AfterDawn.com Mainosta sivuillamme
User Käyttäjä Salasana  
  Puuttuuko tunnus? Liity jäseneksi nyt!.
Salasana hukassa? Klikkaa tästä. 		 
  Etusivu   Uutiset   Oppaat   Ohjelmat   Sanasto   Laitevertailu   Profiilit   Keskustelu  
 Yksityisviestit     Luo uusi yksityisviesti     Kaikki uudet viestit     Ilman vastauksia olevat viestiketjut     Hae viestejä
keskiviikko 12.11.2025 / 09:23
Hae keskustelualueilta:        In English   Suomeksi   På svenska
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > windowsin uudelleen asennuksen jälkeen poppuppeja.
Näytä aiheet
 
Keskustelualueet
Keskustelualueet
Windowsin uudelleen asennuksen jälkeen poppuppeja.
  Siirry:
 
Kirjoittaja Viesti
Wiljami
Junior Member
_ 		29. tammikuuta 2008 @ 15:24 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Eli asensin windowsin uusiks just ja heti kone imas jostain jonkun pöpön. Päivittelin windowsin kaikki päivitykset.
Popuppeja pukkaa ja kone ehkä vähän hidastunut kun esim avaa kansoita tms. F-secure ei mitään ole löytänyt eikä TrojanHunter (taino löysi mutta ja poisti mutte ongelma ei hävinnyt)

Apuja kaipailisin.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15:18:15, on 29.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\Adobe\Adobe Flash CS3\Flash.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Documents and Settings\Wiljami\Työpöytä\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1201455271263
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1201456745859
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 7020 bytes
[ + lainaa]
Hello World!
TuukkaZ
Account closed as per user's own request
_ 		30. tammikuuta 2008 @ 08:50 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Yhden neuvon osaan antaa. Päivitä HJT uusimpaa, koska käyttämäsi on beta versio.
[ + lainaa]
(!)Irkkaaja ja ylpeä siitä(!)
Säännöt: http://keskustelu.afterdawn.com/thread_view.cfm/2717
Wiljami
Junior Member
_ 		30. tammikuuta 2008 @ 12:17 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Kappas!
No mutta tässä uusi. Ei siinä mielestäni ole mitään, mutta edelleen tulee popuppeja. Avaa ne pelkästään IE:hen vaikak olis firefox käytöss.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:30, on 30.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1201455271263
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1201456745859
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe

--
End of file - 5982 bytes

[ + lainaa]
Hello World!
Hujo
Suspended permanently
_ 		30. tammikuuta 2008 @ 14:56 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Lataa VundoFix.exe työpöydällesi.

Tupla-klikkaa VundoFix.exe ajaaksesi sen.
Klikkaa Scan for Vundo valintaa.
Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
Sinulta kysytään haluatko poistaa filut - klikkaa YES.
Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

====

Escan
Ohjeet tuolla sivulla.
http://koti.mbnet.fi/pattaya1/escanmwav.htm
lataa tuosta
http://www.spywareinfo.dk/download/mwav.exe
päivitä tuosta
http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
laita täpit merkkauksien mukaan
http://koti.mbnet.fi/pattaya1/eScan6.jpg

scannaa

jos ala luukkuun tulee jotain niin kopioi se näin:
Käytä komentoa Ctrl+A.
Kopioi rivit komennolla Ctrl+C.
Liitä rivit komennolla Ctrl+V.

Laita virus log tänne.

=======
Nimeä uudelleen skanneriksi

C:\Program Files\Trend Micro\HijackThis\ ==>HijackThis.exe <==
[ + lainaa]
Voiko tietsikka koskaan toimia?

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 30. tammikuuta 2008 @ 14:57
Wiljami
Junior Member
_ 		30. tammikuuta 2008 @ 18:18 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
VundoFix näytti puhdasta ja tämä eScan tämmösen

File C:\Documents and Settings\Wiljami\Työpöytä\SmitfraudFix.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.

uusi HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:17:40, on 30.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1201455271263
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1201456745859
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe

--
End of file - 6581 bytes

[ + lainaa]
Hello World!
Hujo
Suspended permanently
_ 		30. tammikuuta 2008 @ 18:22 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Tuon voit fixsata pois

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
[ + lainaa]
Voiko tietsikka koskaan toimia?
Wiljami
Junior Member
_ 		2. helmikuuta 2008 @ 22:27 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Jeps poistin tuon mutta se taitaa olla vaan jotain noita ääni piirin juttuja? Vieläkin tulee popuppeja! Jhälp!
[ + lainaa]
Hello World!
LaLLi80
AfterDawn Addict

3 tuotearviota
_ 		2. helmikuuta 2008 @ 22:48 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Jos Windows on juuri asennettu niin mitäs jos asentaisit sen uudestaan. Tällä kertaa voisit asentaa sen oikein. Eli ei mitään verkkoyhteyksiä ennen kuin on SP2, virustutka ja palomuuri asennettu. XP on sen luokan paskaimuri, että sillä ei tarvii edes tehdä mitään niin tartunta voi tulla jo 5min sisällä.
[ + lainaa]
Give a man a fish and you feed him for a day.
Teach a man to fish and you feed him for a lifetime.
tomato71
Suspended due to non-functional email address
_ 		2. helmikuuta 2008 @ 23:19 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
moi
on varmaan tämä mikä häröilee :D

