|
kone ihan jumisssa
|
|
AfterDawn Addict
|
15. tammikuuta 2008 @ 10:46 |
Linkki tähän viestiin
|
pesojoh2:lle
Kokeillaan toista taloa:
Jotti:
Lähetä tiedosto tutkittavaksi: Tänne
Paina selaa nappia ja valitse koneeltasi C:\Program Files\PLUSFAX\system\PlusfaxOut.EXE paina vierestä Submit nappia.
kUN Scanni on valmis "maalaa hiirellä" tulos-alue ja kopioi se vastaukseesi.
PS. Tai Faksille annetaan lähtö ???
(:)
|
|
j.pv
Suspended due to non-functional email address
|
15. tammikuuta 2008 @ 10:46 |
Linkki tähän viestiin
|
|
tota noin mites mä saan sen sammutettua ja käynnistettyä ku ei näytöllä ole muuta kuin toi taustakuva ei edes käynnistä valikkoa saa näkyviin??
j.pv
|
AfterDawn Addict
|
15. tammikuuta 2008 @ 11:27 |
Linkki tähän viestiin
|
|
j.pv
käynnistä kokokone uudelleen.
Vaikka töpseli seinästä jos vähempään usko.
(:)
|
AfterDawn Addict
|
15. tammikuuta 2008 @ 11:40 |
Linkki tähän viestiin
|
|
j.pv
Combo menee jumiin jos klikkailee ajon aikana muuta,kuin
palomuurille lupia.
(:)
|
|
j.pv
Suspended due to non-functional email address
|
15. tammikuuta 2008 @ 11:59 |
Linkki tähän viestiin
|
|
ok, sain laitettu piilotiedostot näkyviin ajanko uudestaan combon??
j.pv
|
AfterDawn Addict
|
15. tammikuuta 2008 @ 12:03 |
Linkki tähän viestiin
|
|
j.pv
Aja Combo uudelleen.
(:)
|
|
pesojoh2
Suspended due to non-functional email address
|
15. tammikuuta 2008 @ 12:14 |
Linkki tähän viestiin
|
|
Ei tästä taija tulla mitään.
Heitetään mäkeen koko faksi...
-Jopi-
|
AfterDawn Addict
|
15. tammikuuta 2008 @ 12:25 |
Linkki tähän viestiin
|
|
pesojoh2
Sitä Skypen fax palikka on maailmalla (ei toivottu).
Onhan noita muunkin merkkisiä.
-----------------------------------------------------
Mene Windowsin ControlPaneliin (Ohjauspaneli) ja sieltä Lisää / Poista sovellus
Vistassa Ohjelmat ja toiminnot
Etsi ja poista ohjelma jonka nimessä on:
PLUSFAX
(:)
|
|
pesojoh2
Suspended due to non-functional email address
|
15. tammikuuta 2008 @ 12:40 |
Linkki tähän viestiin
|
|
plusfax otti ja lähti.
Entäs seuraavaksi ?
-Jopi-
|
AfterDawn Addict
|
15. tammikuuta 2008 @ 13:00 |
Linkki tähän viestiin
|
|
pesojoh2
Emmää tiärä ????
Virukset on pois ja suojat päällä.
Minä toivotan "puhdasta" jatkoa sinulle.
(:)
|
|
j.pv
Suspended due to non-functional email address
|
15. tammikuuta 2008 @ 13:27 |
Linkki tähän viestiin
|
okei täs näitä raportteja
ComboFix 08-01-15.1 - Jani Vartia 2008-01-16 12:47:00.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.598 [GMT 2:00]
Running from: C:\Documents and Settings\Jani Vartia\Työpöytä\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\posCF8.tmp
C:\posCF9.tmp
C:\posCFA.tmp
C:\posCFB.tmp
C:\posCFC.tmp
C:\posCFD.tmp
C:\posCFE.tmp
C:\posCFF.tmp
C:\posD.tmp
C:\posD0.tmp
C:\posD00.tmp
C:\posD01.tmp
C:\posD02.tmp
C:\posD03.tmp
C:\posD04.tmp
C:\posD05.tmp
C:\posD06.tmp
C:\posD07.tmp
C:\posD08.tmp
C:\posD09.tmp
C:\posD0A.tmp
C:\posD0B.tmp
C:\posD0C.tmp
C:\posD0D.tmp
C:\posD0E.tmp
C:\posD0F.tmp
C:\posD1.tmp
C:\posD10.tmp
C:\posD11.tmp
C:\posD12.tmp
C:\posD13.tmp
C:\posD14.tmp
C:\posD15.tmp
C:\posD16.tmp
C:\posD17.tmp
C:\posD18.tmp
C:\posD19.tmp
C:\posD1A.tmp
C:\posD1B.tmp
C:\posD1C.tmp
C:\posD1D.tmp
C:\posD1E.tmp
C:\posD1F.tmp
C:\posD2.tmp
C:\posD20.tmp
C:\posD21.tmp
C:\posD22.tmp
C:\posD23.tmp
C:\posD24.tmp
C:\posD25.tmp
C:\posD26.tmp
C:\posD27.tmp
C:\posD28.tmp
C:\posD29.tmp
C:\posD2A.tmp
C:\posD2B.tmp
C:\posD2C.tmp
C:\posD2D.tmp
C:\posD2E.tmp
C:\posD2F.tmp
C:\posD3.tmp
C:\posD30.tmp
C:\posD31.tmp
C:\posD32.tmp
C:\posD33.tmp
C:\posD34.tmp
C:\posD35.tmp
C:\posD36.tmp
C:\posD37.tmp
C:\posD38.tmp
C:\posD39.tmp
C:\posD3A.tmp
C:\posD3B.tmp
C:\posD3C.tmp
C:\posD3D.tmp
C:\posD3E.tmp
C:\posD3F.tmp
C:\posD4.tmp
C:\posD40.tmp
C:\posD41.tmp
C:\posD42.tmp
C:\posD43.tmp
C:\posD44.tmp
C:\posD45.tmp
C:\posD46.tmp
C:\posD47.tmp
C:\posD48.tmp
C:\posD49.tmp
C:\posD4A.tmp
C:\posD4B.tmp
C:\posD4C.tmp
C:\posD4D.tmp
C:\posD4E.tmp
C:\posD4F.tmp
C:\posD5.tmp
C:\posD50.tmp
C:\posD51.tmp
C:\posD52.tmp
C:\posD53.tmp
C:\posD54.tmp
C:\posD55.tmp
C:\posD56.tmp
C:\posD57.tmp
C:\posD58.tmp
C:\posD59.tmp
C:\posD5A.tmp
C:\posD5B.tmp
C:\posD5C.tmp
C:\posD5D.tmp
C:\posD5E.tmp
C:\posD5F.tmp
C:\posD6.tmp
C:\posD60.tmp
C:\posD61.tmp
C:\posD62.tmp
C:\posD63.tmp
C:\posD64.tmp
C:\posD65.tmp
C:\posD66.tmp
C:\posD67.tmp
C:\posD68.tmp
C:\posD69.tmp
C:\posD6A.tmp
C:\posD6B.tmp
C:\posD6C.tmp
C:\posD6D.tmp
C:\posD6E.tmp
C:\posD6F.tmp
C:\posD7.tmp
C:\posD70.tmp
C:\posD71.tmp
C:\posD72.tmp
C:\posD73.tmp
C:\posD74.tmp
C:\posD75.tmp
C:\posD76.tmp
C:\posD77.tmp
C:\posD78.tmp
C:\posD79.tmp
C:\posD7A.tmp
C:\posD7B.tmp
C:\posD7C.tmp
C:\posD7D.tmp
C:\posD7E.tmp
C:\posD7F.tmp
C:\posD8.tmp
C:\posD80.tmp
C:\posD81.tmp
C:\posD82.tmp
C:\posD83.tmp
C:\posD84.tmp
C:\posD85.tmp
C:\posD86.tmp
C:\posD87.tmp
C:\posD88.tmp
C:\posD89.tmp
C:\posD8A.tmp
C:\posD8B.tmp
C:\posD8C.tmp
