AfterDawn.com Mainosta sivuillamme
User Käyttäjä Salasana  
  Puuttuuko tunnus? Liity jäseneksi nyt!.
Salasana hukassa? Klikkaa tästä. 		 
  Etusivu   Uutiset   Oppaat   Ohjelmat   Sanasto   Laitevertailu   Profiilit   Keskustelu  
 Yksityisviestit     Luo uusi yksityisviesti     Kaikki uudet viestit     Ilman vastauksia olevat viestiketjut     Hae viestejä
tiistai 11.11.2025 / 20:32
Hae keskustelualueilta:        In English   Suomeksi   På svenska
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > se tuttu msn viirus...
Näytä aiheet
 
Keskustelualueet
Keskustelualueet
se tuttu msn viirus...
  Siirry:
 
Kirjoittaja Viesti
eohopea
Member

1 tuotearvio
_ 		28. marraskuuta 2007 @ 21:12 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Elikkä tarina on varmaan tuttu...

C:\WINDOWS\System32\alg.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fi/sphome.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /F "C:\WINDOWS\TEMP\E_SA9.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resourc...lscbase4009.cab
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

Jos nyt joku kerkeisi auttamaan olisin kiitollinen :)
[ + lainaa]
tomato71
Suspended due to non-functional email address
_ 		28. marraskuuta 2007 @ 21:15 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
moi
Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi:
*Käynnistä tietokone
*Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa
*Seuraavaksi pitäisi ilmestyä valikko
*Valitse valikosta vikasietotila.

* Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio). Työpöydälle ilmestyy sdfix.exe. Tuplakilikkaa sitä, niin tiedosto purkaantuu ja asentaa itsensä siihen levyasemaan, minne on käyttöjärjestelmä on asennettu ja juureen ilmestyy kansio SDFix, ESIM c:\SDFix
* Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
* Paina Y käynnistääksesi skriptin.
* Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
* Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
* Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
* Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
* Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
* Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis lokin kera.



[ + lainaa]
www.virustorjunta.net
eohopea
Member

1 tuotearvio
_ 		28. marraskuuta 2007 @ 21:50 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
tässä HijackThis loki

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:46:12, on 28.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehsched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fi/sphome.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /F "C:\WINDOWS\TEMP\E_SA9.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resourc...lscbase4009.cab
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

Ja SDFix:in

SDFix: Version 1.116

Run by Otto on ke 28.11.2007 at 21:31

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\DOCUME~1\Otto\LOCALS~1\Temp\eraseme_65646.exe - Deleted
C:\WINDOWS\system32\NTSpool.exe - Deleted




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-28 21:36:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:06,0b,29,98,5f,07,40,9f,5f,81,02,b9,60,ff,e0,94,7c,73,98,aa,61,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,4f,93,c9,93,34,14,8e,5d,a3,a2,5b,a4,b1,96,72,0a,91,..
"khjeh"=hex:bf,4d,0f,bd,f2,4d,a1,73,38,7f,9b,82,66,15,b0,22,cd,5a,e5,3e,1c,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5c,b2,47,f2,df,ea,53,8d,64,ac,90,96,73,cf,a3,5d,3f,4e,1b,3a,47,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:06,0b,29,98,5f,07,40,9f,5f,81,02,b9,60,ff,e0,94,7c,73,98,aa,61,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,4f,93,c9,93,34,14,8e,5d,a3,a2,5b,a4,b1,96,72,0a,91,..
"khjeh"=hex:bf,4d,0f,bd,f2,4d,a1,73,38,7f,9b,82,66,15,b0,22,cd,5a,e5,3e,1c,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5c,b2,47,f2,df,ea,53,8d,64,ac,90,96,73,cf,a3,5d,3f,4e,1b,3a,47,..

scanning hidden registry entries ...

scanning hidden files ...