[*]klikkaa---> Käynnistä
[*]Suorita
[*]Kirjoita services.msc ja paina enter
[*]Ikkuna aukeaa, rullaa seuraavan palvelun kohdalle: Viestinvälitys
[*]Klikkaa sitä hiiren oikealla näppäimellä ja valitse Seis
[*]Klikkaa sitten Ominaisuudet
[*]Valitse Käynnistystapa: Ei käytössä
[*]Klikkaa Käytä ja Ok
[*]Sulje ikkuna
[ + lainaa]
www.virustorjunta.net
Wiljami
Junior Member
_ 		3. helmikuuta 2008 @ 13:43 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Tein Tomaton ohjeiden mukaan mutta en löytänyt kohtaa "Viestinvälitys" mistään.
[ + lainaa]
Hello World!
tomato71
Suspended due to non-functional email address
_ 		3. helmikuuta 2008 @ 14:37 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
onko suomi xp ?? vai minkä kielinen
wia ja windows audion välis
tässä kuva
http://aloittelija.net/windows-xp/palvelut/
[ + lainaa]
www.virustorjunta.net
Wiljami
Junior Member
_ 		5. helmikuuta 2008 @ 19:32 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Suomi Xp on ja ihan laillinen yms.
tässä kuva! ei oo tommosta juttuu


[ + lainaa]
Hello World!
tomato71
Suspended due to non-functional email address
_ 		5. helmikuuta 2008 @ 22:29 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
no huh :D outoa...
vieläkö popupit vaivaa,jos vaivaa niin mitä niissä lukee ??
[ + lainaa]
www.virustorjunta.net
Wiljami
Junior Member
_ 		7. helmikuuta 2008 @ 12:52 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Juu vaivaavat edelleen. Popupeja tulee satunnaisesti tälläisiin osoitteisiin:

linkilink_http://d2.zedo.com/jsc/d4/ff2.html?n=760;c=90/18;s=4;d=15;w=1;h=1
linkilink_http://fi.partypoker.com
linkilink_http://hopelessromantic.com/pop_install.php

[ + lainaa]
Hello World!
tomato71
Suspended due to non-functional email address
_ 		7. helmikuuta 2008 @ 18:36 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
jaahans.... olisi pitäny kattoo tuota lokia vähän paremmin :D

Uudelleennimeä C:\Program Files\Trend Micro\HijackThis\HijackThis.exe vaikkapa wiljami.exe :s

1. Lataa combofix.exe työpöydällesi mistä tahansa alla olevasta linkistä:
Linkki 1
Linkki 2
Linkki 3

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi + uusi hjt-loki
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
[ + lainaa]
www.virustorjunta.net
Wiljami
Junior Member
_ 		8. helmikuuta 2008 @ 12:17 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
HJT logi (nimesin kyllä "Wiljami" mutta ei näy ?!?):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:16, on 8.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\Wiljami.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1201455271263
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1201456745859
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe

--
End of file - 7349 bytes



Comfix logi:

ComboFix 08-02.05.3 - Wiljami 2008-02-08 10:48:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1521 [GMT 2:00]
Running from: C:\Documents and Settings\Wiljami\Työpöytä\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\core.cache.dsk . . . . poisto epäonnistui

.
((((( Tiedostot, jotka on luotu seuraavalla aikav?lill?: 2008-01-08 to 2008-02-08 )))))))))))))))))
.