C:\posD8D.tmp
C:\posD8E.tmp
C:\posD8F.tmp
C:\posD9.tmp
C:\posD90.tmp
C:\posD91.tmp
C:\posD92.tmp
C:\posD93.tmp
C:\posD94.tmp
C:\posD95.tmp
C:\posD96.tmp
C:\posD97.tmp
C:\posD98.tmp
C:\posD99.tmp
C:\posD9A.tmp
C:\posD9B.tmp
C:\posD9C.tmp
C:\posD9D.tmp
C:\posD9E.tmp
C:\posD9F.tmp
C:\posDA.tmp
C:\posDA0.tmp
C:\posDA1.tmp
C:\posDA2.tmp
C:\posDA3.tmp
C:\posDA4.tmp
C:\posDA5.tmp
C:\posDA6.tmp
C:\posDA7.tmp
C:\posDA8.tmp
C:\posDA9.tmp
C:\posDAA.tmp
C:\posDAB.tmp
C:\posDAC.tmp
C:\posDAD.tmp
C:\posDAE.tmp
C:\posDAF.tmp
C:\posDB.tmp
C:\posDB0.tmp
C:\posDB1.tmp
C:\posDB2.tmp
C:\posDB3.tmp
C:\posDB4.tmp
C:\posDB5.tmp
C:\posDB6.tmp
C:\posDB7.tmp
C:\posDB8.tmp
C:\posDB9.tmp
C:\posDBA.tmp
C:\posDBB.tmp
C:\posDBC.tmp
C:\posDBD.tmp
C:\posDBE.tmp
C:\posDBF.tmp
C:\posDC.tmp
C:\posDC0.tmp
C:\posDC1.tmp
C:\posDC2.tmp
C:\posDC3.tmp
C:\posDC4.tmp
C:\posDC5.tmp
C:\posDC6.tmp
C:\posDC7.tmp
C:\posDC8.tmp
C:\posDC9.tmp
C:\posDCA.tmp
C:\posDCB.tmp
C:\posDCC.tmp
C:\posDCD.tmp
C:\posDCE.tmp
C:\posDCF.tmp
C:\posDD.tmp
C:\posDD0.tmp
C:\posDD1.tmp
C:\posDD2.tmp
C:\posDD3.tmp
C:\posDD4.tmp
C:\posDD5.tmp
C:\posDD6.tmp
C:\posDD7.tmp
C:\posDD8.tmp
C:\posDD9.tmp
C:\posDDA.tmp
C:\posDDB.tmp
C:\posDDC.tmp
C:\posDDD.tmp
C:\posDDE.tmp
C:\posDDF.tmp
C:\posDE.tmp
C:\posDE0.tmp
C:\posDE1.tmp
C:\posDE2.tmp
C:\posDE3.tmp
C:\posDE4.tmp
C:\posDE5.tmp
C:\posDE6.tmp
C:\posDE7.tmp
C:\posDE8.tmp
C:\posDE9.tmp
C:\posDEA.tmp
C:\posDEB.tmp
C:\posDEC.tmp
C:\posDED.tmp
C:\posDEE.tmp
C:\posDEF.tmp
C:\posDF.tmp
C:\posDF0.tmp
C:\posDF1.tmp
C:\posDF2.tmp
C:\posDF3.tmp
C:\posDF4.tmp
C:\posDF5.tmp
C:\posDF6.tmp
C:\posDF7.tmp
C:\posDF8.tmp
C:\posDF9.tmp
C:\posDFA.tmp
C:\posDFB.tmp
C:\posDFC.tmp
C:\posDFD.tmp
C:\posDFE.tmp
C:\posDFF.tmp
C:\posE.tmp
C:\posE0.tmp
C:\posE00.tmp
C:\posE01.tmp
C:\posE02.tmp
C:\posE03.tmp
C:\posE04.tmp
C:\posE05.tmp
C:\posE06.tmp
C:\posE07.tmp
C:\posE08.tmp
C:\posE09.tmp
C:\posE0A.tmp
C:\posE0B.tmp
C:\posE0C.tmp
C:\posE0D.tmp
C:\posE0E.tmp
C:\posE0F.tmp
C:\posE1.tmp
C:\posE10.tmp
C:\posE11.tmp
C:\posE12.tmp
C:\posE13.tmp
C:\posE14.tmp
C:\posE15.tmp
C:\posE16.tmp
C:\posE17.tmp
C:\posE18.tmp
C:\posE19.tmp
C:\posE1A.tmp
C:\posE1B.tmp
C:\posE1C.tmp
C:\posE1D.tmp
C:\posE1E.tmp
C:\posE1F.tmp
C:\posE2.tmp
C:\posE20.tmp
C:\posE21.tmp
C:\posE22.tmp
C:\posE23.tmp
C:\posE24.tmp
C:\posE25.tmp
C:\posE26.tmp
C:\posE27.tmp
C:\posE28.tmp
C:\posE29.tmp
C:\posE2A.tmp
C:\posE2B.tmp
C:\posE2C.tmp
C:\posE2D.tmp
C:\posE2E.tmp
C:\posE2F.tmp
C:\posE3.tmp
C:\posE30.tmp
C:\posE31.tmp
C:\posE32.tmp
C:\posE33.tmp
C:\posE34.tmp
C:\posE35.tmp
C:\posE36.tmp
C:\posE37.tmp
C:\posE38.tmp
C:\posE39.tmp
C:\posE3A.tmp
C:\posE3B.tmp
C:\posE3C.tmp
C:\posE3D.tmp
C:\posE3E.tmp
C:\posE3F.tmp
C:\posE4.tmp
C:\posE40.tmp
C:\posE41.tmp
C:\posE42.tmp
C:\posE43.tmp
C:\posE44.tmp
C:\posE45.tmp
C:\posE46.tmp
C:\posE47.tmp
C:\posE48.tmp
C:\posE49.tmp
C:\posE4A.tmp
C:\posE4B.tmp
C:\posE4C.tmp
C:\posE4D.tmp
C:\posE4E.tmp
C:\posE4F.tmp
C:\posE5.tmp
C:\posE50.tmp
C:\posE51.tmp
C:\posE52.tmp
C:\posE53.tmp
C:\posE54.tmp
C:\posE55.tmp
C:\posE56.tmp
C:\posE57.tmp
C:\posE58.tmp
C:\posE59.tmp
C:\posE5A.tmp
C:\posE5B.tmp
C:\posE5C.tmp
C:\posE5D.tmp
C:\posE5E.tmp
C:\posE5F.tmp
C:\posE6.tmp
C:\posE60.tmp
C:\posE61.tmp
C:\posE62.tmp
C:\posE63.tmp
C:\posE64.tmp
C:\posE65.tmp
C:\posE66.tmp
C:\posE67.tmp
C:\posE68.tmp
C:\posE69.tmp
C:\posE6A.tmp
C:\posE6B.tmp
C:\posE6C.tmp
C:\posE6D.tmp
C:\posE6E.tmp
C:\posE6F.tmp
C:\posE7.tmp
C:\posE70.tmp
C:\posE71.tmp
C:\posE72.tmp
C:\posE73.tmp
C:\posE74.tmp
C:\posE75.tmp
C:\posE76.tmp
C:\posE77.tmp
C:\posE78.tmp
C:\posE79.tmp
C:\posE7A.tmp
C:\posE7B.tmp
C:\posE7C.tmp
C:\posE7D.tmp
C:\posE7E.tmp
C:\posE7F.tmp
C:\posE8.tmp
C:\posE80.tmp
C:\posE81.tmp
C:\posE82.tmp
C:\posE83.tmp
C:\posE84.tmp
C:\posE85.tmp
C:\posE86.tmp
C:\posE87.tmp
C:\posE88.tmp
C:\posE89.tmp
C:\posE8A.tmp
C:\posE8B.tmp
C:\posE8C.tmp
C:\posE8D.tmp
C:\posE8E.tmp
C:\posE8F.tmp
C:\posE9.tmp
C:\posE90.tmp
C:\posE91.tmp
C:\posE92.tmp
C:\posE93.tmp
C:\posE94.tmp
C:\posE95.tmp
C:\posE96.tmp
C:\posE97.tmp
C:\posE98.tmp
C:\posE99.tmp
C:\posE9A.tmp
C:\posE9B.tmp
C:\posE9C.tmp
C:\posE9D.tmp
C:\posE9E.tmp
C:\posE9F.tmp
C:\posEA.tmp
C:\posEA0.tmp
C:\posEA1.tmp
C:\posEA2.tmp
C:\posEA3.tmp
C:\posEA4.tmp
C:\posEA5.tmp
C:\posEA6.tmp
C:\posEA7.tmp
C:\posEA8.tmp
C:\posEA9.tmp
C:\posEAA.tmp
C:\posEAB.tmp
C:\posEAC.tmp
C:\posEAD.tmp
C:\posEAE.tmp
C:\posEAF.tmp
C:\posEB.tmp
C:\posEB0.tmp
C:\posEB1.tmp
C:\posEB2.tmp
C:\posEB3.tmp
C:\posEB4.tmp
C:\posEB5.tmp
C:\posEB6.tmp
C:\posEB7.tmp
C:\posEB8.tmp
C:\posEB9.tmp
C:\posEBA.tmp
C:\posEBB.tmp
C:\posEBC.tmp
C:\posEBD.tmp
C:\posEBE.tmp
C:\posEBF.tmp
C:\posEC.tmp
C:\posEC0.tmp
C:\posEC1.tmp
C:\posEC2.tmp
C:\posEC3.tmp
C:\posEC4.tmp
C:\posEC5.tmp
C:\posEC6.tmp
C:\posEC7.tmp
C:\posEC8.tmp
C:\posEC9.tmp
C:\posECA.tmp
C:\posECB.tmp
C:\posECC.tmp
C:\posECD.tmp
C:\posECE.tmp
C:\posECF.tmp
C:\posED.tmp