C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\anttilehtonen_997@hotmail.com\DFSR\Staging\CS{9A8EA1E4-CB47-5234-B07E-361CC2357493}\01\11-{9A8EA1E4-CB47-5234-B07E-361CC2357493}-v1-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\elementsi@hotmail.com\DFSR\Staging\CS{B7EB8A12-C87A-8559-B52C-5810E5A2A741}\01\13-{B7EB8A12-C87A-8559-B52C-5810E5A2A741}-v1-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\elementsi@hotmail.com\DFSR\Staging\CS{B7EB8A12-C87A-8559-B52C-5810E5A2A741}\14\14-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v14-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\elementsi@hotmail.com\DFSR\Staging\CS{B7EB8A12-C87A-8559-B52C-5810E5A2A741}\19\19-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v19-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 10218 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\elementsi@hotmail.com\DFSR\Staging\CS{B7EB8A12-C87A-8559-B52C-5810E5A2A741}\19\19-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v19-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1112 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\elementsi@hotmail.com\DFSR\Staging\CS{B7EB8A12-C87A-8559-B52C-5810E5A2A741}\20\20-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v20-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9408 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\elementsi@hotmail.com\DFSR\Staging\CS{B7EB8A12-C87A-8559-B52C-5810E5A2A741}\20\20-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v20-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1096 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\elementsi@hotmail.com\DFSR\Staging\CS{B7EB8A12-C87A-8559-B52C-5810E5A2A741}\21\21-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v21-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 8886 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\elementsi@hotmail.com\DFSR\Staging\CS{B7EB8A12-C87A-8559-B52C-5810E5A2A741}\21\21-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v21-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1000 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\elementsi@hotmail.com\DFSR\Staging\CS{B7EB8A12-C87A-8559-B52C-5810E5A2A741}\22\22-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v22-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 12594 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\elementsi@hotmail.com\DFSR\Staging\CS{B7EB8A12-C87A-8559-B52C-5810E5A2A741}\22\22-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v22-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1368 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\elementsi@hotmail.com\DFSR\Staging\CS{B7EB8A12-C87A-8559-B52C-5810E5A2A741}\23\23-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v23-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9930 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\elementsi@hotmail.com\DFSR\Staging\CS{B7EB8A12-C87A-8559-B52C-5810E5A2A741}\23\23-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v23-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1104 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\elementsi@hotmail.com\DFSR\Staging\CS{B7EB8A12-C87A-8559-B52C-5810E5A2A741}\24\24-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v24-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v24-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 10506 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\elementsi@hotmail.com\DFSR\Staging\CS{B7EB8A12-C87A-8559-B52C-5810E5A2A741}\24\24-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v24-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v24-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1192 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\elementsi@hotmail.com\DFSR\Staging\CS{B7EB8A12-C87A-8559-B52C-5810E5A2A741}\25\25-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v25-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v25-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 11370 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\elementsi@hotmail.com\DFSR\Staging\CS{B7EB8A12-C87A-8559-B52C-5810E5A2A741}\25\25-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v25-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v25-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1288 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\elementsi@hotmail.com\DFSR\Staging\CS{B7EB8A12-C87A-8559-B52C-5810E5A2A741}\26\26-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v26-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 8526 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\elementsi@hotmail.com\DFSR\Staging\CS{B7EB8A12-C87A-8559-B52C-5810E5A2A741}\26\26-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v26-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 952 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\elementsi@hotmail.com\DFSR\Staging\CS{B7EB8A12-C87A-8559-B52C-5810E5A2A741}\27\27-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v27-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 8328 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\elementsi@hotmail.com\DFSR\Staging\CS{B7EB8A12-C87A-8559-B52C-5810E5A2A741}\27\27-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v27-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 936 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\elementsi@hotmail.com\DFSR\Staging\CS{B7EB8A12-C87A-8559-B52C-5810E5A2A741}\28\28-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v28-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 8454 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\elementsi@hotmail.com\DFSR\Staging\CS{B7EB8A12-C87A-8559-B52C-5810E5A2A741}\28\28-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v28-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 952 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\elementsi@hotmail.com\DFSR\Staging\CS{B7EB8A12-C87A-8559-B52C-5810E5A2A741}\29\29-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v29-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 8688 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\elementsi@hotmail.com\DFSR\Staging\CS{B7EB8A12-C87A-8559-B52C-5810E5A2A741}\29\29-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v29-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 968 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\elementsi@hotmail.com\DFSR\Staging\CS{B7EB8A12-C87A-8559-B52C-5810E5A2A741}\30\30-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v30-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v30-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 12162 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\elementsi@hotmail.com\DFSR\Staging\CS{B7EB8A12-C87A-8559-B52C-5810E5A2A741}\30\30-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v30-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v30-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1328 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\elementsi@hotmail.com\DFSR\Staging\CS{B7EB8A12-C87A-8559-B52C-5810E5A2A741}\31\31-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v31-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v31-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 10596 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\elementsi@hotmail.com\DFSR\Staging\CS{B7EB8A12-C87A-8559-B52C-5810E5A2A741}\31\31-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v31-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v31-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1176 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\elementsi@hotmail.com\DFSR\Staging\CS{B7EB8A12-C87A-8559-B52C-5810E5A2A741}\32\32-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v32-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 8850 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\elementsi@hotmail.com\DFSR\Staging\CS{B7EB8A12-C87A-8559-B52C-5810E5A2A741}\32\32-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v32-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 976 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\elementsi@hotmail.com\DFSR\Staging\CS{B7EB8A12-C87A-8559-B52C-5810E5A2A741}\33\33-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v33-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v33-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 10578 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\elementsi@hotmail.com\DFSR\Staging\CS{B7EB8A12-C87A-8559-B52C-5810E5A2A741}\33\33-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v33-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v33-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1184 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\elementsi@hotmail.com\DFSR\Staging\CS{B7EB8A12-C87A-8559-B52C-5810E5A2A741}\34\34-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v34-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v34-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 13944 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\elementsi@hotmail.com\DFSR\Staging\CS{B7EB8A12-C87A-8559-B52C-5810E5A2A741}\34\34-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v34-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v34-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1528 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\elementsi@hotmail.com\DFSR\Staging\CS{B7EB8A12-C87A-8559-B52C-5810E5A2A741}\35\35-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v35-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v35-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 10488 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\elementsi@hotmail.com\DFSR\Staging\CS{B7EB8A12-C87A-8559-B52C-5810E5A2A741}\35\35-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v35-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v35-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1128 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\elementsi@hotmail.com\DFSR\Staging\CS{B7EB8A12-C87A-8559-B52C-5810E5A2A741}\36\36-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v36-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v36-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 12306 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\elementsi@hotmail.com\DFSR\Staging\CS{B7EB8A12-C87A-8559-B52C-5810E5A2A741}\36\36-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v36-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v36-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1352 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\elementsi@hotmail.com\DFSR\Staging\CS{B7EB8A12-C87A-8559-B52C-5810E5A2A741}\37\37-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v37-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v37-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 10128 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\elementsi@hotmail.com\DFSR\Staging\CS{B7EB8A12-C87A-8559-B52C-5810E5A2A741}\37\37-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v37-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v37-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1096 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\miksu_c@hotmail.com\DFSR\Staging\CS{84627130-3E5B-7CF2-0AF3-1DE4F5414AF1}\01\10-{84627130-3E5B-7CF2-0AF3-1DE4F5414AF1}-v1-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\miksu_c@hotmail.com\DFSR\Staging\CS{84627130-3E5B-7CF2-0AF3-1DE4F5414AF1}\64\64-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v64-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v64-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 24582 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\miksu_c@hotmail.com\DFSR\Staging\CS{84627130-3E5B-7CF2-0AF3-1DE4F5414AF1}\64\64-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v64-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v64-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 1740 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\miksu_c@hotmail.com\DFSR\Staging\CS{84627130-3E5B-7CF2-0AF3-1DE4F5414AF1}\64\64-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v64-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v64-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3352 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\miksu_c@hotmail.com\DFSR\Staging\CS{84627130-3E5B-7CF2-0AF3-1DE4F5414AF1}\65\67-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v65-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v67-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 122160 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\miksu_c@hotmail.com\DFSR\Staging\CS{84627130-3E5B-7CF2-0AF3-1DE4F5414AF1}\65\67-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v65-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v67-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 13704 bytes hidden from API
C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Messenger\S_tube@hotmail.com\SharingMetadata\rami___91@hotmail.com\DFSR\Staging\CS{F10D475E-8E0C-2DD6-D8D4-625A5CBFC876}\01\12-{F10D475E-8E0C-2DD6-D8D4-625A5CBFC876}-v1-{074B91DE-E4FC-46C6-8906-1B305EDC9966}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 48


