1505.02
Event Record #/Type9756 / Warning
Event Submitted/Written: 11/18/2007 11:46:56 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%SpaDe-PC27 reaaliaikainen suojausagentti havaitsi muutoksia. Microsoft suosittelee, että analysoit muutokset tehneen ohjelman mahdollisten riskien varalta. Ohjelmien toimintaa koskevien tietojen avulla voit valita, haluatko sallia niiden suorittamisen vai poistaa ne tietokoneesta. Salli muutokset vain, jos luotat ohjelmaan tai ohjelmiston julkaisijaan. %SpaDe-PC27 ei voi kumota sallimiasi muutoksia.
Lisätietoja:
%SpaDe-PC275
Tarkistustunnus: {FF4C1F2A-ACA4-4CB4-A170-0C83ABDB7C32}
Käyttäjä: SpaDe-PC\SpaDe
Nimi: %SpaDe-PC271
Tunnus: %SpaDe-PC272
Vakavuustunnus: %SpaDe-PC273
Luokan tunnus: %SpaDe-PC274
Löytynyt polku: %SpaDe-PC276
Hälytystyyppi: %SpaDe-PC278
Havaitsemistyyppi: 1.1.1505.02
Event Record #/Type9755 / Warning
Event Submitted/Written: 11/18/2007 11:46:56 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%SpaDe-PC27 reaaliaikainen suojausagentti havaitsi muutoksia. Microsoft suosittelee, että analysoit muutokset tehneen ohjelman mahdollisten riskien varalta. Ohjelmien toimintaa koskevien tietojen avulla voit valita, haluatko sallia niiden suorittamisen vai poistaa ne tietokoneesta. Salli muutokset vain, jos luotat ohjelmaan tai ohjelmiston julkaisijaan. %SpaDe-PC27 ei voi kumota sallimiasi muutoksia.
Lisätietoja:
%SpaDe-PC275
Tarkistustunnus: {5A4952EA-53B3-44A2-AA57-C3F883BA6C9F}
Käyttäjä: SpaDe-PC\SpaDe
Nimi: %SpaDe-PC271
Tunnus: %SpaDe-PC272
Vakavuustunnus: %SpaDe-PC273
Luokan tunnus: %SpaDe-PC274
Löytynyt polku: %SpaDe-PC276
Hälytystyyppi: %SpaDe-PC278
Havaitsemistyyppi: 1.1.1505.02
-- End of Deckard's System Scanner: finished at 2007-11-18 11:47:41 ------------
-- First Restore Point --
1: 2007-11-17 17:38:18 UTC - RP43 - ComboFix created restore point
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as SpaDe.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:41, on 18.11.2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Users\SpaDe\Desktop\dss.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\SpaDe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telkku.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
--
End of file - 6326 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20071117-211614-532 O4 - HKLM\..\Run: [dcb2ceb7] rundll32.exe "C:\Windows\system32\yptpdrlq.dll",b
backup-20071117-211614-693 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
-- File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R3 StickCap (Digital TV DVB-T USB Stick adapter service) - c:\windows\system32\drivers\stickcap.sys <Not Verified; DiBcom SA; DVB-T USB2.0 adapter>
S3 stickload (Digital TV stick firmware loader service) - c:\windows\system32\drivers\stickload.sys <Not Verified; DiBcom S.A; DVB-T USB2.0 adapter>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>
S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
S3 VundoFixSvc (VundoFix Service) - vundofixsvc.exe <Not Verified; Atribune.org; Vundofix Service>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID:
