|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
HJT-logi (ask toolbar firefox ongelmia?)
|
|
Member
3 tuotearviota
|
19. joulukuuta 2008 @ 12:04 |
Linkki tähän viestiin
|
Firefox kenkkuilee välillä "oudolla osoite ei löydy linkillä" ja sain selvitettyä että ongelma johtuu ask.com toolbaarista vaikka se olisi poistettu. Nyt pyydänkin nöyrimmin että joku asiansa osaava kerkeäisi vielä näin joulun alla auttamaan sillä läppäri olisi lähdössä eukon matkassa joulunajaksi pois. Iso kiitos auttajille jo etukäteen.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:16, on 19.12.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\drivers\STDSB.exe
C:\WINDOWS\system32\drivers\Icon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Glary Utilities\memdefrag.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\slmdmsr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
F:\PhoneConnectorVMC.exe
F:\vmc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hjt\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/re...se=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fin.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\drivers\STDSB.exe
O4 - HKLM\..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Glary Memory Optimizer] "C:\Program Files\Glary Utilities\memdefrag.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fin.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9A23660-FFC3-4CE0-AFA6-6E41A429E6FA}: NameServer = 195.226.224.72 195.226.224.76
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slmdmsr.exe
--
End of file - 5925 bytes
|
|
Hujo
Suspended permanently
|
19. joulukuuta 2008 @ 13:30 |
Linkki tähän viestiin
|
scannaa hjt:llä merkkaa paina Fix checked
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
samutta ja käynnistä
==================
Lataa Malwarebytes' Anti-Malware työpöydällesi.
1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi
Voiko tietsikka koskaan toimia?
|
Member
3 tuotearviota
|
19. joulukuuta 2008 @ 13:57 |
Linkki tähän viestiin
|
HJT jutut poistettu. MBAM oli jo koneella ja on ollut useamman kk jo vakiokaluste, päivitetty ja skannattu :D
Malwarebytes' Anti-Malware 1.31
Tietokantaversio: 1520
Windows 5.1.2600 Service Pack 2
19.12.2008 13:54:08
mbam-log-2008-12-19 (13-54-08).txt
Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 73575
Kulunut aika: 10 minute(s), 6 second(s)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0
Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)
Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)
Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)
Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)
-----UUSI HJT LOKI----
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:57:26, on 19.12.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\drivers\STDSB.exe
C:\WINDOWS\system32\drivers\Icon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Glary Utilities\memdefrag.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\system32\spoolsv.exe
F:\PhoneConnectorVMC.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\slmdmsr.exe
F:\vmc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hjt\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/re...se=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fin.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\drivers\STDSB.exe
O4 - HKLM\..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Glary Memory Optimizer] "C:\Program Files\Glary Utilities\memdefrag.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fin.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9A23660-FFC3-4CE0-AFA6-6E41A429E6FA}: NameServer = 195.226.224.72 195.226.224.76
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slmdmsr.exe
--
End of file - 5440 bytes
|
|
Hujo
Suspended permanently
|
19. joulukuuta 2008 @ 14:02 |
Linkki tähän viestiin
|
MBAM onkin hyvä kalusto :)
================
1.Lataa Combofix.exe työpöydällesi yhdestä linkistä:
Combofix1
Combofix2
2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia.
Älä asenna Palautuskonsolia Recovery Console Klikkaa EI
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen
Voiko tietsikka koskaan toimia?
|
Member
3 tuotearviota
|
19. joulukuuta 2008 @ 14:50 |
Linkki tähän viestiin
|
ComboFix 08-12-18.01 - Dream 2008-12-19 14:34:01.1 - NTFSx86
Sijainti: c:\cf\ComboFix.exe
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-11-19 to 2008-12-19 )))))))))))))))))
.
2008-12-19 14:31 . 2008-12-19 14:32 <KANSIO> d-------- C:\cf
2008-12-19 12:00 . 2008-12-19 13:57 <KANSIO> d-------- C:\hjt
2008-12-18 15:57 . 2008-12-18 15:57 <KANSIO> d-------- c:\program files\Exact Audio Copy
2008-12-18 15:57 . 2008-12-18 15:57 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\AccurateRip
2008-12-18 15:56 . 2008-12-18 15:56 <KANSIO> d-------- C:\lame
2008-12-17 18:05 . 2008-12-17 19:59 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\vlc
2008-12-17 18:05 . 2008-12-18 17:15 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\dvdcss
2008-12-17 18:04 . 2008-12-17 18:04 <KANSIO> d-------- c:\program files\VideoLAN
2008-12-17 17:11 . 2008-12-17 17:11 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\Sonic
2008-12-17 17:06 . 2008-12-17 17:06 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\Leadertech
2008-12-16 02:29 . 2008-12-16 02:29 11,381 --a------ c:\windows\E220AutoRunLog.tmp
2008-12-16 00:02 . 2008-12-16 00:02 <KANSIO> d-------- c:\program files\OpenAL
2008-12-16 00:02 . 2008-12-16 00:02 413,696 --a------ c:\windows\system32\wrap_oal.dll
2008-12-16 00:02 . 2008-12-16 00:02 110,592 --a------ c:\windows\system32\OpenAL32.dll
2008-12-15 23:42 . 2008-12-15 23:42 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\OpenArena
2008-12-15 20:27 . 2008-12-15 20:31 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\Wormux