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\The All-Seeing Eye\\eye.exe"="C:\\Program Files\\The All-Seeing Eye\\eye.exe:*:Enabled:Yahoo! All-Seeing Eye"
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"="C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe:*:Enabled:ET"
"C:\\Program Files\\Defcon\\defcon.exe"="C:\\Program Files\\Defcon\\defcon.exe:*:Enabled:Defcon"
"C:\\Documents and Settings\\Otto\\Local Settings\\Temp\\Rar$EX00.093\\CounterStrike2D.exe"="C:\\Documents and Settings\\Otto\\Local Settings\\Temp\\Rar$EX00.093\\CounterStrike2D.exe:*:Enabled:CounterStrike2D"
"C:\\Documents and Settings\\Otto\\Local Settings\\Temp\\Rar$EX00.281\\CounterStrike2D.exe"="C:\\Documents and Settings\\Otto\\Local Settings\\Temp\\Rar$EX00.281\\CounterStrike2D.exe:*:Enabled:CounterStrike2D"
"C:\\Documents and Settings\\Otto\\Local Settings\\Temp\\Rar$EX00.515\\CounterStrike2D.exe"="C:\\Documents and Settings\\Otto\\Local Settings\\Temp\\Rar$EX00.515\\CounterStrike2D.exe:*:Enabled:CounterStrike2D"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\Elisa\\Avustaja\\Elisa.exe"="C:\\Program Files\\Elisa\\Avustaja\\Elisa.exe:*:Enabled:Elisa Avustaja"
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\Steam\\SteamApps\\maanikko\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\maanikko\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Wed 17 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0089cd1ec7c03d0a52caa6b6ea801507\BIT4.tmp"
Thu 20 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6669d04be19822840dc12f3a3a5047fc\BIT4.tmp"
Wed 28 Nov 2007 5,998 A.SH. --- "C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE1.tmp"