2008-02-05 20:09 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-02-03 14:31 . 2008-02-07 13:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-03 14:31 . 2008-02-03 14:31 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-02 23:24 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-02 23:14 . 2008-02-02 23:17 <KANSIO> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-02-02 23:12 . 2008-02-02 23:24 <KANSIO> d-------- C:\Program Files\Java
2008-02-02 23:12 . 2008-02-02 23:12 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-02-02 22:41 . 2008-02-02 23:16 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-02-02 22:39 . 2008-02-02 23:17 <KANSIO> d-------- C:\Program Files\Autodesk
2008-01-31 19:05 . 2003-03-19 11:03 544,768 --a------ C:\WINDOWS\system32\msvcr71d.dll
2008-01-31 19:04 . 2008-01-31 19:06 <KANSIO> d-------- C:\Program Files\Magic Video Converter
2008-01-31 19:04 . 2004-05-26 21:37 719,872 --a------ C:\WINDOWS\system32\devil.dll
2008-01-31 19:04 . 2006-09-16 19:44 314,368 --a------ C:\WINDOWS\system32\avisynth.dll
2008-01-31 17:15 . 2008-01-31 17:15 <KANSIO> d-------- C:\Documents and Settings\Wiljami\Application Data\Apple Computer
2008-01-31 17:12 . 2008-01-31 17:12 <KANSIO> d-------- C:\Program Files\Apple Software Update
2008-01-31 17:12 . 2008-01-31 17:15 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-31 17:12 . 2008-01-31 17:12 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-31 15:54 . 2008-01-31 15:54 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-30 18:09 . 2008-01-30 18:09 0 --a------ C:\23990098.$$$
2008-01-30 16:05 . 2008-01-30 16:58 <KANSIO> d-------- C:\Downloads
2008-01-30 16:04 . 2008-01-30 16:58 <KANSIO> d-------- C:\Kaspersky
2008-01-30 15:55 . 2008-01-30 15:55 <KANSIO> d-------- C:\VundoFix Backups
2008-01-30 14:52 . 2008-01-30 14:52 <KANSIO> d-------- C:\Program Files\CCleaner
2008-01-30 14:42 . 2008-01-30 14:42 2,856 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-30 14:41 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-30 14:41 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-30 14:41 . 2008-01-27 14:37 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-30 14:41 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-30 14:41 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-30 14:41 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-30 14:35 . 2008-01-30 14:35 <KANSIO> d-------- C:\Program Files\Lavasoft
2008-01-30 14:35 . 2008-01-30 14:35 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-30 14:34 . 2008-01-30 14:34 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-30 14:28 . 2008-01-30 14:29 <KANSIO> d-------- C:\Program Files\Absolute Sound Recorder
2008-01-30 14:28 . 2002-01-05 14:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-01-30 14:13 . 2008-01-30 14:13 <KANSIO> d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
2008-01-30 14:13 . 2008-01-30 18:31 <KANSIO> d-------- C:\Documents and Settings\Wiljami\Application Data\Audacity
2008-01-30 12:18 . 2008-01-30 14:22 <KANSIO> d-------- C:\Program Files\a-squared Anti-Malware
2008-01-30 12:14 . 2008-01-30 12:14 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-01-29 18:53 . 2008-02-08 10:53 <KANSIO> d-------- C:\Documents and Settings\Wiljami\Application Data\WTablet
2008-01-29 18:53 . 2007-09-07 11:31 3,499,304 --a------ C:\WINDOWS\system32\WacomTablet.cpl
2008-01-29 18:53 . 2007-09-05 14:30 1,910,035 --a------ C:\WINDOWS\system32\WacomTablet.znc
2008-01-29 18:53 . 2004-09-14 16:11 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-01-29 18:53 . 2004-09-14 16:11 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-01-29 18:52 . 2008-01-29 18:52 <KANSIO> d-------- C:\WINDOWS\system32\WTablet
2008-01-29 18:52 . 2008-01-29 18:52 <KANSIO> d-------- C:\Program Files\Tablet
2008-01-29 18:52 . 2007-09-07 11:40 1,373,480 --a------ C:\WINDOWS\system32\Wacom_Tablet.exe
2008-01-29 18:52 . 2007-09-07 11:20 181,544 --a------ C:\WINDOWS\system32\Wintab32.dll
2008-01-29 18:52 . 2007-09-07 11:33 128,296 --a------ C:\WINDOWS\system32\Wacom_Tablet.dll
2008-01-29 18:52 . 2004-09-14 16:07 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-01-29 18:52 . 2004-09-14 16:07 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-01-29 18:52 . 2007-02-16 10:30 12,848 --a------ C:\WINDOWS\system32\drivers\wacomvhid.sys
2008-01-29 18:52 . 2007-02-15 16:11 11,440 --a------ C:\WINDOWS\system32\drivers\WacomVKHid.sys
2008-01-29 18:52 . 2007-02-16 11:12 11,312 --a------ C:\WINDOWS\system32\drivers\wacommousefilter.sys
2008-01-29 15:51 . 2008-01-29 15:51 <KANSIO> d-------- C:\Program Files\DivX
2008-01-29 13:44 . 2008-01-29 13:44 <KANSIO> d-------- C:\WINDOWS\system32\xlive
2008-01-29 13:04 . 2008-01-29 13:09 <KANSIO> d-------- C:\Program Files\RegCure
2008-01-29 13:04 . 2008-01-29 13:04 <KANSIO> d-------- C:\Documents and Settings\Wiljami\Application Data\TrojanHunter
2008-01-29 12:51 . 2008-01-29 12:51 <KANSIO> d-------- C:\Program Files\TrojanHunter 5.0
2008-01-29 12:48 . 2008-01-29 12:48 <KANSIO> d-------- C:\Documents and Settings\Wiljami\Application Data\Simply Super Software
2008-01-29 12:48 . 2008-01-29 12:48 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-01-29 12:48 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-01-29 12:48 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\unrar3.dll
2008-01-29 12:48 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-01-29 12:48 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-01-29 12:48 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-01-28 13:56 . 2008-01-28 13:56 <KANSIO> d-------- C:\Program Files\WinSCP
2008-01-28 13:45 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-28 13:45 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-28 13:39 . 2008-01-28 13:39 <KANSIO> d-------- C:\Program Files\Combined Community Codec Pack
2008-01-28 13:26 . 2008-01-28 13:26 <KANSIO> d-------- C:\Documents and Settings\Wiljami\Application Data\F-Secure
2008-01-28 13:24 . 2008-01-28 13:30 <KANSIO> d-------- C:\Program Files\F-Secure Internet Security
2008-01-28 13:24 . 2008-01-28 13:24 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\fssg
2008-01-28 13:24 . 2008-01-28 13:24 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-01-28 13:24 . 2007-05-25 15:09 58,128 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-01-28 13:24 . 2007-05-25 15:09 37,008 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-01-28 13:21 . 2008-01-29 13:14 <KANSIO> d-------- C:\Program Files\SpywareBlaster
2008-01-28 13:21 . 2005-08-25 18:19 1,066,176 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-01-28 13:21 . 2005-08-25 18:18 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2008-01-28 13:21 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-01-28 13:07 . 2008-01-28 13:07 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-01-28 13:07 . 2008-01-28 13:07 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-01-28 13:06 . 2008-01-28 13:06 167,545 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk
2008-01-28 13:06 . 2008-01-28 13:06 86,144 --a------ C:\WINDOWS\system32\drivers\amdagpp.sys
2008-01-27 23:37 . 2008-01-27 23:37 <KANSIO> d-------- C:\Documents and Settings\Wiljami\Application Data\Microsoft Games
2008-01-27 23:27 . 2008-01-27 23:27 <KANSIO> d-------- C:\Program Files\uTorrent
2008-01-27 23:27 . 2008-02-02 23:39 <KANSIO> d-------- C:\Documents and Settings\Wiljami\Application Data\uTorrent
2008-01-27 22:46 . 2008-01-27 22:49 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-27 22:45 . 2008-01-31 17:13 <KANSIO> d-------- C:\Program Files\QuickTime
2008-01-27 22:45 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-01-27 22:45 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-01-27 22:19 . 2008-01-27 22:19 <KANSIO> d-------- C:\Program Files\Bonjour
2008-01-27 22:13 . 2008-01-27 22:13 <KANSIO> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-27 21:41 . 2008-01-27 21:44 <KANSIO> d-------- C:\Documents and Settings\Wiljami\Contacts
2008-01-27 21:35 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-27 21:33 . 2008-01-27 21:33 <KANSIO> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-27 21:27 . 2008-01-27 21:33 <KANSIO> d-------- C:\Program Files\Windows Live
2008-01-27 21:27 . 2008-01-27 21:32 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-27 21:26 . 2008-01-27 21:27 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-27 21:08 . 2008-01-27 21:08 <KANSIO> d-------- C:\Documents and Settings\LocalService\K?ynnist?-valikko