2008-12-15 18:13 . 2008-12-15 18:13 <KANSIO> d-------- C:\Games
2008-12-13 18:38 . 2008-12-13 18:38 <KANSIO> d-------- c:\program files\uTorrent
2008-12-13 18:38 . 2008-12-18 05:45 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\uTorrent
2008-12-13 02:29 . 2008-12-13 02:29 <KANSIO> d-------- c:\program files\Alwil Software
2008-12-13 01:45 . 2008-12-13 01:45 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\AdobeUM
2008-12-12 06:48 . 2008-12-12 06:55 <KANSIO> d-------- c:\program files\Notebook Hardware Control
2008-12-12 06:25 . 2008-12-12 06:25 <KANSIO> d-------- c:\program files\xp-AntiSpy
2008-12-12 06:07 . 2008-12-12 06:08 <KANSIO> d-------- c:\documents and settings\Dream\Shared
2008-12-12 06:06 . 2008-12-12 06:06 <KANSIO> d-------- c:\program files\AskSearch
2008-12-12 06:02 . 2008-12-12 06:02 <KANSIO> d-------- C:\x
2008-12-12 06:02 . 2008-12-12 06:03 <KANSIO> d-------- C:\Incomplete
2008-12-12 06:02 . 2008-12-12 06:12 <KANSIO> d-------- c:\documents and settings\Dream\Incomplete
2008-12-12 06:01 . 2008-12-12 06:12 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\MP3Rocket
2008-12-12 05:28 . 2008-12-12 05:28 <KANSIO> d-------- c:\program files\CCleaner
2008-12-12 03:16 . 2008-12-12 03:16 <KANSIO> d-------- c:\program files\Empire Interactive
2008-12-12 01:29 . 2008-12-12 01:31 <KANSIO> d-------- c:\windows\system32\NtmsData
2008-12-12 01:13 . 2008-12-12 01:13 <KANSIO> d-------- c:\program files\MagicDisc
2008-12-12 01:13 . 2008-07-28 17:19 116,736 --a------ c:\windows\system32\drivers\mcdbus.sys
2008-12-12 01:12 . 2008-12-12 03:22 <KANSIO> d-------- c:\program files\SlySoft
2008-12-12 01:12 . 2008-12-12 01:19 24 ---hs---- c:\windows\SA26448C1.tmp
2008-12-12 01:11 . 2008-12-12 01:11 617 --a------ c:\windows\eReg.dat
2008-12-12 00:23 . 2008-12-12 00:51 <KANSIO> d-------- c:\program files\Cube
2008-12-11 23:57 . 2008-12-12 00:00 <KANSIO> d-------- c:\program files\Soldier Under Fire
2008-12-11 23:57 . 2008-12-12 00:00 <KANSIO> d--h----- c:\program files\InstallJammer Registry
2008-12-11 01:24 . 2008-12-11 01:24 <KANSIO> d-------- C:\OEMCUST
2008-12-11 01:24 . 2008-12-11 01:24 <KANSIO> d-------- C:\FACTONLY
2008-12-11 01:24 . 2008-12-11 01:24 <KANSIO> d-------- C:\CABS
2008-12-11 01:14 . 2008-12-11 01:14 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\CyberLink
2008-12-11 00:04 . 2008-08-14 15:39 2,188,288 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-11 00:04 . 2008-08-14 15:39 2,145,280 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-11 00:04 . 2008-08-14 15:39 2,065,280 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-11 00:04 . 2008-08-14 15:39 2,023,424 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-10 23:51 . 2008-10-03 12:17 247,326 --------- c:\windows\system32\dllcache\strmdll.dll
2008-12-10 13:43 . 2007-03-08 01:51 129,784 --------- c:\windows\system32\pxafs.dll
2008-12-10 13:43 . 2007-03-08 01:51 9,464 --------- c:\windows\system32\drivers\cdralw2k.sys
2008-12-10 13:43 . 2007-03-08 01:51 9,336 --------- c:\windows\system32\drivers\cdr4_xp.sys
2008-12-10 13:42 . 2008-12-10 13:49 <KANSIO> d-------- c:\program files\Winamp
2008-12-10 13:42 . 2008-12-10 13:50 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\Winamp
2008-12-09 21:02 . 2008-12-09 21:02 <KANSIO> d-------- c:\program files\Vodafone
2008-12-09 21:02 . 2008-12-09 21:02 <KANSIO> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-09 00:36 . 2008-12-09 00:37 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\Media Player Classic
2008-12-07 17:24 . 2008-12-07 17:24 741,888 --a------ c:\program files\uTool.exe
2008-12-07 14:28 . 2008-12-07 14:33 <KANSIO> d-------- c:\windows\SxsCaPendDel
2008-12-06 22:32 . 2008-12-06 22:32 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\Vodafone
2008-12-06 22:29 . 2008-12-06 22:29 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\InstallShield
2008-12-06 22:27 . 2008-12-06 22:27 <KANSIO> d-------- c:\documents and settings\LocalService\Application Data\Vodafone
2008-12-06 22:26 . 2008-12-07 14:27 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Vodafone
2008-12-06 22:24 . 2008-12-06 22:24 8,464 --a------ c:\windows\system32\SpOrder.dll
2008-12-05 20:01 . 2008-12-14 20:34 <KANSIO> d-------- c:\documents and settings\Dream\amsn
2008-12-05 14:37 . 2008-12-05 14:37 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\F-Secure
2008-12-05 14:26 . 2008-12-05 14:26 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\OpenOffice.org
2008-12-05 14:14 . 2008-12-11 01:06 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\GlarySoft
2008-12-05 14:13 . 2008-12-05 14:13 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\Malwarebytes
2008-12-05 14:13 . 2008-12-09 00:35 <KANSIO> d-------- c:\documents and settings\Dream\.smplayer
2008-12-05 14:02 . 2008-12-05 23:51 <KANSIO> d--h----- c:\documents and settings\Dream\Verkkoympäristö
2008-12-05 14:02 . 2008-12-19 13:19 <KANSIO> dr------- c:\documents and settings\Dream\Työpöytä
2008-12-05 14:02 . 2008-12-05 23:51 <KANSIO> d--h----- c:\documents and settings\Dream\Tulostinympäristö
2008-12-05 14:02 . 2008-12-05 14:03 <KANSIO> dr------- c:\documents and settings\Dream\Suosikit
2008-12-05 14:02 . 2008-12-18 17:13 <KANSIO> dr------- c:\documents and settings\Dream\Omat tiedostot
2008-12-05 14:02 . 2008-12-05 23:52 <KANSIO> d--h----- c:\documents and settings\Dream\Mallit
2008-12-05 14:02 . 2008-12-13 18:38 <KANSIO> dr------- c:\documents and settings\Dream\Käynnistä-valikko
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-18 06:12 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-18 06:12 --------- d-----w c:\program files\SpywareBlaster
2008-12-17 17:59 --------- d-----w c:\documents and settings\Dream\Application Data\vlc
2008-12-13 00:28 --------- d-----w c:\program files\F-Secure
2008-12-13 00:26 --------- d-----w c:\documents and settings\All Users\Application Data\F-Secure