C:\posED0.tmp
C:\posED1.tmp
C:\posED2.tmp
C:\posED3.tmp
C:\posED4.tmp
C:\posED5.tmp
C:\posED6.tmp
C:\posED7.tmp
C:\posED8.tmp
C:\posED9.tmp
C:\posEDA.tmp
C:\posEDB.tmp
C:\posEDC.tmp
C:\posEDD.tmp
C:\posEDE.tmp
C:\posEDF.tmp
C:\posEE.tmp
C:\posEE0.tmp
C:\posEE1.tmp
C:\posEE2.tmp
C:\posEE3.tmp
C:\posEE4.tmp
C:\posEE5.tmp
C:\posEE6.tmp
C:\posEE7.tmp
C:\posEE8.tmp
C:\posEE9.tmp
C:\posEEA.tmp
C:\posEEB.tmp
C:\posEEC.tmp
C:\posEED.tmp
C:\posEEE.tmp
C:\posEEF.tmp
C:\posEF.tmp
C:\posEF0.tmp
C:\posEF1.tmp
C:\posEF2.tmp
C:\posEF3.tmp
C:\posEF4.tmp
C:\posEF5.tmp
C:\posEF6.tmp
C:\posEF7.tmp
C:\posEF8.tmp
C:\posEF9.tmp
C:\posEFA.tmp
C:\posEFB.tmp
C:\posEFC.tmp
C:\posEFD.tmp
C:\posEFE.tmp
C:\posEFF.tmp
C:\posF.tmp
C:\posF0.tmp
C:\posF00.tmp
C:\posF01.tmp
C:\posF02.tmp
C:\posF03.tmp
C:\posF04.tmp
C:\posF05.tmp
C:\posF06.tmp
C:\posF07.tmp
C:\posF08.tmp
C:\posF09.tmp
C:\posF0A.tmp
C:\posF0B.tmp
C:\posF0C.tmp
C:\posF0D.tmp
C:\posF0E.tmp
C:\posF0F.tmp
C:\posF1.tmp
C:\posF10.tmp
C:\posF11.tmp
C:\posF12.tmp
C:\posF13.tmp
C:\posF14.tmp
C:\posF15.tmp
C:\posF16.tmp
C:\posF17.tmp
C:\posF18.tmp
C:\posF19.tmp
C:\posF1A.tmp
C:\posF1B.tmp
C:\posF1C.tmp
C:\posF1D.tmp
C:\posF1E.tmp
C:\posF1F.tmp
C:\posF2.tmp
C:\posF20.tmp
C:\posF21.tmp
C:\posF22.tmp
C:\posF23.tmp
C:\posF24.tmp
C:\posF25.tmp
C:\posF26.tmp
C:\posF27.tmp
C:\posF28.tmp
C:\posF29.tmp
C:\posF2A.tmp
C:\posF2B.tmp
C:\posF2C.tmp
C:\posF2D.tmp
C:\posF2E.tmp
C:\posF2F.tmp
C:\posF3.tmp
C:\posF30.tmp
C:\posF31.tmp
C:\posF32.tmp
C:\posF33.tmp
C:\posF34.tmp
C:\posF35.tmp
C:\posF36.tmp
C:\posF37.tmp
C:\posF38.tmp
C:\posF39.tmp
C:\posF3A.tmp
C:\posF3B.tmp
C:\posF3C.tmp
C:\posF3D.tmp
C:\posF3E.tmp
C:\posF3F.tmp
C:\posF4.tmp
C:\posF40.tmp
C:\posF41.tmp
C:\posF42.tmp
C:\posF43.tmp
C:\posF44.tmp
C:\posF45.tmp
C:\posF46.tmp
C:\posF47.tmp
C:\posF48.tmp
C:\posF49.tmp
C:\posF4A.tmp
C:\posF4B.tmp
C:\posF4C.tmp
C:\posF4D.tmp
C:\posF4E.tmp
C:\posF4F.tmp
C:\posF5.tmp
C:\posF50.tmp
C:\posF51.tmp
C:\posF52.tmp
C:\posF53.tmp
C:\posF54.tmp
C:\posF55.tmp
C:\posF56.tmp
C:\posF57.tmp
C:\posF58.tmp
C:\posF59.tmp
C:\posF5A.tmp
C:\posF5B.tmp
C:\posF5C.tmp
C:\posF5D.tmp
C:\posF5E.tmp
C:\posF5F.tmp
C:\posF6.tmp
C:\posF60.tmp
C:\posF61.tmp
C:\posF62.tmp
C:\posF63.tmp
C:\posF64.tmp
C:\posF65.tmp
C:\posF66.tmp
C:\posF67.tmp
C:\posF68.tmp
C:\posF69.tmp
C:\posF6A.tmp
C:\posF6B.tmp
C:\posF6C.tmp
C:\posF6D.tmp
C:\posF6E.tmp
C:\posF6F.tmp
C:\posF7.tmp
C:\posF70.tmp
C:\posF71.tmp
C:\posF72.tmp
C:\posF73.tmp
C:\posF74.tmp
C:\posF75.tmp
C:\posF76.tmp
C:\posF77.tmp
C:\posF78.tmp
C:\posF79.tmp
C:\posF7A.tmp
C:\posF7B.tmp
C:\posF7C.tmp
C:\posF7D.tmp
C:\posF7E.tmp
C:\posF7F.tmp
C:\posF8.tmp
C:\posF80.tmp
C:\posF81.tmp
C:\posF82.tmp
C:\posF83.tmp
C:\posF84.tmp
C:\posF85.tmp
C:\posF86.tmp
C:\posF87.tmp
C:\posF88.tmp
C:\posF89.tmp
C:\posF8A.tmp
C:\posF8B.tmp
C:\posF8C.tmp
C:\posF8D.tmp
C:\posF8E.tmp
C:\posF8F.tmp
C:\posF9.tmp
C:\posF90.tmp
C:\posF91.tmp
C:\posF92.tmp
C:\posF93.tmp
C:\posF94.tmp
C:\posF95.tmp
C:\posF96.tmp
C:\posF97.tmp
C:\posF98.tmp
C:\posF99.tmp
C:\posF9A.tmp
C:\posF9B.tmp
C:\posF9C.tmp
C:\posF9D.tmp
C:\posF9E.tmp
C:\posF9F.tmp
C:\posFA.tmp
C:\posFA0.tmp
C:\posFA1.tmp
C:\posFA2.tmp
C:\posFA3.tmp
C:\posFA4.tmp
C:\posFA5.tmp
C:\posFA6.tmp
C:\posFA7.tmp
C:\posFA8.tmp
C:\posFA9.tmp
C:\posFAA.tmp
C:\posFAB.tmp
C:\posFAC.tmp
C:\posFAD.tmp
C:\posFAE.tmp
C:\posFAF.tmp
C:\posFB.tmp
C:\posFB0.tmp
C:\posFB1.tmp
C:\posFB2.tmp
C:\posFB3.tmp
C:\posFB4.tmp
C:\posFB5.tmp
C:\posFB6.tmp
C:\posFB7.tmp
C:\posFB8.tmp
C:\posFB9.tmp
C:\posFBA.tmp
C:\posFBB.tmp
C:\posFBC.tmp
C:\posFBD.tmp
C:\posFBE.tmp
C:\posFBF.tmp
C:\posFC.tmp
C:\posFC0.tmp
C:\posFC1.tmp
C:\posFC2.tmp
C:\posFC3.tmp
C:\posFC4.tmp
C:\posFC5.tmp
C:\posFC6.tmp
C:\posFC7.tmp
C:\posFC8.tmp
C:\posFC9.tmp
C:\posFCA.tmp
C:\posFCB.tmp
C:\posFCC.tmp
C:\posFCD.tmp
C:\posFCE.tmp
C:\posFCF.tmp
C:\posFD.tmp
C:\posFD0.tmp
C:\posFD1.tmp
C:\posFD2.tmp
C:\posFD3.tmp
C:\posFD4.tmp
C:\posFD5.tmp
C:\posFD6.tmp
C:\posFD7.tmp
C:\posFD8.tmp
C:\posFD9.tmp
C:\posFDA.tmp
C:\posFDB.tmp
C:\posFDC.tmp
C:\posFDD.tmp
C:\posFDE.tmp
C:\posFDF.tmp
C:\posFE.tmp
C:\posFE0.tmp
C:\posFE1.tmp
C:\posFE2.tmp
C:\posFE3.tmp
C:\posFE4.tmp
C:\posFE5.tmp
C:\posFE6.tmp
C:\posFE7.tmp
C:\posFE8.tmp
C:\posFE9.tmp
C:\posFEA.tmp
C:\posFEB.tmp
C:\posFEC.tmp
C:\posFED.tmp
C:\posFEE.tmp
C:\posFEF.tmp
C:\posFF.tmp
C:\posFF0.tmp
C:\posFF1.tmp
C:\posFF2.tmp
C:\posFF3.tmp
C:\posFF4.tmp
C:\posFF5.tmp
C:\posFF6.tmp
C:\posFF7.tmp
C:\posFF8.tmp
C:\posFF9.tmp
C:\posFFA.tmp
C:\posFFB.tmp
C:\posFFC.tmp
C:\posFFD.tmp
C:\posFFE.tmp
C:\posFFF.tmp
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\ilojtgrk.dll
C:\WINDOWS\system32\ncxstnbf.ini
C:\WINDOWS\system32\owysmihu.dll
C:\WINDOWS\system32\pbicrnou.ini
C:\WINDOWS\system32\qfuhfbdj.dll
C:\WINDOWS\system32\rqrqpop.dll
C:\WINDOWS\system32\uonrcibp.dll
C:\WINDOWS\system32\ututv.ini