Description: Camera
Device ID: USB\VID_046D&PID_08F0&MI_00\6&64E41E5&0&0000
Manufacturer:
Name: Camera
PNP Device ID: USB\VID_046D&PID_08F0&MI_00\6&64E41E5&0&0000
Service:
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Nokia N73
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia N73
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
-- Files created between 2007-10-18 and 2007-11-18 -----------------------------
2007-11-18 10:12:42 0 d-------- C:\Program Files\Rockstar Games
2007-11-17 21:35:42 0 d-------- C:\Users\SpaDe\DoctorWeb
2007-11-17 20:22:11 11880 --a------ C:\Windows\ultima_prog2.bin
2007-11-17 20:11:44 30208 --a------ C:\Windows\system32\drivers\isdrvinf.exe
2007-11-17 20:11:40 0 d-------- C:\Program Files\Digital TV
2007-11-17 20:11:39 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-17 20:10:41 15744 --a------ C:\Windows\system32\drivers\stickcap.sys <Not Verified; DiBcom SA; DVB-T USB2.0 adapter>
2007-11-17 20:10:40 17024 --a------ C:\Windows\system32\drivers\stickload.sys <Not Verified; DiBcom S.A; DVB-T USB2.0 adapter>
2007-11-17 20:10:27 0 d-------- C:\Program Files\Common Files\InstallShield
2007-11-17 16:05:27 0 d-------- C:\Program Files\SimpleDivX
2007-11-16 22:26:51 180224 --a------ C:\Windows\system32\xvidvfw.dll
2007-11-16 22:26:51 765952 --a------ C:\Windows\system32\xvidcore.dll
2007-11-16 22:26:51 0 d-------- C:\Program Files\Xvid
2007-11-16 19:34:41 0 d-------- C:\Program Files\Trend Micro
2007-11-16 19:28:34 24576 --a------ C:\Windows\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2007-11-16 18:26:17 0 d-------- C:\Windows\pss
2007-11-16 14:46:53 0 d-------- C:\Program Files\Gabest
2007-11-16 14:41:31 0 d-------- C:\Program Files\MSXML 4.0
2007-11-16 13:14:00 0 d-------- C:\Users\All Users\PC Suite
2007-11-16 11:55:48 0 d-------- C:\Program Files\Common Files\PCSuite
2007-11-16 11:55:45 0 d-------- C:\Program Files\Common Files\Nokia
2007-11-16 11:55:18 0 d-------- C:\Program Files\DIFX
2007-11-16 11:53:37 0 d-------- C:\Program Files\PC Connectivity Solution
2007-11-16 11:51:36 0 d-------- C:\Program Files\Nokia
2007-11-16 11:50:55 0 d-------- C:\Users\All Users\Installations
2007-11-16 10:39:31 0 d-------- C:\Program Files\URUSoft
2007-11-16 10:24:05 217127 --a------ C:\Windows\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2007-11-16 10:24:05 208935 --a------ C:\Windows\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2007-11-16 10:24:05 176165 --a------ C:\Windows\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2007-11-16 10:24:01 0 d-------- C:\Program Files\VSO
2007-11-15 22:56:48 0 d-------- C:\Windows\system32\OEM
2007-11-15 22:56:48 0 d-------- C:\Windows\PANTHER
2007-11-15 22:56:10 459304 --a------ C:\Windows\system32\perfh00B.dat
2007-11-15 22:56:10 83690 --a------ C:\Windows\system32\perfc00B.dat
2007-11-15 22:55:41 0 d-------- C:\Windows\system32\fi
2007-11-15 22:55:41 0 d-------- C:\Windows\system32\drivers\fi-FI