2008-12-11 23:12 12,464 ----a-w c:\windows\system32\drivers\secdrv.sys
2008-12-10 23:14 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2008-12-10 23:05 --------- d-----w c:\program files\Sonic
2008-12-07 12:27 --------- d-----w c:\documents and settings\All Users\Application Data\Vodafone
2008-12-06 20:27 --------- d-----w c:\documents and settings\LocalService\Application Data\Vodafone
2008-12-06 20:25 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-05 21:53 --------- d-----w c:\program files\ShowTime
2008-12-05 21:51 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-05 21:51 --------- d-----w c:\program files\Synaptics
2008-12-05 21:51 --------- d-----w c:\program files\S3
2008-12-05 21:51 --------- d-----w c:\program files\microsoft frontpage
2008-12-05 21:51 --------- d-----w c:\program files\CyberLink
2008-12-05 21:51 --------- d-----w c:\program files\Common Files\SureThing Shared
2008-12-05 21:51 --------- d-----w c:\program files\Common Files\Java
2008-12-05 21:51 --------- d-----w c:\program files\Common Files\Adobe
2008-12-05 19:07 --------- d-----w c:\program files\MSXML 4.0
2008-12-05 18:00 --------- d-----w c:\program files\aMSN
2008-12-05 14:41 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-05 14:40 --------- d-----w c:\program files\Java
2008-12-05 13:48 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-12-05 12:24 --------- d-----w c:\program files\OpenOffice.org 3
2008-12-05 12:16 --------- d-----w c:\documents and settings\All Users\Application Data\fssg
2008-12-05 12:14 --------- d-----w c:\program files\Glary Utilities
2008-12-05 12:13 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-03 17:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-03 17:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 13:00 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 13:00 283,648 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 12:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 12:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 12:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 12:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 12:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 12:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 12:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 12:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 12:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 12:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 12:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 12:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 12:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 12:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 12:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-15 17:00 332,800 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 09:45 18,432 ------w c:\windows\system32\dllcache\iedw.exe
2008-10-03 10:17 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 14:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Glary Memory Optimizer"="c:\program files\Glary Utilities\memdefrag.exe" [2008-12-01 89600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-03-10 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-03-10 688218]
"STDSB"="c:\windows\system32\drivers\STDSB.exe" [2003-12-17 28672]
"Icon"="c:\windows\system32\drivers\Icon.exe" [2005-08-23 221184]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 c:\windows\SOUNDMAN.EXE]
"VTTimer"="VTTimer.exe" [2005-03-08 c:\windows\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-09-14 c:\windows\system32\VTTrayp.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-09-15 15360]
c:\documents and settings\Dream\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-12-12 575488]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"PCMService"="c:\apps\Powercinema\PCMService.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\aMSN\\bin\\wish.exe"=
"c:\\Games\\Paintball2\\paintball2.exe"=
"c:\\Documents and Settings\\Dream\\Työpöytä\\utorrent.exe"=
"c:\\Documents and Settings\\Dream\\Työpöytä\\openarena-0.8.1\\openarena.exe"=
"c:\\Documents and Settings\\Dream\\Työpöytä\\openarena-0.8.1\\oa_ded.exe"=
"c:\\Documents and Settings\\Dream\\Työpöytä\\RC44.5\\Stealthy.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-13 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-13 20560]
R2 MTC0007_STDSB;Scroll Bar Driver;c:\windows\system32\drivers\STDSB.sys [2006-07-04 11279]
S2 STDSB;STDSB;c:\windows\system32\DRIVERS\STDSB.sys [2006-07-04 11279]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a98d27a-c3d5-11dd-954f-0040d0955565}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a98d27b-c3d5-11dd-954f-0040d0955565}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b91fb26-c45d-11dd-9552-0040d0955565}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b91fb27-c45d-11dd-9552-0040d0955565}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83d7e908-cb08-11dd-9589-0040d0955565}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95379f20-c385-11dd-9545-0040d0955565}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98727ee6-c621-11dd-9562-0040d0955565}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98727ee7-c621-11dd-9562-0040d0955565}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9d21804-c623-11dd-9565-0040d0955565}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9d21805-c623-11dd-9565-0040d0955565}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ecd9d0c6-c55c-11dd-955c-0040d0955565}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ecd9d0c7-c55c-11dd-955c-0040d0955565}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5cc91c0-c2c3-11dd-953e-806d6172696f}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
*Newly Created Service* - PROCEXP90
.