Finished!


Toivottavasti ymmärsin oikein...
[ + lainaa]
tomato71
Suspended due to non-functional email address
_ 		28. marraskuuta 2007 @ 22:27 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
kyllä meni oikein

sitten...

Tee uusi hjt-scannaus Do a System scan only
Sulje kaikki muut ikkunat ja selaimen.Merkkaa nämä rivit ja paina Fix checked

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

ja loppu tarkistus

Skannaa koneesi Kaspersky Online Skannerilla
Käytä Internet Explorer
Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.[list]
[*] Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
[*] Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
[*] Klikkaa nyt asetuksia, Scan Settings
[*] Tarkista asetuksista, että seuraavat ovat valittuina:

o Scan using the following Anti-Virus database:

+ Extended (Jos valittavissa, muuten valitse Standard)

o Scan Options:

+ Scan Archives
+ Scan Mail Bases

[*] Klikkaa OK
[*] Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
[*] Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
[*] Klikkaa nyt Save as Text-painiketta.
[*] Tallenna tiedosto työpöydällesi.
[*] Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi.+uusi hjt-loki
[ + lainaa]
www.virustorjunta.net
eohopea
Member

1 tuotearvio
_ 		29. marraskuuta 2007 @ 15:48 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Tässä tämä kaspersky onlinen raportti

Scan Statistics
Total number of scanned objects 70068
Number of viruses found 4
Number of infected objects 17
Number of suspicious objects 0
Duration of the scan process 01:15:51

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Otto\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Otto\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Otto\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Otto\Local Settings\History\History.IE5\MSHist012007112920071130\index.dat Object is locked skipped

C:\Documents and Settings\Otto\Local Settings\Temporary Internet Files\Content.IE5\83HRQU3T\M3FXZI10P[1].flv Object is locked skipped

C:\Documents and Settings\Otto\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Otto\ntuser.dat Object is locked skipped

C:\Documents and Settings\Otto\ntuser.dat.LOG Object is locked skipped

C:\SDFix\backups\backups.zip/backups/eraseme_65646.exe Infected: Backdoor.Win32.Agent.cvs skipped

C:\SDFix\backups\backups.zip/backups/NTSpool.exe Infected: Trojan.Win32.Agent.cxg skipped

C:\SDFix\backups\backups.zip ZIP: infected - 2 skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{7696C833-A39A-4FD8-B234-651A12582C83}\RP124\A0010524.exe/stream/data0001/stream/data0014 Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped

C:\System Volume Information\_restore{7696C833-A39A-4FD8-B234-651A12582C83}\RP124\A0010524.exe/stream/data0001/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped

C:\System Volume Information\_restore{7696C833-A39A-4FD8-B234-651A12582C83}\RP124\A0010524.exe/stream/data0001 Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped

C:\System Volume Information\_restore{7696C833-A39A-4FD8-B234-651A12582C83}\RP124\A0010524.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped

C:\System Volume Information\_restore{7696C833-A39A-4FD8-B234-651A12582C83}\RP124\A0010524.exe NSIS: infected - 4 skipped

C:\System Volume Information\_restore{7696C833-A39A-4FD8-B234-651A12582C83}\RP138\A0013604.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped

C:\System Volume Information\_restore{7696C833-A39A-4FD8-B234-651A12582C83}\RP143\A0014850.exe Infected: Trojan.Win32.Agent.cxg skipped

C:\System Volume Information\_restore{7696C833-A39A-4FD8-B234-651A12582C83}\RP143\A0015163.exe Infected: Trojan.Win32.Agent.cxg skipped