2007-11-15 22:55:41 0 d-------- C:\Windows\fi-FI
2007-11-15 20:47:24 0 d-------- C:\Program Files\Music NFO Builder
2007-11-15 19:32:08 0 d-------- C:\Program Files\Spyware Doctor
2007-11-15 19:28:49 0 d-------- C:\Program Files\Elaborate Bytes
2007-11-15 19:27:05 0 d-------- C:\Program Files\SlySoft
2007-11-15 19:22:13 0 d-------- C:\Program Files\Alcohol Soft
2007-11-15 18:52:47 0 d-------- C:\Program Files\Uniblue
2007-11-15 18:41:29 5120 --a------ C:\Windows\system32\ff_vfw.dll
2007-11-15 18:28:03 0 d-------- C:\Program Files\AC3Filter
2007-11-15 18:25:15 0 d-------- C:\Program Files\ffdshow
2007-11-15 18:04:57 0 d-------- C:\Users\All Users\Nero
2007-11-15 18:04:57 0 d-------- C:\Program Files\Nero
2007-11-15 18:04:57 0 d-------- C:\Program Files\Common Files\Nero
2007-11-15 16:10:17 0 d-------- C:\Windows\system32\Macromed
2007-11-15 15:27:35 0 d-------- C:\Program Files\Microsoft.NET
2007-11-15 15:25:37 0 d-------- C:\Users\All Users\Microsoft Help
2007-11-15 15:14:57 0 d-------- C:\Program Files\DAEMON Tools
2007-11-15 15:04:26 685816 --a------ C:\Windows\system32\drivers\sptd.sys
2007-11-15 15:01:37 0 d-------- C:\Program Files\Musclesoft
2007-11-15 14:23:17 0 d-------- C:\Program Files\uTorrent
2007-11-15 14:04:59 0 d-------- C:\Users\All Users\NVIDIA
2007-11-15 13:51:52 0 d-------- C:\Program Files\Winamp
2007-11-15 13:48:50 0 d-------- C:\Program Files\Alwil Software
2007-11-15 13:39:53 0 d-------- C:\Windows\PCHEALTH
2007-11-15 13:33:55 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-15 13:33:42 0 d-------- C:\Program Files\Windows Live
2007-11-15 13:33:19 0 d--hs---- C:\Windows\Installer
2007-11-15 13:33:16 0 d-------- C:\Users\All Users\WLInstaller
2007-11-15 13:27:37 0 dr------- C:\Users\SpaDe\Searches
2007-11-15 13:27:27 0 dr------- C:\Users\SpaDe\Contacts
2007-11-15 13:27:23 0 d--hs---- C:\Users\SpaDe\Verkkoympäristö
2007-11-15 13:27:23 0 d--hs---- C:\Users\SpaDe\Tulostinympäristö
2007-11-15 13:27:23 0 d--hs---- C:\Users\SpaDe\SendTo
2007-11-15 13:27:23 0 d--hs---- C:\Users\SpaDe\Recent
2007-11-15 13:27:23 0 d--hs---- C:\Users\SpaDe\Omat tiedostot
2007-11-15 13:27:23 0 d--hs---- C:\Users\SpaDe\Mallit
2007-11-15 13:27:23 0 d--hs---- C:\Users\SpaDe\Local Settings
2007-11-15 13:27:23 0 d--hs---- C:\Users\SpaDe\Käynnistä-valikko
2007-11-15 13:27:23 0 d--hs---- C:\Users\SpaDe\Cookies
2007-11-15 13:27:23 0 d--hs---- C:\Users\SpaDe\Application Data
2007-11-15 13:27:22 0 dr------- C:\Users\SpaDe\Videos
2007-11-15 13:27:22 0 dr------- C:\Users\SpaDe\Saved Games
2007-11-15 13:27:22 0 dr------- C:\Users\SpaDe\Pictures
2007-11-15 13:27:22 1835008 --ahs---- C:\Users\SpaDe\NTUSER.DAT
2007-11-15 13:27:22 0 dr------- C:\Users\SpaDe\Music
2007-11-15 13:27:22 0 dr------- C:\Users\SpaDe\Links
2007-11-15 13:27:22 0 dr------- C:\Users\SpaDe\Favorites
2007-11-15 13:27:22 0 dr------- C:\Users\SpaDe\Downloads
2007-11-15 13:27:22 0 dr------- C:\Users\SpaDe\Documents
2007-11-15 13:27:22 0 dr------- C:\Users\SpaDe\Desktop
2007-11-15 13:27:22 0 d--h----- C:\Users\SpaDe\AppData