'Ajoitetut tehtävät'-kansion sisältö
2008-12-19 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-12-01 09:38]
2008-12-12 c:\windows\Tasks\HDReg.job
- c:\apps\HDReg\HDRegRem.exe [2003-07-15 09:14]
.
.
------- Täydentävä tarkistus -------
.
TCP: {F9A23660-FFC3-4CE0-AFA6-6E41A429E6FA} = 195.226.224.72 195.226.224.76
FF - ProfilePath - c:\documents and settings\Dream\Application Data\Mozilla\Firefox\Profiles\yu73rc09.default\
FF - prefs.js: browser.startup.homepage - about:blank
ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.rights.version", 3);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.rights.3.shown", false);
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-19 14:35:17
Windows 5.1.2600 Service Pack 2 NTFS
tarkistaa piilotettuja prosesseja ...
tarkistaa piilotettuja käynnistysarvoja ...
tarkistaa piilotettuja tiedostoja ...
tarkistus on valmis
piilotetut tiedostot: 0
**************************************************************************
.
Valmistumisajankohta: 2008-12-19 14:36:02
ComboFix-quarantined-files.txt 2008-12-19 12:36:00
Ennen ajoa: 29 974 614 016 tavua vapaana
Ajon jälkeen: 29,990,719,488 tavua vapaana
241 --- E O F --- 2008-12-11 00:10:54
|
|
Hujo
Suspended permanently
|
19. joulukuuta 2008 @ 16:19 |
Linkki tähän viestiin
|
Poista lisää poista sovelutuksesta
XP Antispyware 2009
===========
Nyt tuon punaisella merkityn Kopioit / liität Tyhjään muistioon
käynnistä nappi >apuohjelmat > muistio
Folder::
c:\program files\xp-AntiSpy
c:\program files\AskSearch
c:\documents and settings\Dream\Application Data\F-Secure
c:\program files\F-Secure
c:\documents and settings\All Users\Application Data\F-Secure
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
sittten vasemmasta ylä reunasta tiedosto > tallenna nimellä
Kohde: työpöytä
Tiedostonimi: CFScript.txt
Tallennusmuoto: kaikki tiedostot
sitten raahaat sen kuvan osoittamalla tavalla. Työpöydällä Combofix.exe:een ja pudotat sen sinne.
combofix työstää tulee sininen taulu paina numeroa 1 ja enter
Laita tuleva loki tänne.
Sammutat ja käynnistät koneen
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 19. joulukuuta 2008 @ 16:20
|
Member
3 tuotearviota
|
19. joulukuuta 2008 @ 16:33 |
Linkki tähän viestiin
|
Koneessa ei ole mainitsemaasi XP Antispywarea lisää/poista paikassa. Koneessa on kyllä "xp-AntiSpy 3.97 " eli http://www.xp-antispy.org/ haettu "rekisterin muokkaus" ohjelma. Jonka luulen olevan ihan pätevä ja hyväksi tunnettu. Eli voisitko tarkistaa asian tuosta linkistä ennen kun poistan tuota.
Poistin XP-Spy jutun ja odottelen vastaustasi, ilman sitä on nyt muuten tehty ja uusi logi.
ComboFix 08-12-18.01 - Dream 2008-12-19 16:37:43.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.703.446 [GMT 2:00]
Sijainti: c:\cf\ComboFix.exe
Käytetyt komentorivivalitsimet :: c:\cf\CFScript.txt
* Uusi palautuspiste luotu
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\F-Secure
c:\documents and settings\All Users\Application Data\F-Secure\Daas2\acl\fsc_revoke_hq.acl
c:\documents and settings\All Users\Application Data\F-Secure\Daas2\acl\fsc_root.acl
c:\documents and settings\All Users\Application Data\F-Secure\Daas2\cert\fsc (revoke hq).crl
c:\documents and settings\All Users\Application Data\F-Secure\logs\DAAS2\DAAS2INS.LOG
c:\documents and settings\All Users\Application Data\F-Secure\logs\DAAS2\Daas2Uni.LOG
c:\documents and settings\All Users\Application Data\F-Secure\logs\FSFW\action.log
c:\documents and settings\All Users\Application Data\F-Secure\logs\FSFW\alertlog.dat
c:\documents and settings\All Users\Application Data\F-Secure\logs\FSMA\fsma.log
c:\documents and settings\All Users\Application Data\F-Secure\logs\FSMA\fsma_old.log
c:\documents and settings\All Users\Application Data\F-Secure\logs\ORSP Client\ORSPINST.LOG
c:\documents and settings\All Users\Application Data\F-Secure\logs\ORSP Client\OrspUnin.LOG
c:\documents and settings\Dream\Application Data\F-Secure
c:\program files\AskSearch
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\program files\F-Secure
c:\program files\F-Secure\Anti-Virus\deleteme_pwr.log
c:\program files\F-Secure\Anti-Virus\fa_gem.log
c:\program files\F-Secure\Anti-Virus\fa_peg.log
c:\program files\F-Secure\Anti-Virus\fsbts.sys
c:\program files\F-Secure\common\daas2_cdsa.cr
c:\program files\F-Secure\Gemini\fsgem.db
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-11-19 to 2008-12-19 )))))))))))))))))
.