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-28 10:54 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-27 18:19 --------- d-----w C:\Documents and Settings\Wiljami\Application Data\Talkback
2008-01-27 17:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-27 17:53 --------- d-----w C:\Program Files\Logitech
2008-01-27 17:53 --------- d-----w C:\Program Files\Common Files\Logitech
2008-01-27 17:53 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-27 17:42 --------- d-----w C:\Program Files\Realtek
2008-01-27 17:11 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-14 09:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-05 00:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-12-04 23:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-12-04 23:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-12-04 23:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-12-04 23:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-12-04 23:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-12-04 23:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-12-04 23:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-12-04 23:41 5,611,520 ----a-w C:\WINDOWS\system32\nvdispsr.dll
2007-12-04 23:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-12-04 23:41 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
2007-12-04 23:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-12-04 23:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-12-04 23:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-12-04 23:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-12-04 23:41 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-12-04 23:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-12-04 23:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-12-04 23:41 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
2007-12-04 23:41 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
2007-12-04 23:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
2007-12-04 23:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
2007-12-04 23:41 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
2007-12-04 23:41 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
2007-12-04 23:41 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
2007-12-04 23:41 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
2007-12-04 23:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
2007-12-04 23:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
2007-12-04 23:41 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
2007-12-04 23:41 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
2007-12-04 23:41 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
2007-12-04 23:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-12-04 23:41 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
2007-12-04 23:41 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
2007-12-04 23:41 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
2007-12-04 23:41 3,715,072 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
2007-12-04 23:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-12-04 23:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-12-04 23:41 3,334,144 ----a-w C:\WINDOWS\system32\nvgamesr.dll
2007-12-04 23:41 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
2007-12-04 23:41 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
2007-12-04 23:41 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
2007-12-04 23:41 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
2007-12-04 23:41 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
2007-12-04 23:41 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll
2007-12-04 23:41 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
2007-12-04 23:41 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
2007-12-04 23:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-12-04 23:41 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
2007-12-04 23:41 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
2007-12-04 23:41 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
2007-12-04 23:41 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll
2007-12-04 23:41 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
2007-12-04 23:41 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
2007-12-04 23:41 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll
2007-12-04 23:41 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll
2007-12-04 23:41 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll
2007-12-04 23:41 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll
2007-12-04 23:41 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll
2007-12-04 23:41 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll
2007-12-04 23:41 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll
2007-12-04 23:41 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll
2007-12-04 23:41 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll
2007-12-04 23:41 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll
2007-12-04 23:41 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
2007-12-04 23:41 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll
2007-12-04 23:41 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll
2007-12-04 23:41 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll
2007-12-04 23:41 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll
2007-12-04 23:41 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll
2007-12-04 23:41 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll
2007-12-04 23:41 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll
2007-12-04 23:41 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll
2007-12-04 23:41 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll
2007-12-04 23:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-12-04 23:41 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll
2007-12-04 23:41 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll
2007-12-04 23:41 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll
2007-12-04 23:41 2,519,040 ----a-w C:\WINDOWS\system32\nvwssr.dll
2007-12-04 23:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-12-04 23:41 196,608 ----a-w C:\WINDOWS\system32\nvwrsko.dll
2007-12-04 23:41 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-12-04 23:41 167,936 ----a-w C:\WINDOWS\system32\nvwrszht.dll
2007-12-04 23:41 163,840 ----a-w C:\WINDOWS\system32\nvwrszhc.dll
2007-12-04 23:41 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-12-04 23:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-12-04 23:41 126,976 ----a-w C:\WINDOWS\system32\nvrszht.dll
2007-12-04 23:41 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-12-04 23:41 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-12-04 23:41 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
2007-12-04 23:41 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
.

(((((((((((((((((((((((((((((( Rekisterin k?ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji? arvoja ja laillisia oletusarvoja ei n?ytet?

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 16:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 14:44 36864]
"JMB36X Configure"="C:\WINDOWS\System32\JMRaidSetup.exe" [2006-10-30 14:44 1953792]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 11:21 16270848 C:\WINDOWS\RTHDCPL.exe]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 09:50 20992 C:\WINDOWS\LOGI_MWX.EXE]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-12-05 01:41 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"F-Secure Manager"="C:\Program Files\F-Secure Internet Security\Common\FSM32.exe" [2007-05-25 15:12 183208]
"F-Secure TNB"="C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2007-05-25 15:11 740208]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2007-09-09 09:31 1046688]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-01-07 17:56 1816208]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-14 16:12 15360]

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2007-05-25 15:09]
R1 amdagpp;amdagpp;C:\WINDOWS\system32\drivers\amdagpp.sys [2008-01-28 13:06]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\F-Secure Internet Security\HIPS\fshs.sys [2007-05-25 15:12]
R2 TabletServiceWacom;TabletServiceWacom;C:\WINDOWS\system32\Wacom_Tablet.exe [2007-09-07 11:40]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [2007-05-25 15:08]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 10:30]
R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 16:11]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2007-05-25 15:09]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2007-05-25 15:09]

*Newly Created Service* - HTTPFILTER
.
'Ajoitetut teht?v?t'-kansion sis?lt?
"2008-01-31 15:12:50 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-08 08:53:43 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-01-29 11:13:02 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-08 10:53:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
.
**************************************************************************
.
Completion time: 2008-02-08 10:56:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-08 08:56:00
.
2008-01-27 17:46:58 --- E O F ---


[ + lainaa]
Hello World!
tomato71
Suspended due to non-functional email address
_ 		8. helmikuuta 2008 @ 18:53 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Lainaus:
File::
C:\23990098.$$$

Driver::
C:\WINDOWS\system32\drivers\core.cache.dsk
Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa CFScript ComboFix.exeen kuten alla.




Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.
[ + lainaa]
www.virustorjunta.net

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 8. helmikuuta 2008 @ 19:26
Wiljami
Junior Member
_ 		8. helmikuuta 2008 @ 20:00 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Kun tekee noin tulee tämmönen?


[ + lainaa]
Hello World!
tomato71
Suspended due to non-functional email address
_ 		8. helmikuuta 2008 @ 20:05 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
tee tuo edellinen vikasietotilassa
[ + lainaa]
www.virustorjunta.net
Wiljami
Junior Member
_ 		9. helmikuuta 2008 @ 18:56 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Nyt tuntuu siltä että tais lähteä popupit :P

mutta tässä tämä logi vielä:

ComboFix 08-02.05.3 - Järjestelmänvalvoja 2008-02-09 18:49:31.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1789 [GMT 2:00]
Running from: C:\Documents and Settings\Wiljami\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Wiljami\Työpöytä\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\23990098.$$$
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\23990098.$$$
C:\WINDOWS\system32\drivers\amdagpp.sys
C:\WINDOWS\system32\drivers\core.cache.dsk

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_AMDAGPP
-------\amdagpp


((((( Tiedostot, jotka on luotu seuraavalla aikav?lill?: 2008-01-09 to 2008-02-09 )))))))))))))))))
.