2007-11-15 13:22:01 0 d--hs---- C:\Users\Default\Verkkoympäristö
2007-11-15 13:22:01 0 d--hs---- C:\Users\Default\Tulostinympäristö
2007-11-15 13:22:01 0 d--hs---- C:\Users\Default\Omat tiedostot
2007-11-15 13:22:01 0 d--hs---- C:\Users\Default\Mallit
2007-11-15 13:22:01 0 d--hs---- C:\Users\Default\Käynnistä-valikko
2007-11-15 13:22:01 0 d--hs---- C:\Users\All Users\Työpöytä
2007-11-15 13:22:01 0 d--hs---- C:\Users\All Users\Tiedostot
2007-11-15 13:22:01 0 d--hs---- C:\Users\All Users\Suosikit
2007-11-15 13:22:01 0 d--hs---- C:\Users\All Users\Mallit
2007-11-15 13:22:01 0 d--hs---- C:\Users\All Users\Käynnistä-valikko
2007-11-15 13:11:04 0 d--h----- C:\Users\All Users\CanonBJ
2007-11-15 13:02:31 0 d-------- C:\Windows\SoftwareDistribution
2007-11-15 13:00:56 0 d-------- C:\Windows\Debug
2007-11-15 12:58:23 0 d-------- C:\Windows\Prefetch
2007-11-06 10:24:59 0 d-------- C:\GTR2
2007-11-04 17:58:58 0 -rahs---- C:\MSDOS.SYS
2007-11-04 17:58:58 0 -rahs---- C:\IO.SYS
2007-11-02 07:32:08 0 dr-h----- C:\MSOCache
2007-11-01 13:08:21 0 d--h----- C:\BJPrinter
2007-11-01 13:06:25 0 d--h----- C:\CanonMP
2007-11-01 04:23:30 0 d--hs---- C:\Boot
2007-10-31 18:24:18 0 d--hs---- C:\System Volume Information
-- Find3M Report ---------------------------------------------------------------
2007-11-18 11:47:12 0 d-------- C:\Users\SpaDe\AppData\Roaming\uTorrent
2007-11-17 20:10:27 0 d-------- C:\Program Files\Common Files
2007-11-16 13:15:27 0 d-------- C:\Users\SpaDe\AppData\Roaming\Nokia
2007-11-16 13:14:13 0 d-------- C:\Users\SpaDe\AppData\Roaming\PC Suite
2007-11-16 13:04:11 0 d-------- C:\Users\SpaDe\AppData\Roaming\Vso
2007-11-16 10:24:37 34 --a------ C:\Users\SpaDe\AppData\Roaming\pcouffin.log
2007-11-16 10:24:09 7887 --a------ C:\Users\SpaDe\AppData\Roaming\pcouffin.cat
2007-11-15 22:55:42 0 d-------- C:\Program Files\Windows Sidebar
2007-11-15 22:55:42 0 d-------- C:\Program Files\Windows Photo Gallery
2007-11-15 22:55:42 0 d-------- C:\Program Files\Windows Journal
2007-11-15 22:55:42 0 d-------- C:\Program Files\Windows Collaboration
2007-11-15 22:55:42 0 d-------- C:\Program Files\Movie Maker
2007-11-15 19:32:08 0 d-------- C:\Users\SpaDe\AppData\Roaming\PC Tools
2007-11-15 19:01:00 0 d-------- C:\Users\SpaDe\AppData\Roaming\Uniblue
2007-11-15 18:20:30 0 d-------- C:\Users\SpaDe\AppData\Roaming\Media Player Classic
2007-11-15 18:11:31 0 d-------- C:\Users\SpaDe\AppData\Roaming\Nero
2007-11-15 16:10:18 0 d-------- C:\Users\SpaDe\AppData\Roaming\Macromedia
2007-11-15 15:15:32 0 d-------- C:\Users\SpaDe\AppData\Roaming\WinRAR
2007-11-15 14:03:16 174 --ahs---- C:\Program Files\desktop.ini
2007-11-15 14:00:02 0 d-------- C:\Program Files\Windows Calendar
2007-11-15 14:00:00 0 d-------- C:\Program Files\Windows Mail
2007-11-15 13:59:59 0 d-------- C:\Program Files\Windows Defender
2007-11-15 13:54:38 0 d-------- C:\Users\SpaDe\AppData\Roaming\Winamp
2007-11-15 13:27:28 0 d-------- C:\Users\SpaDe\AppData\Roaming\Identities
2007-11-15 13:22:01 0 d-------- C:\Program Files\Windows NT