2008-12-19 14:31 . 2008-12-19 16:37 <KANSIO> d-------- C:\cf
2008-12-19 12:00 . 2008-12-19 13:57 <KANSIO> d-------- C:\hjt
2008-12-18 15:57 . 2008-12-18 15:57 <KANSIO> d-------- c:\program files\Exact Audio Copy
2008-12-18 15:57 . 2008-12-18 15:57 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\AccurateRip
2008-12-18 15:56 . 2008-12-18 15:56 <KANSIO> d-------- C:\lame
2008-12-17 18:05 . 2008-12-17 19:59 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\vlc
2008-12-17 18:05 . 2008-12-18 17:15 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\dvdcss
2008-12-17 18:04 . 2008-12-17 18:04 <KANSIO> d-------- c:\program files\VideoLAN
2008-12-17 17:11 . 2008-12-17 17:11 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\Sonic
2008-12-17 17:06 . 2008-12-17 17:06 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\Leadertech
2008-12-16 02:29 . 2008-12-16 02:29 11,381 --a------ c:\windows\E220AutoRunLog.tmp
2008-12-16 00:02 . 2008-12-16 00:02 <KANSIO> d-------- c:\program files\OpenAL
2008-12-16 00:02 . 2008-12-16 00:02 413,696 --a------ c:\windows\system32\wrap_oal.dll
2008-12-16 00:02 . 2008-12-16 00:02 110,592 --a------ c:\windows\system32\OpenAL32.dll
2008-12-15 23:42 . 2008-12-15 23:42 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\OpenArena
2008-12-15 20:27 . 2008-12-15 20:31 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\Wormux
2008-12-15 18:13 . 2008-12-15 18:13 <KANSIO> d-------- C:\Games
2008-12-13 18:38 . 2008-12-13 18:38 <KANSIO> d-------- c:\program files\uTorrent
2008-12-13 18:38 . 2008-12-18 05:45 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\uTorrent
2008-12-13 02:29 . 2008-12-13 02:29 <KANSIO> d-------- c:\program files\Alwil Software
2008-12-13 01:45 . 2008-12-13 01:45 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\AdobeUM
2008-12-12 06:48 . 2008-12-12 06:55 <KANSIO> d-------- c:\program files\Notebook Hardware Control
2008-12-12 06:25 . 2008-12-12 06:25 <KANSIO> d-------- c:\program files\xp-AntiSpy
2008-12-12 06:07 . 2008-12-12 06:08 <KANSIO> d-------- c:\documents and settings\Dream\Shared
2008-12-12 06:02 . 2008-12-12 06:02 <KANSIO> d-------- C:\x
2008-12-12 06:02 . 2008-12-12 06:03 <KANSIO> d-------- C:\Incomplete
2008-12-12 06:02 . 2008-12-12 06:12 <KANSIO> d-------- c:\documents and settings\Dream\Incomplete
2008-12-12 06:01 . 2008-12-12 06:12 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\MP3Rocket
2008-12-12 05:28 . 2008-12-12 05:28 <KANSIO> d-------- c:\program files\CCleaner
2008-12-12 03:16 . 2008-12-12 03:16 <KANSIO> d-------- c:\program files\Empire Interactive
2008-12-12 01:29 . 2008-12-12 01:31 <KANSIO> d-------- c:\windows\system32\NtmsData
2008-12-12 01:13 . 2008-12-12 01:13 <KANSIO> d-------- c:\program files\MagicDisc
2008-12-12 01:13 . 2008-07-28 17:19 116,736 --a------ c:\windows\system32\drivers\mcdbus.sys
2008-12-12 01:12 . 2008-12-12 03:22 <KANSIO> d-------- c:\program files\SlySoft
2008-12-12 01:12 . 2008-12-12 01:19 24 ---hs---- c:\windows\SA26448C1.tmp
2008-12-12 01:11 . 2008-12-12 01:11 617 --a------ c:\windows\eReg.dat
2008-12-12 00:23 . 2008-12-12 00:51 <KANSIO> d-------- c:\program files\Cube
2008-12-11 23:57 . 2008-12-12 00:00 <KANSIO> d-------- c:\program files\Soldier Under Fire
2008-12-11 23:57 . 2008-12-12 00:00 <KANSIO> d--h----- c:\program files\InstallJammer Registry
2008-12-11 01:24 . 2008-12-11 01:24 <KANSIO> d-------- C:\OEMCUST
2008-12-11 01:24 . 2008-12-11 01:24 <KANSIO> d-------- C:\FACTONLY
2008-12-11 01:24 . 2008-12-11 01:24 <KANSIO> d-------- C:\CABS
2008-12-11 01:14 . 2008-12-11 01:14 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\CyberLink
2008-12-11 00:04 . 2008-08-14 15:39 2,188,288 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-11 00:04 . 2008-08-14 15:39 2,145,280 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-11 00:04 . 2008-08-14 15:39 2,065,280 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-11 00:04 . 2008-08-14 15:39 2,023,424 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-10 23:51 . 2008-10-03 12:17 247,326 --------- c:\windows\system32\dllcache\strmdll.dll
2008-12-10 13:43 . 2007-03-08 01:51 129,784 --------- c:\windows\system32\pxafs.dll
2008-12-10 13:43 . 2007-03-08 01:51 9,464 --------- c:\windows\system32\drivers\cdralw2k.sys
2008-12-10 13:43 . 2007-03-08 01:51 9,336 --------- c:\windows\system32\drivers\cdr4_xp.sys
2008-12-10 13:42 . 2008-12-10 13:49 <KANSIO> d-------- c:\program files\Winamp
2008-12-10 13:42 . 2008-12-10 13:50 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\Winamp
2008-12-09 21:02 . 2008-12-09 21:02 <KANSIO> d-------- c:\program files\Vodafone
2008-12-09 21:02 . 2008-12-09 21:02 <KANSIO> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-09 00:36 . 2008-12-09 00:37 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\Media Player Classic
2008-12-07 17:24 . 2008-12-07 17:24 741,888 --a------ c:\program files\uTool.exe
2008-12-07 14:28 . 2008-12-07 14:33 <KANSIO> d-------- c:\windows\SxsCaPendDel