C:\WINDOWS\system32\ututv.ini2
C:\WINDOWS\system32\vbqlvglf.ini
C:\WINDOWS\system32\vtutu.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((( Tiedostot, jotka on luotu seuraavalla aikav?lill?: 2007-12-16 to 2008-01-16 )))))))))))))))))
.
2008-01-14 22:50 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-14 22:15 . 2008-01-14 22:15 <KANSIO> d-------- C:\VundoFix Backups
2008-01-14 15:28 . 2008-01-14 15:28 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-01-13 16:30 . 2008-01-13 16:30 342,016 --a------ C:\WINDOWS\system32\vtutu.2xe
2008-01-12 16:12 . 2008-01-12 16:12 3,584 --------- C:\WINDOWS\system32\vtutu.1xe
2008-01-12 14:53 . 2008-01-12 14:53 <KANSIO> d-------- C:\Documents and Settings\Jani Vartia\Application Data\F-Secure
2008-01-12 13:29 . 2008-01-12 13:47 51,040 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-01-12 13:29 . 2008-01-12 13:47 30,016 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-01-12 13:25 . 2008-01-12 13:25 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-01-12 13:24 . 2008-01-12 14:44 <KANSIO> d-------- C:\Program Files\Sonera Tietoturva
2008-01-12 13:22 . 2008-01-12 13:22 86,114,528 --a------ C:\TSF_7.00_387_02S.EXE
2008-01-12 12:12 . 2008-01-12 12:13 418,135 --a------ C:\UITool3-370a.zip
2008-01-12 11:39 . 2006-03-02 14:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-01-12 11:38 . 2006-03-02 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-01-12 11:37 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-01-12 11:33 . 2008-01-12 11:33 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-01-12 11:33 . 2008-01-12 11:33 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-01-12 11:33 . 2008-01-12 11:33 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-01-12 11:33 . 2008-01-12 11:33 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-01-12 11:33 . 2008-01-12 11:33 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-01-12 11:31 . 2006-03-02 14:00 259,072 --a--c--- C:\WINDOWS\system32\dllcache\snmpcl.dll
2008-01-12 11:31 . 2006-03-02 14:00 40,448 --a--c--- C:\WINDOWS\system32\dllcache\snmpthrd.dll
2008-01-12 11:17 . 2006-03-02 14:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-01-12 11:17 . 2006-03-02 14:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-01-12 11:17 . 2006-03-02 14:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-01-12 11:17 . 2006-03-02 14:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-01-12 11:17 . 2008-01-12 11:17 34 --a------ C:\WINDOWS\system\oeminfo.ini
2008-01-12 08:34 . 2008-01-12 08:34 76,864 --a------ C:\WINDOWS\system32\aaufjmeh.dll
2008-01-12 08:31 . 2008-01-12 08:31 163,904 --a------ C:\WINDOWS\system32\fnfpiaaa.dll
2008-01-11 10:20 . 2008-01-11 10:20 342,016 --------- C:\WINDOWS\system32\RCXD.0mp
2008-01-09 18:43 . 2008-01-09 18:45 <KANSIO> d-------- C:\Program Files\Windows Live
2008-01-09 17:26 . 2008-01-16 12:44 342,016 --a------ C:\WINDOWS\system32\vtutu.0xe
2008-01-09 17:26 . 2008-01-16 12:45 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-07 17:42 . 2007-10-25 18:44 8,464,384 --a------ C:\WINDOWS\system32\drivers\vmxnet.sys
2008-01-07 17:35 . 2008-01-12 13:23 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\fssg
2008-01-03 00:56 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-02 23:20 . 2008-01-12 12:22 <KANSIO> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-30 13:52 . 2008-01-12 09:02 4,410 --a------ C:\WINDOWS\setupapi.old
2007-12-29 22:05 . 2007-12-29 22:09 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-29 22:05 . 2008-01-09 18:43 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-29 16:36 . 2008-01-14 15:17 <KANSIO> d-------- C:\Program Files\Trend Micro
2007-12-29 16:01 . 2007-12-29 16:26 <KANSIO> d-------- C:\WINDOWS\SxsCaPendDel
2007-12-27 14:17 . 2007-12-27 14:17 <KANSIO> d-------- C:\Program Files\Winamp Toolbar
2007-12-27 14:17 . 2007-12-27 14:17 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2007-12-27 14:17 . 2007-12-27 14:17 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2007-12-27 14:16 . 2007-12-27 14:17 <KANSIO> d-------- C:\Program Files\Winamp Remote
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-10 18:27 --------- d-----w C:\Program Files\UnibetpokerMPP
2008-01-10 16:56 --------- d-----w C:\Documents and Settings\Jani Vartia\Application Data\Microgaming
2008-01-06 10:32 --------- d-----w C:\Program Files\DC++
2008-01-04 21:21 --------- d-----w C:\Program Files\Winamp
2008-01-02 22:56 --------- d-----w C:\Program Files\Java
2007-12-30 14:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-29 16:38 --------- d-----w C:\Program Files\Steam
2007-12-29 14:26 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-29 12:04 --------- d-----w C:\Program Files\Macrogaming
2007-12-22 13:32 --------- d-----w C:\Program Files\eMule
.