2007-08-24 18:08:24 1275392 --a------ C:\Windows\system32\msxml4.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP 2>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [15.11.2007 13:52]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [25.10.2007 18:20]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [12.09.2007 05:28]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [12.09.2007 05:28]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [02.11.2006 14:35]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18.10.2007 11:34]
"µTorrent"="C:\Program Files\uTorrent\utorrent.exe" [15.11.2007 17:27]
"uTorrent"="C:\Program Files\uTorrent\utorrent.exe" [15.11.2007 17:27]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02.11.2006 14:35]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital TV Stick.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital TV Stick.lnk
backup=C:\Windows\pss\Digital TV Stick.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
"C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
C:\Program Files\Uniblue\SpeedUpMyPC 3\StartSUMP2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7443ab5b-937b-11dc-a88c-001bb9aba856}]
AutoRun\command- O:\Install.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
-- End of Deckard's System Scanner: finished at 2007-11-18 11:47:41 ------------
CM 690 II Advanced, i5 2500K, MSI P67A-C43, Scythe Mugen-2 Revision B, XFX Pro550 80+ pronze, CORSAIR DDR3-1600 2*2G CL9 VENGEANCE, Asus r9 290x directCU II ,Samsung 830 SSD 128Gb+ 4.5 teraa, Win 7.
|
|
tomato71
Suspended due to non-functional email address
|
18. marraskuuta 2007 @ 14:19 |
Linkki tähän viestiin
|
|
alkais olla puhdasta :D
onko vielä ongelmia?
www.virustorjunta.net
|
Senior Member
|
18. marraskuuta 2007 @ 14:37 |
Linkki tähän viestiin
|
|
Ei vähään aikaan, kiitos todella paljon, oikeesti;)
CM 690 II Advanced, i5 2500K, MSI P67A-C43, Scythe Mugen-2 Revision B, XFX Pro550 80+ pronze, CORSAIR DDR3-1600 2*2G CL9 VENGEANCE, Asus r9 290x directCU II ,Samsung 830 SSD 128Gb+ 4.5 teraa, Win 7.
|
|
tomato71
Suspended due to non-functional email address
|
18. marraskuuta 2007 @ 15:31 |
Linkki tähän viestiin
|
jos jaksat niin kasperskyn-skanneri olisi hyvä vielä ajattaa
Skannaa koneesi Kaspersky Online Skannerilla
Käytä Internet Explorer
Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.[list]
[*] Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
[*] Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
[*] Klikkaa nyt asetuksia, Scan Settings
[*] Tarkista asetuksista, että seuraavat ovat valittuina:
o Scan using the following Anti-Virus database:
+ Extended (Jos valittavissa, muuten valitse Standard)
o Scan Options:
+ Scan Archives
+ Scan Mail Bases
[*] Klikkaa OK
[*] Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
[*] Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
[*] Klikkaa nyt Save as Text-painiketta.
[*] Tallenna tiedosto työpöydällesi.
[*] Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi.