2008-12-06 22:32 . 2008-12-06 22:32 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\Vodafone
2008-12-06 22:29 . 2008-12-06 22:29 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\InstallShield
2008-12-06 22:27 . 2008-12-06 22:27 <KANSIO> d-------- c:\documents and settings\LocalService\Application Data\Vodafone
2008-12-06 22:26 . 2008-12-07 14:27 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Vodafone
2008-12-06 22:24 . 2008-12-06 22:24 8,464 --a------ c:\windows\system32\SpOrder.dll
2008-12-05 20:01 . 2008-12-14 20:34 <KANSIO> d-------- c:\documents and settings\Dream\amsn
2008-12-05 14:26 . 2008-12-05 14:26 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\OpenOffice.org
2008-12-05 14:14 . 2008-12-11 01:06 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\GlarySoft
2008-12-05 14:13 . 2008-12-05 14:13 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\Malwarebytes
2008-12-05 14:13 . 2008-12-09 00:35 <KANSIO> d-------- c:\documents and settings\Dream\.smplayer
2008-12-05 14:02 . 2008-12-05 23:51 <KANSIO> d--h----- c:\documents and settings\Dream\Verkkoympäristö
2008-12-05 14:02 . 2008-12-19 13:19 <KANSIO> dr------- c:\documents and settings\Dream\Työpöytä
2008-12-05 14:02 . 2008-12-05 23:51 <KANSIO> d--h----- c:\documents and settings\Dream\Tulostinympäristö
2008-12-05 14:02 . 2008-12-05 14:03 <KANSIO> dr------- c:\documents and settings\Dream\Suosikit
2008-12-05 14:02 . 2008-12-18 17:13 <KANSIO> dr------- c:\documents and settings\Dream\Omat tiedostot
2008-12-05 14:02 . 2008-12-05 23:52 <KANSIO> d--h----- c:\documents and settings\Dream\Mallit
2008-12-05 14:02 . 2008-12-13 18:38 <KANSIO> dr------- c:\documents and settings\Dream\Käynnistä-valikko
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-18 06:12 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-18 06:12 --------- d-----w c:\program files\SpywareBlaster
2008-12-17 17:59 --------- d-----w c:\documents and settings\Dream\Application Data\vlc
2008-12-11 23:12 12,464 ----a-w c:\windows\system32\drivers\secdrv.sys
2008-12-10 23:14 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2008-12-10 23:05 --------- d-----w c:\program files\Sonic
2008-12-07 12:27 --------- d-----w c:\documents and settings\All Users\Application Data\Vodafone
2008-12-06 20:27 --------- d-----w c:\documents and settings\LocalService\Application Data\Vodafone
2008-12-06 20:25 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-05 21:53 --------- d-----w c:\program files\ShowTime
2008-12-05 21:51 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-05 21:51 --------- d-----w c:\program files\Synaptics
2008-12-05 21:51 --------- d-----w c:\program files\S3
2008-12-05 21:51 --------- d-----w c:\program files\microsoft frontpage
2008-12-05 21:51 --------- d-----w c:\program files\CyberLink
2008-12-05 21:51 --------- d-----w c:\program files\Common Files\SureThing Shared
2008-12-05 21:51 --------- d-----w c:\program files\Common Files\Java
2008-12-05 21:51 --------- d-----w c:\program files\Common Files\Adobe
2008-12-05 19:07 --------- d-----w c:\program files\MSXML 4.0
2008-12-05 18:00 --------- d-----w c:\program files\aMSN
2008-12-05 14:41 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-05 14:40 --------- d-----w c:\program files\Java
2008-12-05 13:48 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-12-05 12:24 --------- d-----w c:\program files\OpenOffice.org 3
2008-12-05 12:16 --------- d-----w c:\documents and settings\All Users\Application Data\fssg
2008-12-05 12:14 --------- d-----w c:\program files\Glary Utilities
2008-12-05 12:13 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-03 17:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-03 17:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 13:00 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 13:00 283,648 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 12:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 12:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 12:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 12:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 12:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 12:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 12:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 12:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 12:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 12:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 12:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 12:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 12:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 12:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 12:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-15 17:00 332,800 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 09:45 18,432 ------w c:\windows\system32\dllcache\iedw.exe
2008-10-03 10:17 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 14:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
.