<pre>
----a-w 185,896 2008-01-07 13:11:36 C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w 132,496 2008-01-07 13:11:34 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w 1,694,208 2008-01-07 13:11:49 C:\Program Files\Messenger\msmsgs .exe
----a-w 183,208 2008-01-12 12:45:56 C:\Program Files\Sonera Tietoturva\Common\FSM32 .EXE
----a-w 740,208 2008-01-12 12:46:03 C:\Program Files\Sonera Tietoturva\FSGUI\TNBUtil .exe
----a-w 15,360 2008-01-16 10:45:22 C:\WINDOWS\system32\ctfmon .exe
</pre>
(((((((((((((((((((((((((((((( Rekisterin k?ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji? arvoja ja laillisia oletusarvoja ei n?ytet?
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-12-13 18:49 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 18:49 1185120]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr .exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTrayp"="VTtrayp.exe" [2004-06-21 20:57 143360 C:\WINDOWS\system32\VTTrayp.exe]
"VTTimer"="VTTimer.exe" [2004-10-01 10:31 53248 C:\WINDOWS\system32\VTTimer.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\vtutu
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
--a------ 2005-09-06 05:10 450560 C:\Program Files\VIAudioi\SBADeck\ADeck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2007-03-09 13:15 67128 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2006-06-26 09:46 497200 C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2006-06-26 10:34 614960 C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2006-06-26 10:33 243248 C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2007-12-18 03:02 471040 C:\Program Files\Winamp Remote\bin\OrbTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-03-09 11:05 65536 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
--a------ 2004-04-23 14:28 77824 C:\Program Files\Logitech\Profiler\lwemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2007-11-30 14:38 1266936 c:\program files\steam\steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
-ra------ 2004-10-01 10:31 53248 C:\WINDOWS\system32\VTTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
-ra------ 2004-06-21 20:57 143360 C:\WINDOWS\system32\VTTrayp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-12-20 17:16 37376 C:\Program Files\Winamp\winampa.exe
R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-01-12 13:47]
R0 m5287;m5287;C:\WINDOWS\system32\drivers\m5287.sys [2005-02-05 07:00]
R0 SiWinAcc;SiWinAcc;C:\WINDOWS\system32\drivers\SiWinAcc.sys [2003-10-15 04:28]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 10:38]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Sonera Tietoturva\HIPS\fshs.sys [2007-04-26 19:11]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Sonera Tietoturva\Anti-Virus\minifilter\fsgk.sys [2007-04-26 19:07]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 23:10]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Sonera Tietoturva\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 19:08]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Sonera Tietoturva\Anti-Virus\Win2K\FSrec.sys [2007-04-26 19:08]
S4 si3112r;si3112r;C:\WINDOWS\system32\drivers\si3112r.sys [2003-05-09 15:55]
S4 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys [2003-06-12 17:31]
.
'Ajoitetut teht?v?t'-kansion sis?lt?
"2008-01-16 00:12:50 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\SONERA~1\ANTI-V~1\fsav.exeQ /HARD /POLICY /SCHED /NOBREAK /REPORT=C:\PROGRA~1\SONERA~1\ANTI-V~1\report.txt
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-16 13:07:52
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-16 13:11:08 - machine was rebooted [Jani Vartia]
ComboFix-quarantined-files.txt 2008-01-16 11:10:57
.
2008-01-15 23:18:50 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:20:16, on 16.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
C:\Program Files\Sonera Tietoturva\Anti-Virus\FSGK32.EXE
C:\Program Files\Sonera Tietoturva\Common\FSMB32.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonera Tietoturva\Common\FCH32.EXE
C:\Program Files\Sonera Tietoturva\Common\FAMEH32.EXE
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsqh.exe
C:\Program Files\Sonera Tietoturva\FSAUA\program\fsaua.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\fssm32.exe
C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
C:\Program Files\Sonera Tietoturva\FSAUA\program\fsus.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\hoojiitee\hoojiitee.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr .exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program Files\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1157102305475
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
--
End of file - 5413 bytes
VundoFix V6.7.7
Checking Java version...
Java version is 1.5.0.11
Scan started at 22:15:12 14.1.2008
Listing files found while scanning....
C:\windows\system32\qpwdener.dll
C:\windows\system32\qpwdener.dllbox
Beginning removal...
Attempting to delete C:\windows\system32\qpwdener.dll
C:\windows\system32\qpwdener.dll Has been deleted!
Attempting to delete C:\windows\system32\qpwdener.dllbox
C:\windows\system32\qpwdener.dllbox Has been deleted!
Performing Repairs to the registry.
Done!
j.pv
|
|
pesojoh2
Suspended due to non-functional email address
|
15. tammikuuta 2008 @ 13:53 |
Linkki tähän viestiin
|
|
Terve,
OK, hyvä homma !!!
SUURET KIITOKSET VIELÄ !!
Tässä ainakin ymmärsi miten vähän sitä ymmärtää tietokoneista.
-Jopi-
|
AfterDawn Addict
|
15. tammikuuta 2008 @ 14:46 |
Linkki tähän viestiin
|
j.pv
Huh huh !!!! (olipa tauhkaa) Hienosti toimittu
-----------------------------------------
Laita varmuudeksi Windowsin palomuuri päälle Ohjauspanelin => tietoturvakeskuksesta.
-------------------------------------------------
Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:
Lainaus:
File::
C:\WINDOWS\system32\vtutu.2xe
C:\WINDOWS\system32\vtutu.1xe
C:\TSF_7.00_387_02S.EXE
C:\WINDOWS\system32\aaufjmeh.dll
C:\WINDOWS\system32\fnfpiaaa.dll
C:\WINDOWS\system32\RCXD.0mp
C:\WINDOWS\system32\vtutu.0xe
C:\WINDOWS\system32\midiihuh.exe
Folder::
C:\SDFix
Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).
Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.
F-Secure taitaa olla saastunut ???
Tee nuo sillä aikaa kun varmistan asian viisaammilta. !!!!