2008-02-08 23:40 . 2008-02-08 23:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-08 23:40 . 2008-02-08 23:40 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-08 10:46 . 2004-09-14 16:12 390,656 --a------ C:\kmd.exe
2008-02-05 20:09 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-02-02 23:24 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-02 23:14 . 2008-02-02 23:17 <KANSIO> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-02-02 23:12 . 2008-02-02 23:24 <KANSIO> d-------- C:\Program Files\Java
2008-02-02 23:12 . 2008-02-02 23:12 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-02-02 22:41 . 2008-02-02 23:16 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-02-02 22:39 . 2008-02-02 23:17 <KANSIO> d-------- C:\Program Files\Autodesk
2008-01-31 19:05 . 2003-03-19 11:03 544,768 --a------ C:\WINDOWS\system32\msvcr71d.dll
2008-01-31 19:04 . 2008-01-31 19:06 <KANSIO> d-------- C:\Program Files\Magic Video Converter
2008-01-31 19:04 . 2004-05-26 21:37 719,872 --a------ C:\WINDOWS\system32\devil.dll
2008-01-31 19:04 . 2006-09-16 19:44 314,368 --a------ C:\WINDOWS\system32\avisynth.dll
2008-01-31 17:15 . 2008-01-31 17:15 <KANSIO> d-------- C:\Documents and Settings\Wiljami\Application Data\Apple Computer
2008-01-31 17:12 . 2008-01-31 17:12 <KANSIO> d-------- C:\Program Files\Apple Software Update
2008-01-31 17:12 . 2008-01-31 17:15 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-31 17:12 . 2008-01-31 17:12 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-31 15:54 . 2008-01-31 15:54 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-30 16:05 . 2008-01-30 16:58 <KANSIO> d-------- C:\Downloads
2008-01-30 16:04 . 2008-01-30 16:58 <KANSIO> d-------- C:\Kaspersky
2008-01-30 15:55 . 2008-01-30 15:55 <KANSIO> d-------- C:\VundoFix Backups
2008-01-30 14:52 . 2008-01-30 14:52 <KANSIO> d-------- C:\Program Files\CCleaner
2008-01-30 14:42 . 2008-01-30 14:42 2,856 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-30 14:41 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-30 14:41 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-30 14:41 . 2008-01-27 14:37 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-30 14:41 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-30 14:41 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-30 14:41 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-30 14:35 . 2008-01-30 14:35 <KANSIO> d-------- C:\Program Files\Lavasoft
2008-01-30 14:35 . 2008-01-30 14:35 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-30 14:34 . 2008-01-30 14:34 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-30 14:28 . 2008-01-30 14:29 <KANSIO> d-------- C:\Program Files\Absolute Sound Recorder
2008-01-30 14:28 . 2002-01-05 14:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-01-30 14:13 . 2008-01-30 14:13 <KANSIO> d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
2008-01-30 14:13 . 2008-01-30 18:31 <KANSIO> d-------- C:\Documents and Settings\Wiljami\Application Data\Audacity
2008-01-30 12:18 . 2008-02-08 12:34 <KANSIO> d-------- C:\Program Files\a-squared Anti-Malware
2008-01-30 12:14 . 2008-01-30 12:14 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-01-29 18:53 . 2008-02-09 18:52 <KANSIO> d-------- C:\Documents and Settings\Wiljami\Application Data\WTablet
2008-01-29 18:53 . 2007-09-07 11:31 3,499,304 --a------ C:\WINDOWS\system32\WacomTablet.cpl
2008-01-29 18:53 . 2007-09-05 14:30 1,910,035 --a------ C:\WINDOWS\system32\WacomTablet.znc
2008-01-29 18:53 . 2004-09-14 16:11 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-01-29 18:53 . 2004-09-14 16:11 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-01-29 18:52 . 2008-01-29 18:52 <KANSIO> d-------- C:\WINDOWS\system32\WTablet
2008-01-29 18:52 . 2008-01-29 18:52 <KANSIO> d-------- C:\Program Files\Tablet
2008-01-29 18:52 . 2007-09-07 11:40 1,373,480 --a------ C:\WINDOWS\system32\Wacom_Tablet.exe
2008-01-29 18:52 . 2007-09-07 11:20 181,544 --a------ C:\WINDOWS\system32\Wintab32.dll
2008-01-29 18:52 . 2007-09-07 11:33 128,296 --a------ C:\WINDOWS\system32\Wacom_Tablet.dll
2008-01-29 18:52 . 2004-09-14 16:07 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-01-29 18:52 . 2004-09-14 16:07 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-01-29 18:52 . 2007-02-16 10:30 12,848 --a------ C:\WINDOWS\system32\drivers\wacomvhid.sys
2008-01-29 18:52 . 2007-02-15 16:11 11,440 --a------ C:\WINDOWS\system32\drivers\WacomVKHid.sys
2008-01-29 18:52 . 2007-02-16 11:12 11,312 --a------ C:\WINDOWS\system32\drivers\wacommousefilter.sys
2008-01-29 15:51 . 2008-01-29 15:51 <KANSIO> d-------- C:\Program Files\DivX
2008-01-29 13:44 . 2008-01-29 13:44 <KANSIO> d-------- C:\WINDOWS\system32\xlive
2008-01-29 13:04 . 2008-01-29 13:09 <KANSIO> d-------- C:\Program Files\RegCure
2008-01-29 13:04 . 2008-01-29 13:04 <KANSIO> d-------- C:\Documents and Settings\Wiljami\Application Data\TrojanHunter
2008-01-29 12:51 . 2008-01-29 12:51 <KANSIO> d-------- C:\Program Files\TrojanHunter 5.0
2008-01-29 12:48 . 2008-01-29 12:48 <KANSIO> d-------- C:\Documents and Settings\Wiljami\Application Data\Simply Super Software
2008-01-29 12:48 . 2008-01-29 12:48 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-01-29 12:48 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-01-29 12:48 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\unrar3.dll
2008-01-29 12:48 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-01-29 12:48 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-01-29 12:48 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-01-28 13:56 . 2008-01-28 13:56 <KANSIO> d-------- C:\Program Files\WinSCP
2008-01-28 13:45 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-28 13:45 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-28 13:39 . 2008-01-28 13:39 <KANSIO> d-------- C:\Program Files\Combined Community Codec Pack
2008-01-28 13:26 . 2008-01-28 13:26 <KANSIO> d-------- C:\Documents and Settings\Wiljami\Application Data\F-Secure
2008-01-28 13:24 . 2008-01-28 13:30 <KANSIO> d-------- C:\Program Files\F-Secure Internet Security
2008-01-28 13:24 . 2008-01-28 13:24 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\fssg
2008-01-28 13:24 . 2008-01-28 13:24 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-01-28 13:24 . 2007-05-25 15:09 58,128 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-01-28 13:24 . 2007-05-25 15:09 37,008 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-01-28 13:21 . 2008-01-29 13:14 <KANSIO> d-------- C:\Program Files\SpywareBlaster
2008-01-28 13:21 . 2005-08-25 18:19 1,066,176 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-01-28 13:21 . 2005-08-25 18:18 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2008-01-28 13:21 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-01-28 13:07 . 2008-01-28 13:07 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-01-28 13:07 . 2008-01-28 13:07 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-01-27 23:37 . 2008-01-27 23:37 <KANSIO> d-------- C:\Documents and Settings\Wiljami\Application Data\Microsoft Games
2008-01-27 23:27 . 2008-01-27 23:27 <KANSIO> d-------- C:\Program Files\uTorrent
2008-01-27 23:27 . 2008-02-02 23:39 <KANSIO> d-------- C:\Documents and Settings\Wiljami\Application Data\uTorrent
2008-01-27 22:46 . 2008-01-27 22:49 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-27 22:45 . 2008-01-31 17:13 <KANSIO> d-------- C:\Program Files\QuickTime
2008-01-27 22:45 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-01-27 22:45 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-01-27 22:19 . 2008-01-27 22:19 <KANSIO> d-------- C:\Program Files\Bonjour
2008-01-27 22:13 . 2008-01-27 22:13 <KANSIO> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-27 21:41 . 2008-01-27 21:44 <KANSIO> d-------- C:\Documents and Settings\Wiljami\Contacts
2008-01-27 21:35 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-27 21:33 . 2008-01-27 21:33 <KANSIO> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-27 21:27 . 2008-01-27 21:33 <KANSIO> d-------- C:\Program Files\Windows Live
2008-01-27 21:27 . 2008-01-27 21:32 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-27 21:26 . 2008-01-27 21:27 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-27 21:08 . 2008-01-27 21:08 <KANSIO> d-------- C:\Documents and Settings\LocalService\K?ynnist?-valikko
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-28 10:54 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-27 18:19 --------- d-----w C:\Documents and Settings\Wiljami\Application Data\Talkback
2008-01-27 17:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-27 17:53 --------- d-----w C:\Program Files\Logitech
2008-01-27 17:53 --------- d-----w C:\Program Files\Common Files\Logitech
2008-01-27 17:53 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-27 17:42 --------- d-----w C:\Program Files\Realtek
2008-01-27 17:11 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-14 09:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-05 00:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-12-04 23:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-12-04 23:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-12-04 23:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-12-04 23:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-12-04 23:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-12-04 23:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-12-04 23:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-12-04 23:41 5,611,520 ----a-w C:\WINDOWS\system32\nvdispsr.dll
2007-12-04 23:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-12-04 23:41 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
2007-12-04 23:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-12-04 23:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-12-04 23:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-12-04 23:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-12-04 23:41 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-12-04 23:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-12-04 23:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-12-04 23:41 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
2007-12-04 23:41 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
2007-12-04 23:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
2007-12-04 23:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
2007-12-04 23:41 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
2007-12-04 23:41 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
2007-12-04 23:41 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
2007-12-04 23:41 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
2007-12-04 23:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
2007-12-04 23:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
2007-12-04 23:41 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
2007-12-04 23:41 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
2007-12-04 23:41 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
2007-12-04 23:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-12-04 23:41 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
2007-12-04 23:41 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
2007-12-04 23:41 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
2007-12-04 23:41 3,715,072 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
2007-12-04 23:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-12-04 23:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-12-04 23:41 3,334,144 ----a-w C:\WINDOWS\system32\nvgamesr.dll
2007-12-04 23:41 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
2007-12-04 23:41 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
2007-12-04 23:41 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
2007-12-04 23:41 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
2007-12-04 23:41 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
2007-12-04 23:41 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll
2007-12-04 23:41 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
2007-12-04 23:41 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
2007-12-04 23:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-12-04 23:41 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
2007-12-04 23:41 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
2007-12-04 23:41 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
2007-12-04 23:41 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll
2007-12-04 23:41 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
2007-12-04 23:41 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
2007-12-04 23:41 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll
2007-12-04 23:41 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll
2007-12-04 23:41 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll
2007-12-04 23:41 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll
2007-12-04 23:41 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll
2007-12-04 23:41 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll
2007-12-04 23:41 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll
2007-12-04 23:41 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll
2007-12-04 23:41 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll
2007-12-04 23:41 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll
2007-12-04 23:41 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
2007-12-04 23:41 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll
2007-12-04 23:41 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll
2007-12-04 23:41 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll
2007-12-04 23:41 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll
2007-12-04 23:41 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll
2007-12-04 23:41 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll
2007-12-04 23:41 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll
2007-12-04 23:41 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll
2007-12-04 23:41 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll
2007-12-04 23:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-12-04 23:41 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll
2007-12-04 23:41 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll
2007-12-04 23:41 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll
2007-12-04 23:41 2,519,040 ----a-w C:\WINDOWS\system32\nvwssr.dll
2007-12-04 23:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-12-04 23:41 196,608 ----a-w C:\WINDOWS\system32\nvwrsko.dll
2007-12-04 23:41 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-12-04 23:41 167,936 ----a-w C:\WINDOWS\system32\nvwrszht.dll
2007-12-04 23:41 163,840 ----a-w C:\WINDOWS\system32\nvwrszhc.dll
2007-12-04 23:41 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-12-04 23:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-12-04 23:41 126,976 ----a-w C:\WINDOWS\system32\nvrszht.dll
2007-12-04 23:41 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-12-04 23:41 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-12-04 23:41 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
2007-12-04 23:41 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
.