((((((((((((((((((((((((((((( snapshot@2008-12-19_14.35.32,40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-19 14:22:06 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_550.dat
+ 2008-12-19 14:22:13 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_d4.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Glary Memory Optimizer"="c:\program files\Glary Utilities\memdefrag.exe" [2008-12-01 89600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-03-10 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-03-10 688218]
"STDSB"="c:\windows\system32\drivers\STDSB.exe" [2003-12-17 28672]
"Icon"="c:\windows\system32\drivers\Icon.exe" [2005-08-23 221184]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 c:\windows\SOUNDMAN.EXE]
"VTTimer"="VTTimer.exe" [2005-03-08 c:\windows\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-09-14 c:\windows\system32\VTTrayp.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-09-15 15360]
c:\documents and settings\Dream\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-12-12 575488]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"PCMService"="c:\apps\Powercinema\PCMService.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\aMSN\\bin\\wish.exe"=
"c:\\Games\\Paintball2\\paintball2.exe"=
"c:\\Documents and Settings\\Dream\\Työpöytä\\utorrent.exe"=
"c:\\Documents and Settings\\Dream\\Työpöytä\\openarena-0.8.1\\openarena.exe"=
"c:\\Documents and Settings\\Dream\\Työpöytä\\openarena-0.8.1\\oa_ded.exe"=
"c:\\Documents and Settings\\Dream\\Työpöytä\\RC44.5\\Stealthy.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-13 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-13 20560]
R2 MTC0007_STDSB;Scroll Bar Driver;c:\windows\system32\drivers\STDSB.sys [2006-07-04 11279]
S2 STDSB;STDSB;c:\windows\system32\DRIVERS\STDSB.sys [2006-07-04 11279]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a98d27a-c3d5-11dd-954f-0040d0955565}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a98d27b-c3d5-11dd-954f-0040d0955565}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b91fb26-c45d-11dd-9552-0040d0955565}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b91fb27-c45d-11dd-9552-0040d0955565}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83d7e908-cb08-11dd-9589-0040d0955565}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95379f20-c385-11dd-9545-0040d0955565}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98727ee6-c621-11dd-9562-0040d0955565}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98727ee7-c621-11dd-9562-0040d0955565}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9d21804-c623-11dd-9565-0040d0955565}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9d21805-c623-11dd-9565-0040d0955565}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ecd9d0c6-c55c-11dd-955c-0040d0955565}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ecd9d0c7-c55c-11dd-955c-0040d0955565}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5cc91c0-c2c3-11dd-953e-806d6172696f}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
.
'Ajoitetut tehtävät'-kansion sisältö
2008-12-19 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-12-01 09:38]
2008-12-12 c:\windows\Tasks\HDReg.job
- c:\apps\HDReg\HDRegRem.exe [2003-07-15 09:14]
.
.
------- Täydentävä tarkistus -------
.
TCP: {F9A23660-FFC3-4CE0-AFA6-6E41A429E6FA} = 195.226.224.72 195.226.224.76
FF - ProfilePath - c:\documents and settings\Dream\Application Data\Mozilla\Firefox\Profiles\yu73rc09.default\
FF - prefs.js: browser.startup.homepage - about:blank
ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.rights.version", 3);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.rights.3.shown", false);
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-19 16:39:04
Windows 5.1.2600 Service Pack 2 NTFS
tarkistaa piilotettuja prosesseja ...
tarkistaa piilotettuja käynnistysarvoja ...
tarkistaa piilotettuja tiedostoja ...
tarkistus on valmis
piilotetut tiedostot: 0
**************************************************************************
.
Valmistumisajankohta: 2008-12-19 16:39:48
ComboFix-quarantined-files.txt 2008-12-19 14:39:44
ComboFix2.txt 2008-12-19 12:36:04
Ennen ajoa: 30 083 305 472 tavua vapaana
Ajon jälkeen: 30,075,006,976 tavua vapaana
266 --- E O F --- 2008-12-11 00:10:54
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 19. joulukuuta 2008 @ 16:42
|
|
Hujo
Suspended permanently
|
19. joulukuuta 2008 @ 16:54 |
Linkki tähän viestiin
|
Luo poistolista:
? Avaa HiJackThis
? Klikkaa "Configure" valintaa oikealla alhaalla
? Klikkaa "Misc Tools"
? Klikkaa boxia joka sanoo "Uninstall Manager"
? Klikkaa valintaa "Save list"
? Kopioi ja liitä kyseinen lista muistiosta ketjuusi
laitas tuokin tuleen
Juu eipä löytynyt tuohon viitaavia tiedostoja joten annetaan olla koneella vielä xp-AntiSpy
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 19. joulukuuta 2008 @ 17:10
|
Member
3 tuotearviota
|
19. joulukuuta 2008 @ 17:09 |
Linkki tähän viestiin
|
Adobe Flash Player 10 Plugin
Adobe Reader 7.0 - Suomi
aMSN 0.97.2
avast! Antivirus
CCleaner (remove only)
Exact Audio Copy 0.99pb4
Glary Utilities 2.9.0.518
HijackThis 2.0.2
Hotfix-päivitys Windows XP:lle (KB896256)
Hotfix-päivitys Windows XP:lle (KB952287)
J2SE Runtime Environment 5.0 Update 4
Java(TM) 6 Update 11
Macromedia Shockwave Player
MagicDisc 2.7.105
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Finnish Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Language Pack - FIN
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.5)
MSXML 4.0 SP2 (KB954430)
OpenAL
OpenOffice.org 3.0
Paintball2 Alpha build 23
Päivitys Windows XP:lle (KB894391)
Päivitys Windows XP:lle (KB898461)
Päivitys Windows XP:lle (KB910437)
Päivitys Windows XP:lle (KB912945)
Päivitys Windows XP:lle (KB951072-v2)
Päivitys Windows XP:lle (KB955839)
Smart Link 56K Modem
Sonic RecordNow!