(:)
|
|
j.pv
Suspended due to non-functional email address
|
15. tammikuuta 2008 @ 15:02 |
Linkki tähän viestiin
|
|
ei löydy tuota queteboxia oisko se tuo qoobox????
ainakin f-securella ei pysty manuaalisesti tarkastaa mitään
j.pv
|
AfterDawn Addict
|
15. tammikuuta 2008 @ 15:12 |
Linkki tähän viestiin
|
|
Se on siinä lainausten sisäällä oleva texti.
File::
C:\WINDOWS\system32\vtutu.2xe
C:\WINDOWS\system32\vtutu.1xe
C:\TSF_7.00_387_02S.EXE
C:\WINDOWS\system32\aaufjmeh.dll
C:\WINDOWS\system32\fnfpiaaa.dll
C:\WINDOWS\system32\RCXD.0mp
C:\WINDOWS\system32\vtutu.0xe
C:\WINDOWS\system32\midiihuh.exe
Folder::
C:\SDFix
Kyllä sekure on saastunut.
Pariviikkoa vaha pöpö suomessa.
Älä surffaile paljoa pelkällä palomuurilla.
(:)
|
|
j.pv
Suspended due to non-functional email address
|
15. tammikuuta 2008 @ 15:23 |
Linkki tähän viestiin
|
|
eli toi combo ajetaan uudestaan ku tein noin ni combo lähti ajaa??
sori ku oon ihan pihalla näistä
j.pv
|
AfterDawn Addict
|
15. tammikuuta 2008 @ 15:47 |
Linkki tähän viestiin
|
Ei haittaa nämä on uusia ominaisuuksia Combossa. (kysyä munkin piti HI)
Avaa Muistio ja kopioi/liitä alapuolella Lainauksissa oleva sisältö sinne:
Lainaus:
RenV::
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files\Messenger\msmsgs .exe
C:\Program Files\Sonera Tietoturva\Common\FSM32 .EXE
C:\Program Files\Sonera Tietoturva\FSGUI\TNBUtil .exe
C:\WINDOWS\system32\ctfmon .exe
Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).
Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)
PS.
raahaa ja pudota CFScript ComboFix.exeen.(Älä klikkaa)
Combo käynnistyy senjälkeen itsellään.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.
Sekä edellisen raahauksen logi
(:)
|
|
j.pv
Suspended due to non-functional email address
|
15. tammikuuta 2008 @ 15:55 |
Linkki tähän viestiin
|
okei
ComboFix 08-01-15.1 - Jani Vartia 2008-01-16 15:39:29.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.571 [GMT 2:00]
Running from: C:\Documents and Settings\Jani Vartia\Työpöytä\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((( Tiedostot, jotka on luotu seuraavalla aikav?lill?: 2007-12-16 to 2008-01-16 )))))))))))))))))
.
2008-01-16 13:11 . <KANSIO> C:\Documents and Settings\Jõrjestelmõnvalvoja\Local Settings
2008-01-16 13:11 . <KANSIO> C:\Documents and Settings\Jõrjestelmõnvalvoja\Local Settings
2008-01-14 22:50 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-14 22:15 . 2008-01-14 22:15 <KANSIO> d-------- C:\VundoFix Backups
2008-01-14 15:28 . 2008-01-14 15:28 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-01-13 16:30 . 2008-01-13 16:30 342,016 --a------ C:\WINDOWS\system32\vtutu.2xe
2008-01-12 16:12 . 2008-01-12 16:12 3,584 --------- C:\WINDOWS\system32\vtutu.1xe
2008-01-12 14:53 . 2008-01-12 14:53 <KANSIO> d-------- C:\Documents and Settings\Jani Vartia\Application Data\F-Secure
2008-01-12 13:29 . 2008-01-12 13:47 51,040 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-01-12 13:29 . 2008-01-12 13:47 30,016 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-01-12 13:25 . 2008-01-12 13:25 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-01-12 13:24 . 2008-01-12 14:44 <KANSIO> d-------- C:\Program Files\Sonera Tietoturva
2008-01-12 13:22 . 2008-01-12 13:22 86,114,528 --a------ C:\TSF_7.00_387_02S.EXE
2008-01-12 12:12 . 2008-01-12 12:13 418,135 --a------ C:\UITool3-370a.zip
2008-01-12 11:39 . 2006-03-02 14:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-01-12 11:38 . 2006-03-02 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-01-12 11:37 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-01-12 11:33 . 2008-01-12 11:33 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-01-12 11:33 . 2008-01-12 11:33 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-01-12 11:33 . 2008-01-12 11:33 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-01-12 11:33 . 2008-01-12 11:33 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-01-12 11:33 . 2008-01-12 11:33 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-01-12 11:31 . 2006-03-02 14:00 259,072 --a--c--- C:\WINDOWS\system32\dllcache\snmpcl.dll
2008-01-12 11:31 . 2006-03-02 14:00 40,448 --a--c--- C:\WINDOWS\system32\dllcache\snmpthrd.dll
2008-01-12 11:17 . 2006-03-02 14:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-01-12 11:17 . 2006-03-02 14:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-01-12 11:17 . 2006-03-02 14:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-01-12 11:17 . 2006-03-02 14:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-01-12 11:17 . 2008-01-12 11:17 34 --a------ C:\WINDOWS\system\oeminfo.ini
2008-01-12 08:34 . 2008-01-12 08:34 76,864 --a------ C:\WINDOWS\system32\aaufjmeh.dll
2008-01-12 08:31 . 2008-01-12 08:31 163,904 --a------ C:\WINDOWS\system32\fnfpiaaa.dll
2008-01-11 10:20 . 2008-01-11 10:20 342,016 --------- C:\WINDOWS\system32\RCXD.0mp
2008-01-09 18:43 . 2008-01-09 18:45 <KANSIO> d-------- C:\Program Files\Windows Live
2008-01-09 17:26 . 2008-01-16 12:44 342,016 --a------ C:\WINDOWS\system32\vtutu.0xe
2008-01-09 17:26 . 2008-01-16 12:45 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-07 17:42 . 2007-10-25 18:44 8,464,384 --a------ C:\WINDOWS\system32\drivers\vmxnet.sys
2008-01-07 17:35 . 2008-01-12 13:23 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\fssg
2008-01-03 00:56 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-02 23:20 . 2008-01-12 12:22 <KANSIO> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-30 13:52 . 2008-01-12 09:02 4,410 --a------ C:\WINDOWS\setupapi.old
2007-12-29 22:05 . 2007-12-29 22:09 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-29 22:05 . 2008-01-09 18:43 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-29 16:36 . 2008-01-14 15:17 <KANSIO> d-------- C:\Program Files\Trend Micro
2007-12-29 16:01 . 2007-12-29 16:26 <KANSIO> d-------- C:\WINDOWS\SxsCaPendDel
2007-12-27 14:17 . 2007-12-27 14:17 <KANSIO> d-------- C:\Program Files\Winamp Toolbar
2007-12-27 14:17 . 2007-12-27 14:17 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2007-12-27 14:17 . 2007-12-27 14:17 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2007-12-27 14:16 . 2007-12-27 14:17 <KANSIO> d-------- C:\Program Files\Winamp Remote
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-10 18:27 --------- d-----w C:\Program Files\UnibetpokerMPP
2008-01-10 16:56 --------- d-----w C:\Documents and Settings\Jani Vartia\Application Data\Microgaming
2008-01-06 10:32 --------- d-----w C:\Program Files\DC++
2008-01-04 21:21 --------- d-----w C:\Program Files\Winamp
2008-01-02 22:56 --------- d-----w C:\Program Files\Java
2007-12-30 14:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-29 16:38 --------- d-----w C:\Program Files\Steam
2007-12-29 14:26 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-29 12:04 --------- d-----w C:\Program Files\Macrogaming
2007-12-22 13:32 --------- d-----w C:\Program Files\eMule
.