www.virustorjunta.net
|
Senior Member
|
18. marraskuuta 2007 @ 19:08 |
Linkki tähän viestiin
|
Sunday, November 18, 2007 7:01:47 PM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 18/11/2007
Kaspersky Anti-Virus database records: 461280
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\
N:\
O:\
Scan Statistics
Total number of scanned objects 94039
Number of viruses found 3
Number of infected objects 10
Number of suspicious objects 0
Duration of the scan process 01:32:37
Infected Object Name Virus Name Last Action
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\sw_ae-20071118-083837.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Taustasuojaus.txt Object is locked skipped
C:\Program Files\Nero\Nero8\Nero BackItUp\BIU8AD1.txt Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\180492e855961770effd91bbf5c073fb_2b92c48d-6dd2-41f6-a00d-9be97155aff9 Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.4.Crwl Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.4.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.ci Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wsb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010017.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001B.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001D.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001E.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy13.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf903D.tmp Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf904E.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log Object is locked skipped
C:\ProgramData\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\Users\SpaDe\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\SpaDe\AppData\Local\Microsoft\Messenger\pahir@kotiposti.net\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Users\SpaDe\AppData\Local\Microsoft\Messenger\pahir@kotiposti.net\SharingMetadata\pending.dat Object is locked skipped
C:\Users\SpaDe\AppData\Local\Microsoft\Messenger\pahir@kotiposti.net\SharingMetadata\Working\database_6CDC_B30A_DCB2_CE18\dfsr.db Object is locked skipped
C:\Users\SpaDe\AppData\Local\Microsoft\Messenger\pahir@kotiposti.net\SharingMetadata\Working\database_6CDC_B30A_DCB2_CE18\fsr.log Object is locked skipped
C:\Users\SpaDe\AppData\Local\Microsoft\Messenger\pahir@kotiposti.net\SharingMetadata\Working\database_6CDC_B30A_DCB2_CE18\fsrtmp.log Object is locked skipped
C:\Users\SpaDe\AppData\Local\Microsoft\Messenger\pahir@kotiposti.net\SharingMetadata\Working\database_6CDC_B30A_DCB2_CE18\tmp.edb Object is locked skipped
C:\Users\SpaDe\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\SpaDe\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\SpaDe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\SpaDe\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\SpaDe\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\SpaDe\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\SpaDe\AppData\Local\Microsoft\Windows\UsrClass.dat{c8384fb8-936b-11dc-bccf-001bb9aba856}.TM.blf Object is locked skipped
C:\Users\SpaDe\AppData\Local\Microsoft\Windows\UsrClass.dat{c8384fb8-936b-11dc-bccf-001bb9aba856}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\SpaDe\AppData\Local\Microsoft\Windows\UsrClass.dat{c8384fb8-936b-11dc-bccf-001bb9aba856}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\SpaDe\AppData\Local\Microsoft\Windows Defender\FileTracker\{AF073DEB-D9FF-456F-BE2B-1C051137D7CC} Object is locked skipped
C:\Users\SpaDe\AppData\Local\Microsoft\Windows Live Contacts\pahir@kotiposti.net\real\members.stg Object is locked skipped
C:\Users\SpaDe\AppData\Local\Microsoft\Windows Live Contacts\pahir@kotiposti.net\shadow\members.stg Object is locked skipped
C:\Users\SpaDe\AppData\Local\Microsoft\Windows Mail\edb.log Object is locked skipped
C:\Users\SpaDe\AppData\Local\Microsoft\Windows Mail\tmp.edb Object is locked skipped
C:\Users\SpaDe\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore Object is locked skipped