(((((((((((((((((((((((((((((( Rekisterin k?ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji? arvoja ja laillisia oletusarvoja ei n?ytet?

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 16:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 14:44 36864]
"JMB36X Configure"="C:\WINDOWS\System32\JMRaidSetup.exe" [2006-10-30 14:44 1953792]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 11:21 16270848 C:\WINDOWS\RTHDCPL.exe]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 09:50 20992 C:\WINDOWS\LOGI_MWX.EXE]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-12-05 01:41 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"F-Secure Manager"="C:\Program Files\F-Secure Internet Security\Common\FSM32.exe" [2007-05-25 15:12 183208]
"F-Secure TNB"="C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2007-05-25 15:11 740208]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2007-09-09 09:31 1046688]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-01-07 17:56 1816208]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-14 16:12 15360]

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2007-05-25 15:09]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\F-Secure Internet Security\HIPS\fshs.sys [2007-05-25 15:12]
R2 TabletServiceWacom;TabletServiceWacom;C:\WINDOWS\system32\Wacom_Tablet.exe [2007-09-07 11:40]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [2007-05-25 15:08]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 10:30]
R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 16:11]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2007-05-25 15:09]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2007-05-25 15:09]

.
'Ajoitetut teht?v?t'-kansion sis?lt?
"2008-01-31 15:12:50 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-09 16:52:10 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-01-29 11:13:02 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-09 18:52:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
.
**************************************************************************
.
Completion time: 2008-02-09 18:53:59 - machine was rebooted [Wiljami]
ComboFix-quarantined-files.txt 2008-02-09 16:53:55
ComboFix2.txt 2008-02-08 08:56:05
.
2008-01-27 17:46:58 --- E O F ---

[ + lainaa]
Hello World!
tomato71
Suspended due to non-functional email address
_ 		9. helmikuuta 2008 @ 21:24 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
jep
tuo yksi tiedosto piilotti ne muut :P

tarkistetaan vielä...

Tarkista koneesi F-Securen online skannerilla

Huom, skanneri toimii vain Internet Explorer selaimella

* Lue sivun ohjeet huolella läpi
* Klikkaa Start scanning
* Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
* Klikkaa Accept
* Klikkaa Custom Scan
* Säädä asetukset seuraavasti

o "Virus Scan Option" kohdasta valitse Scan whole system
o "Other Scan Option" kohdasta valitse Scan All Files
o Valitse Scan whole system for rootkits
o Valitse Scan whole system for spyware
o Laita ruksi kohtaan Scan inside archives
o Varmista että Use advanced heuristics on valittuna

* Klikkaa Start
* Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
* Odota kärsivällisesti
* Kun sakannaus on suoritettu, klikkaa Automatic cleaning
* Klikkaa Show Report
* Raportti aukeaa selaimessa, kopioi teksti kokonaan
* Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
* Voit sulkea skannerin
* Lähetä raportti viestiketjuusi
[ + lainaa]
www.virustorjunta.net
Wiljami
Junior Member
_ 		10. helmikuuta 2008 @ 12:32 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Scanning Report
Saturday, February 09, 2008 22:37:21 - 12:28:10

Computer name: BANAANI
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\ E:\ F:\
Result: 1 malware found
W32/Malware.AVTN (virus)

* D:\The Witcher\HERE_FIRST!\DT_PRO_v4.10.0218\Patch\daemon.tools.pro.patch.exe (Submitted)