<pre>
----a-w 185,896 2008-01-07 13:11:36 C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w 132,496 2008-01-07 13:11:34 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w 1,694,208 2008-01-07 13:11:49 C:\Program Files\Messenger\msmsgs .exe
----a-w 183,208 2008-01-12 12:45:56 C:\Program Files\Sonera Tietoturva\Common\FSM32 .EXE
----a-w 740,208 2008-01-12 12:46:03 C:\Program Files\Sonera Tietoturva\FSGUI\TNBUtil .exe
----a-w 15,360 2008-01-16 10:45:22 C:\WINDOWS\system32\ctfmon .exe
</pre>
((((((((((((((((((((((((((((( snapshot@2008-01-16_13.10.12.76 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-16 11:08:49 5,032 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{54A40E4C-6BC6-426A-AB9C-9085F0153B5B}.bin
+ 2008-01-16 13:43:29 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_a4.dat
.
(((((((((((((((((((((((((((((( Rekisterin k?ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji? arvoja ja laillisia oletusarvoja ei n?ytet?
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-12-13 18:49 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 18:49 1185120]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr .exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTrayp"="VTtrayp.exe" [2004-06-21 20:57 143360 C:\WINDOWS\system32\VTTrayp.exe]
"VTTimer"="VTTimer.exe" [2004-10-01 10:31 53248 C:\WINDOWS\system32\VTTimer.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
--a------ 2005-09-06 05:10 450560 C:\Program Files\VIAudioi\SBADeck\ADeck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2007-03-09 13:15 67128 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2006-06-26 09:46 497200 C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2006-06-26 10:34 614960 C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2006-06-26 10:33 243248 C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2007-12-18 03:02 471040 C:\Program Files\Winamp Remote\bin\OrbTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-03-09 11:05 65536 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
--a------ 2004-04-23 14:28 77824 C:\Program Files\Logitech\Profiler\lwemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2007-11-30 14:38 1266936 c:\program files\steam\steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
-ra------ 2004-10-01 10:31 53248 C:\WINDOWS\system32\VTTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
-ra------ 2004-06-21 20:57 143360 C:\WINDOWS\system32\VTTrayp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-12-20 17:16 37376 C:\Program Files\Winamp\winampa.exe
R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-01-12 13:47]
R0 m5287;m5287;C:\WINDOWS\system32\drivers\m5287.sys [2005-02-05 07:00]
R0 SiWinAcc;SiWinAcc;C:\WINDOWS\system32\drivers\SiWinAcc.sys [2003-10-15 04:28]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 10:38]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Sonera Tietoturva\HIPS\fshs.sys [2007-04-26 19:11]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Sonera Tietoturva\Anti-Virus\minifilter\fsgk.sys [2007-04-26 19:07]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 23:10]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Sonera Tietoturva\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 19:08]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Sonera Tietoturva\Anti-Virus\Win2K\FSrec.sys [2007-04-26 19:08]
S4 si3112r;si3112r;C:\WINDOWS\system32\drivers\si3112r.sys [2003-05-09 15:55]
S4 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys [2003-06-12 17:31]
.
'Ajoitetut teht?v?t'-kansion sis?lt?
"2008-01-16 00:12:50 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\SONERA~1\ANTI-V~1\fsav.exeQ /HARD /POLICY /SCHED /NOBREAK /REPORT=C:\PROGRA~1\SONERA~1\ANTI-V~1\report.txt
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-16 15:44:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-16 15:47:17 - machine was rebooted [Jani Vartia]
ComboFix-quarantined-files.txt 2008-01-16 13:47:12
ComboFix2.txt 2008-01-16 11:11:09
.
2008-01-15 23:18:50 --- E O F ---
eli tarkotitko tätä
File::
C:\WINDOWS\system32\vtutu.2xe
C:\WINDOWS\system32\vtutu.1xe
C:\TSF_7.00_387_02S.EXE
C:\WINDOWS\system32\aaufjmeh.dll
C:\WINDOWS\system32\fnfpiaaa.dll
C:\WINDOWS\system32\RCXD.0mp
C:\WINDOWS\system32\vtutu.0xe
C:\WINDOWS\system32\midiihuh.exe
Folder::
C:\SDFix
j.pv
|
AfterDawn Addict
|
15. tammikuuta 2008 @ 16:00 |
Linkki tähän viestiin
|
|
Sitä tarkoitin, mutta raahaus epä onnistui.
Jätät sen vain siihen Exen päälle et klikkaa !!!
(:)
|
|
j.pv
Suspended due to non-functional email address
|
15. tammikuuta 2008 @ 18:35 |
Linkki tähän viestiin
|
|
toi combo on hävinny koneelta??
j.pv
|
AfterDawn Addict
|
15. tammikuuta 2008 @ 18:40 |
Linkki tähän viestiin
|
1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix.exe
combofix.exe
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
(:)
|
|
j.pv
Suspended due to non-functional email address
|
15. tammikuuta 2008 @ 19:34 |
Linkki tähän viestiin
|
ok tos toi uus loki
ComboFix 08-01-15.4 - Jani Vartia 2008-01-16 19:20:10.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.578 [GMT 2:00]
Running from: C:\Documents and Settings\Jani Vartia\Työpöytä\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2007-12-16 to 2008-01-16 )))))))))))))))))
.
2008-01-16 19:20 . 2008-01-16 19:20 <KANSIO> d-------- C:\WINDOWS\LastGood
2008-01-16 18:49 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-14 22:15 . 2008-01-14 22:15 <KANSIO> d-------- C:\VundoFix Backups
2008-01-14 15:28 . 2008-01-14 15:28 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-01-13 16:30 . 2008-01-13 16:30 342,016 --------- C:\WINDOWS\system32\vtutu.2xe
2008-01-12 16:12 . 2008-01-12 16:12 3,584 --------- C:\WINDOWS\system32\vtutu.1xe
2008-01-12 14:53 . 2008-01-12 14:53 <KANSIO> d-------- C:\Documents and Settings\Jani Vartia\Application Data\F-Secure
2008-01-12 13:29 . 2008-01-12 13:47 51,040 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-01-12 13:29 . 2008-01-12 13:47 30,016 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-01-12 13:25 . 2008-01-12 13:25 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-01-12 13:24 . 2008-01-12 14:44 <KANSIO> d-------- C:\Program Files\Sonera Tietoturva
2008-01-12 13:22 . 2008-01-12 13:22 86,114,528 --a------ C:\TSF_7.00_387_02S.EXE
2008-01-12 12:12 . 2008-01-12 12:13 418,135 --a------ C:\UITool3-370a.zip
2008-01-12 11:39 . 2006-03-02 14:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-01-12 11:38 . 2006-03-02 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-01-12 11:37 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-01-12 11:33 . 2008-01-12 11:33 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-01-12 11:33 . 2008-01-12 11:33 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-01-12 11:33 . 2008-01-12 11:33 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-01-12 11:33 . 2008-01-12 11:33 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-01-12 11:33 . 2008-01-12 11:33 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-01-12 11:31 . 2006-03-02 14:00 259,072 --a--c--- C:\WINDOWS\system32\dllcache\snmpcl.dll
2008-01-12 11:31 . 2006-03-02 14:00 40,448 --a--c--- C:\WINDOWS\system32\dllcache\snmpthrd.dll
2008-01-12 11:17 . 2006-03-02 14:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-01-12 11:17 . 2006-03-02 14:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-01-12 11:17 . 2006-03-02 14:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-01-12 11:17 . 2006-03-02 14:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-01-12 11:17 . 2008-01-12 11:17 34 --a------ C:\WINDOWS\system\oeminfo.ini
2008-01-12 08:34 . 2008-01-12 08:34 76,864 --a------ C:\WINDOWS\system32\aaufjmeh.dll
2008-01-12 08:31 . 2008-01-12 08:31 163,904 --a------ C:\WINDOWS\system32\fnfpiaaa.dll
2008-01-11 10:20 . 2008-01-11 10:20 342,016 --------- C:\WINDOWS\system32\RCXD.0mp
2008-01-09 18:43 . 2008-01-09 18:45 <KANSIO> d-------- C:\Program Files\Windows Live
2008-01-09 17:26 . 2008-01-16 12:44 342,016 --------- C:\WINDOWS\system32\vtutu.0xe