C:\Users\SpaDe\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\SpaDe\AppData\Local\Temp\fla5CF6.tmp Object is locked skipped
C:\Users\SpaDe\AppData\Local\Temp\~DF42A9.tmp Object is locked skipped
C:\Users\SpaDe\AppData\Local\Temp\~DF42BC.tmp Object is locked skipped
C:\Users\SpaDe\AppData\Local\Temp\~DF81D9.tmp Object is locked skipped
C:\Users\SpaDe\AppData\Local\Temp\~DF81DE.tmp Object is locked skipped
C:\Users\SpaDe\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\SpaDe\NTUSER.DAT Object is locked skipped
C:\Users\SpaDe\ntuser.dat.LOG1 Object is locked skipped
C:\Users\SpaDe\ntuser.dat.LOG2 Object is locked skipped
C:\Users\SpaDe\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Users\SpaDe\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\SpaDe\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped
C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped
C:\Windows\System32\config\RegBack\SAM Object is locked skipped
C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped
C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped
C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
C:\Windows\System32\drivers\sptd.sys Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.001 Object is locked skipped
C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped
C:\Windows\System32\winevt\Logs\Antivirus.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
D:\Utorrent\Lonely_Cat_Games_SmartMovie_Player_3.22.rar/keygen.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.apo skipped
D:\Utorrent\Lonely_Cat_Games_SmartMovie_Player_3.22.rar/crack.exe Infected: Trojan.Win32.Dialer.qn skipped
D:\Utorrent\Lonely_Cat_Games_SmartMovie_Player_3.22.rar RAR: infected - 2 skipped
G:\Ohjelmat\Nero 8 Ultra Edition\Nero 8 Ultra Edition\Nero PhotoShow Express\nero_photoshow_express_5_setup.exe/data0017 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
G:\Ohjelmat\Nero 8 Ultra Edition\Nero 8 Ultra Edition\Nero PhotoShow Express\nero_photoshow_express_5_setup.exe NSIS: infected - 1 skipped
G:\Ohjelmat\Nero 8 Ultra Edition\Nero 8 Ultra Edition\Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
G:\Ohjelmat\Nero 8 Ultra Edition\Nero 8 Ultra Edition.iso/Nero PhotoShow Express/nero_photoshow_express_5_setup.exe/data0017 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
G:\Ohjelmat\Nero 8 Ultra Edition\Nero 8 Ultra Edition.iso/Nero PhotoShow Express/nero_photoshow_express_5_setup.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
G:\Ohjelmat\Nero 8 Ultra Edition\Nero 8 Ultra Edition.iso/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
G:\Ohjelmat\Nero 8 Ultra Edition\Nero 8 Ultra Edition.iso ISO image: infected - 3 skipped
Scan process completed.
CM 690 II Advanced, i5 2500K, MSI P67A-C43, Scythe Mugen-2 Revision B, XFX Pro550 80+ pronze, CORSAIR DDR3-1600 2*2G CL9 VENGEANCE, Asus r9 290x directCU II ,Samsung 830 SSD 128Gb+ 4.5 teraa, Win 7.
|
|
tomato71
Suspended due to non-functional email address
|
18. marraskuuta 2007 @ 20:10 |
Linkki tähän viestiin
|
melkein kaikki crackit ja keygen sisältää viruksia ;)
nämä poista:
D:\Utorrent\Lonely_Cat_Games_SmartMovie_Player_3.22.rar
G:\Ohjelmat\Nero 8 Ultra Edition
vielä ongelmia???
www.virustorjunta.net
|
Senior Member
|
18. marraskuuta 2007 @ 20:59 |
Linkki tähän viestiin
|
|
Ei ongelmia, ja poistettu mut ei neroa, onko ne neron töryt kui vaarallisii?
CM 690 II Advanced, i5 2500K, MSI P67A-C43, Scythe Mugen-2 Revision B, XFX Pro550 80+ pronze, CORSAIR DDR3-1600 2*2G CL9 VENGEANCE, Asus r9 290x directCU II ,Samsung 830 SSD 128Gb+ 4.5 teraa, Win 7.
|
|
tomato71
Suspended due to non-functional email address
|
18. marraskuuta 2007 @ 21:24 |
Linkki tähän viestiin
|
|
mainos ohjelma MyWebSearch,ei mikään vaarallinen
www.virustorjunta.net
|
|
Mainos
|
|
|
Senior Member
|
18. marraskuuta 2007 @ 21:43 |
Linkki tähän viestiin
|
Ok, jätetään nero sit. Iso kiitos vaivannäöstä :)
CM 690 II Advanced, i5 2500K, MSI P67A-C43, Scythe Mugen-2 Revision B, XFX Pro550 80+ pronze, CORSAIR DDR3-1600 2*2G CL9 VENGEANCE, Asus r9 290x directCU II ,Samsung 830 SSD 128Gb+ 4.5 teraa, Win 7.
|
|