Statistics
Scanned:

* Files: 371293
* System: 3724
* Not scanned: 148

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 1
* Submitted: 1

Files not scanned:

* 0�8�HAGEFILE.SYS C:\WINDOWS\SYSTEM32\BIOS1.ROM
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
* C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
* C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
* C:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\FD44E7A45533A472BA963B1B32C307A7\BIT4.TMP
* C:\PROGRAM FILES\F-SECURE INTERNET SECURITY\COMMON\POLICY.IPF
* C:\Program Files\Common Files\Adobe\Installers\Adobe Flash CS3 9.0.log.gz\Adobe Flash CS3 9.0.log
* C:\Program Files\Common Files\Adobe\Installers\Adobe Photoshop CS3 10.log.gz\Adobe Photoshop CS3 10.log
* C:\DOCUMENTS AND SETTINGS\WILJAMI\NTUSER.DAT
* C:\DOCUMENTS AND SETTINGS\WILJAMI\TY�P�YT�\SMITFRAUDFIX\REBOOT.EXE
* C:\DOCUMENTS AND SETTINGS\WILJAMI\LOCAL SETTINGS\TEMP\~DF39E7.TMP
* C:\DOCUMENTS AND SETTINGS\WILJAMI\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\XLIVE\TITLES\4D530842\CONFIG.BIN
* C:\DOCUMENTS AND SETTINGS\WILJAMI\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
* C:\DOCUMENTS AND SETTINGS\WILJAMI\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\MESSENGER\XXXXXXXXXXX\SHARINGMETADATA\PENDING.DAT
* C:\DOCUMENTS AND SETTINGS\WILJAMI\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\MESSENGER\XXXXXXXXXXX\SHARINGMETADATA\WORKING\DATABASE_C86C_3B0F_6C3A_F830\DFSR.DB
* C:\DOCUMENTS AND SETTINGS\WILJAMI\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\MESSENGER\XXXXXXXXXXX\SHARINGMETADATA\WORKING\DATABASE_C86C_3B0F_6C3A_F830\FSR.LOG
* C:\DOCUMENTS AND SETTINGS\WILJAMI\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\MESSENGER\XXXXXXXXXXX\SHARINGMETADATA\WORKING\DATABASE_C86C_3B0F_6C3A_F830\FSRTMP.LOG
* C:\DOCUMENTS AND SETTINGS\WILJAMI\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\MESSENGER\XXXXXXXXXXX\SHARINGMETADATA\WORKING\DATABASE_C86C_3B0F_6C3A_F830\TMP.EDB
* C:\DOCUMENTS AND SETTINGS\WILJAMI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GGSOW4EW.DEFAULT\PARENT.LOCK
* C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT
* C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
* �N

Options
Scanning engines:

* F-Secure Libra: 2.4.2, 2008-02-07
* F-Secure AVP: 7.0.171, 2008-02-09
* F-Secure Orion: 1.2.37, 2008-02-09
* F-Secure Blacklight: 1.0.64
* F-Secure Draco: 1.0.35, 0622-150-72
* F-Secure Pegasus: 1.19.0, 2008-01-07

Scanning options:

* Scan all files
* Scan inside archives
* Use Advanced heuristics
[ + lainaa]
Hello World!
tomato71
Suspended due to non-functional email address
_ 		10. helmikuuta 2008 @ 15:27 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
moi
poista D:\The Witcher\HERE_FIRST!\DT_PRO_v4.10.0218\Patch\daemon.tools.pro.patch.exe


Seuraavaksi poistamme kaikki käytetyt työkalut.

Lataa OTMoveIt2 ja tallenna se työpöydällesi.

*TuplaklikkaaOTMoveIt2.exe.
*Klikkaa CleanUp!.
*Valitse Yes kun kysytään "Begin cleanup Process?".
*Jos pyydetään, että saako koneen käynnistää uudelleen, valitse Yes.
*OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.


HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt2 yrittää päästä nettin, niin anna sen päästä sinne




Putsaa järjestelmän palautus:

1. Klikkaa oikealla oma tietokone-kuvaketta (hiiren oikealla napilla)
2. Valitse ominaisuudet (alin vaihtoehto)
3. Valitse järjestelmän palauttaminen välilehti
4. Valitse poista järjestelmän palauttaminen käytöstä (laita ruksi)
5. Paina käytä
6. Paina OK
7. Käynnistä kone uudelleen
8. Palauta asetukset takaisin(ota ruksi pois)



vielä ongelmia???
[ + lainaa]
www.virustorjunta.net
Mainos
_ 		__
 
_
Wiljami
Junior Member
_ 		13. helmikuuta 2008 @ 21:05 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Jeps taisi poistua kaikki tarpeeton :D kiitos tomaatille!
[ + lainaa]
Hello World!
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > windowsin uudelleen asennuksen jälkeen poppuppeja.
 

Apua ongelmiin: AfterDawnin keskustelualueet | AfterDawnin Vastaukset
Uutiset: IT-alan uutiset | Uutisia puhelimista
Musiikkia: MP3Lizard.com
Tuotearviot: Laitevertailu | Vertaa puhelimia | Vertaa kännykkäliittymiä
Pelit: Pelitiedostot, pelidemot ja trailerit
Ohjelmat: download.fi | AfterDawnin ohjelma-alueet
International: AfterDawn in English | Software downloads | Free, legal MP3s | AfterDawn på svenska
RSS -syötteet: AfterDawnin uutiset | Uusimmat ohjelmapäivitykset | Keskustelualueiden viestit
Tietoja: Tietoa AfterDawn Oy:stä | Mainosta sivuillamme | Sivuston käyttöehdot ja tietoja yksityisyydensuojasta
Ota yhteyttä: Lähetä palautetta | Ota yhteyttä mainosmyyntiimme
 
  © 1999-2025 AfterDawn Oy