C:\System Volume Information\_restore{7696C833-A39A-4FD8-B234-651A12582C83}\RP144\A0015174.exe Infected: Backdoor.Win32.Agent.cvs skipped

C:\System Volume Information\_restore{7696C833-A39A-4FD8-B234-651A12582C83}\RP145\A0016018.exe Infected: Backdoor.Win32.Agent.cvs skipped

C:\System Volume Information\_restore{7696C833-A39A-4FD8-B234-651A12582C83}\RP145\A0016040.exe Infected: Trojan.Win32.Agent.cxg skipped

C:\System Volume Information\_restore{7696C833-A39A-4FD8-B234-651A12582C83}\RP145\A0016044.exe Infected: Backdoor.Win32.Agent.cvs skipped

C:\System Volume Information\_restore{7696C833-A39A-4FD8-B234-651A12582C83}\RP145\A0016045.exe Infected: Trojan.Win32.Agent.cxg skipped

C:\System Volume Information\_restore{7696C833-A39A-4FD8-B234-651A12582C83}\RP145\change.log Object is locked skipped

C:\System Volume Information\_restore{7696C833-A39A-4FD8-B234-651A12582C83}\RP95\A0005742.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{2DCACDF3-8F44-4E90-9EC3-F091FC5FF0C9}.crmlog Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

ja uudet lokit

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:46:22, on 29.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehsched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fi/sphome.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://keskustelu.afterdawn.com/thread_view.cfm/593135
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /F "C:\WINDOWS\TEMP\E_SA9.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resourc...lscbase4009.cab
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 5271 bytes

Skannauksen jälkeen normanilta tuli ilmoitus Troijalaisesta mitä ei pystytty poistamaan.
[ + lainaa]
eohopea
Member

1 tuotearvio
_ 		29. marraskuuta 2007 @ 21:26 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Asialla olisi pieni hoppu vai uskaltaako tätä konetta antaa tietokoneista mitään tietämättömille vanhenmmille käytettäväksi.
[ + lainaa]
tomato71
Suspended due to non-functional email address
_ 		29. marraskuuta 2007 @ 22:54 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
alkaa olla puhdas

poista kansio
C:\SDFix

Putsaa järjestelmän palautus:
1. Klikkaa oikealla käynnistävalikon My Computer- tai oma tietokone-kuvaketta
2. Valitse Properties/ominaisuudet
3. Valitse System Restore/järjestelmän palauttaminen välilehti
4. Valitse "Turn off System Restore"/poista järjestelmän palauttaminen kaikissa asemissa
5. Paina Apply/käytä
6. Paina OK
7. Käynnistä kone uudelleen
8. Palauta asetukset takaisin

ja sitten...

Koneellasi oli backdoor-infektio, kannattaa vaihtaa kaikkien tunnustesi salasanat.

vielä ongelmia???
[ + lainaa]
www.virustorjunta.net
eohopea
Member

1 tuotearvio
_ 		30. marraskuuta 2007 @ 15:49 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Eipä tässä enää varmaan mitään jos kerta puhdas on, mutta jäi vain tuo normanin troijalaisvaroitus mieleen että onko sekin tässä samalla jo poistettu vai pitääkö minun vielä tehdä jotain?
[ + lainaa]
Mainos
_ 		__
 
_
tomato71
Suspended due to non-functional email address
_ 		30. marraskuuta 2007 @ 19:38 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
moi
kasperskyn mukaan kone on OK
mitä normanni löysi ja mistä??
tiedot varmaan läytyy karanteenis
[ + lainaa]
www.virustorjunta.net
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > se tuttu msn viirus...
 

Apua ongelmiin: AfterDawnin keskustelualueet | AfterDawnin Vastaukset
Uutiset: IT-alan uutiset | Uutisia puhelimista
Musiikkia: MP3Lizard.com
Tuotearviot: Laitevertailu | Vertaa puhelimia | Vertaa kännykkäliittymiä
Pelit: Pelitiedostot, pelidemot ja trailerit
Ohjelmat: download.fi | AfterDawnin ohjelma-alueet
International: AfterDawn in English | Software downloads | Free, legal MP3s | AfterDawn på svenska
RSS -syötteet: AfterDawnin uutiset | Uusimmat ohjelmapäivitykset | Keskustelualueiden viestit
Tietoja: Tietoa AfterDawn Oy:stä | Mainosta sivuillamme | Sivuston käyttöehdot ja tietoja yksityisyydensuojasta
Ota yhteyttä: Lähetä palautetta | Ota yhteyttä mainosmyyntiimme
 
  © 1999-2025 AfterDawn Oy