2008-01-09 17:26 . 2008-01-16 12:45 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-07 17:42 . 2007-10-25 18:44 8,464,384 --a------ C:\WINDOWS\system32\drivers\vmxnet.sys
2008-01-07 17:35 . 2008-01-12 13:23 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\fssg
2008-01-03 00:56 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-02 23:20 . 2008-01-12 12:22 <KANSIO> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-30 13:52 . 2008-01-12 09:02 4,410 --a------ C:\WINDOWS\setupapi.old
2007-12-29 22:05 . 2007-12-29 22:09 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-29 22:05 . 2008-01-09 18:43 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-29 16:36 . 2008-01-14 15:17 <KANSIO> d-------- C:\Program Files\Trend Micro
2007-12-29 16:01 . 2007-12-29 16:26 <KANSIO> d-------- C:\WINDOWS\SxsCaPendDel
2007-12-27 14:17 . 2007-12-27 14:17 <KANSIO> d-------- C:\Program Files\Winamp Toolbar
2007-12-27 14:17 . 2007-12-27 14:17 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2007-12-27 14:17 . 2007-12-27 14:17 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2007-12-27 14:16 . 2007-12-27 14:17 <KANSIO> d-------- C:\Program Files\Winamp Remote
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-10 18:27 --------- d-----w C:\Program Files\UnibetpokerMPP
2008-01-10 16:56 --------- d-----w C:\Documents and Settings\Jani Vartia\Application Data\Microgaming
2008-01-06 10:32 --------- d-----w C:\Program Files\DC++
2008-01-04 21:21 --------- d-----w C:\Program Files\Winamp
2008-01-02 22:56 --------- d-----w C:\Program Files\Java
2007-12-30 14:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-29 16:38 --------- d-----w C:\Program Files\Steam
2007-12-29 14:26 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-29 12:04 --------- d-----w C:\Program Files\Macrogaming
2007-12-22 13:32 --------- d-----w C:\Program Files\eMule
2007-11-25 21:43 245,408 ----a-w C:\WINDOWS\system32\unicows.dll
2007-10-18 09:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
.
<pre>
----a-w 185,896 2008-01-07 13:11:36 C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w 132,496 2008-01-07 13:11:34 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w 1,694,208 2008-01-07 13:11:49 C:\Program Files\Messenger\msmsgs .exe
----a-w 183,208 2008-01-12 12:45:56 C:\Program Files\Sonera Tietoturva\Common\FSM32 .EXE
----a-w 740,208 2008-01-12 12:46:03 C:\Program Files\Sonera Tietoturva\FSGUI\TNBUtil .exe
----a-w 15,360 2008-01-16 10:45:22 C:\WINDOWS\system32\ctfmon .exe
</pre>
((((((((((((((((((((((((((((( snapshot@2008-01-16_13.10.12.76 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-14 20:51:12 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-16 16:50:43 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-14 20:51:12 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-16 16:50:43 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-14 20:51:12 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-16 16:50:43 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-14 20:51:12 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-16 16:50:43 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-14 20:51:13 4,661,248 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-16 16:50:44 5,734,400 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-14 20:51:13 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-16 16:50:44 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-16 17:18:35 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_98.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-12-13 18:49 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 18:49 1185120]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr .exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTrayp"="VTtrayp.exe" [2004-06-21 20:57 143360 C:\WINDOWS\system32\VTTrayp.exe]
"VTTimer"="VTTimer.exe" [2004-10-01 10:31 53248 C:\WINDOWS\system32\VTTimer.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]
C:\Documents and Settings\All Users\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-09 13:15:46]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
--a------ 2005-09-06 05:10 450560 C:\Program Files\VIAudioi\SBADeck\ADeck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2007-03-09 13:15 67128 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2006-06-26 09:46 497200 C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2006-06-26 10:34 614960 C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2006-06-26 10:33 243248 C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2007-12-18 03:02 471040 C:\Program Files\Winamp Remote\bin\OrbTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-03-09 11:05 65536 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
--a------ 2004-04-23 14:28 77824 C:\Program Files\Logitech\Profiler\lwemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2007-11-30 14:38 1266936 c:\program files\steam\steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
-ra------ 2004-10-01 10:31 53248 C:\WINDOWS\system32\VTTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
-ra------ 2004-06-21 20:57 143360 C:\WINDOWS\system32\VTTrayp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-12-20 17:16 37376 C:\Program Files\Winamp\winampa.exe
R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-01-12 13:47]
R0 m5287;m5287;C:\WINDOWS\system32\drivers\m5287.sys [2005-02-05 07:00]
R0 SiWinAcc;SiWinAcc;C:\WINDOWS\system32\drivers\SiWinAcc.sys [2003-10-15 04:28]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 10:38]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Sonera Tietoturva\HIPS\fshs.sys [2007-04-26 19:11]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Sonera Tietoturva\Anti-Virus\minifilter\fsgk.sys [2007-04-26 19:07]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 23:10]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Sonera Tietoturva\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 19:08]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Sonera Tietoturva\Anti-Virus\Win2K\FSrec.sys [2007-04-26 19:08]
S4 si3112r;si3112r;C:\WINDOWS\system32\drivers\si3112r.sys [2003-05-09 15:55]
S4 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys [2003-06-12 17:31]
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-01-16 15:41:50 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\SONERA~1\ANTI-V~1\fsav.exeQ /HARD /POLICY /SCHED /NOBREAK /REPORT=C:\PROGRA~1\SONERA~1\ANTI-V~1\report.txt
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-16 19:26:54
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-16 19:28:45
ComboFix-quarantined-files.txt 2008-01-16 17:28:32
ComboFix2.txt 2008-01-16 13:47:17
ComboFix3.txt 2008-01-16 11:11:09
.
2008-01-15 23:18:50 --- E O F ---
j.pv
|
AfterDawn Addict
|
15. tammikuuta 2008 @ 19:50 |
Linkki tähän viestiin
|
Kyllä meidän on nuo kaksi raahausta täytyy saada suoritetuksi.
Muuten pöpöt ei lähde. (kysy jos joku kohta on epäselvä)
Ei haittaa nämä on uusia ominaisuuksia Combossa. (kysyä munkin piti HI)
Avaa Muistio ja kopioi/liitä alapuolella Lainauksissa oleva sisältö sinne:
Lainaus:
RenV::
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files\Messenger\msmsgs .exe
C:\Program Files\Sonera Tietoturva\Common\FSM32 .EXE
C:\Program Files\Sonera Tietoturva\FSGUI\TNBUtil .exe
C:\WINDOWS\system32\ctfmon .exe
Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).
Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)
PS.
raahaa ja pudota CFScript ComboFix.exeen.(Älä klikkaa)
Combo käynnistyy senjälkeen itsellään.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.
Sekä edellisen raahauksen logi
(:)
|
|
j.pv
Suspended due to non-functional email address
|
16. tammikuuta 2008 @ 07:55 |
Linkki tähän viestiin
|
|
huomenta. joo tein ton edellisen raahauksen mut combo jäi taas jumiin kohtaan "valmistelee raporttia" eikä ole inahtanu sen jälkeen ??? en painanu mitään ajon aikana??
j.pv
|
|
Mainos
|
|
|
|
j.pv
Suspended due to non-functional email address
|
16. tammikuuta 2008 @ 09:33 |
Linkki tähän viestiin
|
|
ei millään anna raporttia jää aina siihen jumiin
j.pv
|