SpywareBlaster 4.1
Suojauspäivitys ohjelmistolle Windows XP (KB923689)
Suojauspäivitys ohjelmistolle Windows XP (KB941569)
Suojauspäivitys Windows Media Player 10:lle (KB936782)
Suojauspäivitys Windows Media Playerille (KB911564)
Suojauspäivitys Windows Media Playerille (KB952069)
Suojauspäivitys Windows XP:lle (KB890046)
Suojauspäivitys Windows XP:lle (KB893756)
Suojauspäivitys Windows XP:lle (KB896358)
Suojauspäivitys Windows XP:lle (KB896422)
Suojauspäivitys Windows XP:lle (KB896423)
Suojauspäivitys Windows XP:lle (KB896424)
Suojauspäivitys Windows XP:lle (KB896428)
Suojauspäivitys Windows XP:lle (KB899587)
Suojauspäivitys Windows XP:lle (KB899589)
Suojauspäivitys Windows XP:lle (KB899591)
Suojauspäivitys Windows XP:lle (KB900725)
Suojauspäivitys Windows XP:lle (KB901017)
Suojauspäivitys Windows XP:lle (KB901190)
Suojauspäivitys Windows XP:lle (KB901214)
Suojauspäivitys Windows XP:lle (KB902400)
Suojauspäivitys Windows XP:lle (KB904706)
Suojauspäivitys Windows XP:lle (KB905414)
Suojauspäivitys Windows XP:lle (KB905749)
Suojauspäivitys Windows XP:lle (KB908519)
Suojauspäivitys Windows XP:lle (KB911927)
Suojauspäivitys Windows XP:lle (KB912919)
Suojauspäivitys Windows XP:lle (KB913446)
Suojauspäivitys Windows XP:lle (KB938464)
Suojauspäivitys Windows XP:lle (KB944338-v2)
Suojauspäivitys Windows XP:lle (KB946648)
Suojauspäivitys Windows XP:lle (KB950762)
Suojauspäivitys Windows XP:lle (KB950974)
Suojauspäivitys Windows XP:lle (KB951066)
Suojauspäivitys Windows XP:lle (KB951376-v2)
Suojauspäivitys Windows XP:lle (KB951698)
Suojauspäivitys Windows XP:lle (KB952954)
Suojauspäivitys Windows XP:lle (KB954211)
Suojauspäivitys Windows XP:lle (KB954600)
Suojauspäivitys Windows XP:lle (KB955069)
Suojauspäivitys Windows XP:lle (KB956390)
Suojauspäivitys Windows XP:lle (KB956391)
Suojauspäivitys Windows XP:lle (KB956802)
Suojauspäivitys Windows XP:lle (KB956803)
Suojauspäivitys Windows XP:lle (KB956841)
Suojauspäivitys Windows XP:lle (KB957095)
Suojauspäivitys Windows XP:lle (KB957097)
Suojauspäivitys Windows XP:lle (KB958215)
Suojauspäivitys Windows XP:lle (KB958644)
VIA/S3G Display Driver
Winamp
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
VLC media player 0.9.8a
Vodafone Mobile Connect Lite Runtime Components
xp-AntiSpy 3.97
|
|
Hujo
Suspended permanently
|
19. joulukuuta 2008 @ 17:18 |
Linkki tähän viestiin
|
poista lisää poista sovelutuksesta
J2SE Runtime Environment 5.0 Update 4
============
xp-AntiSpy 3.97 annetaan olla koneella
===========
Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.
Käynnistä koneesi vikasietotilaan:
sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä
Jossakin koneissa hakataan F8:sin sijasta F5:tä
" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.
Voiko tietsikka koskaan toimia?
|
Member
3 tuotearviota
|
20. joulukuuta 2008 @ 01:29 |
Linkki tähän viestiin
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:26:30, on 20.12.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\drivers\STDSB.exe
C:\WINDOWS\system32\drivers\Icon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Glary Utilities\memdefrag.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\slmdmsr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
F:\PhoneConnectorVMC.exe
C:\hjt\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\drivers\STDSB.exe
O4 - HKLM\..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [Glary Memory Optimizer] "C:\Program Files\Glary Utilities\memdefrag.exe" /autostart
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fin.htm
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slmdmsr.exe
--
End of file - 5523 bytes
SDFix: Version 1.240
Run by Dream on pe 19.12.2008 at 17:32
Microsoft Windows XP [versio 5.1.2600]
Running From: C:\Documents and Settings\Dream\Ty?p?yt?\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\x - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-19 17:37:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\aMSN\\bin\\wish.exe"="C:\\Program Files\\aMSN\\bin\\wish.exe:*:Enabled:Wish Application"
"C:\\Games\\Paintball2\\paintball2.exe"="C:\\Games\\Paintball2\\paintball2.exe:*:Enabled:paintball2"
"C:\\Documents and Settings\\Dream\\Ty?p?yt?\\utorrent.exe"="C:\\Documents and Settings\\Dream\\Ty?p?yt?\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Documents and Settings\\Dream\\Ty?p?yt?\\openarena-0.8.1\\openarena.exe"="C:\\Documents and Settings\\Dream\\Ty?p?yt?\\openarena-0.8.1\\openarena.exe:*:Enabled:openarena"
"C:\\Documents and Settings\\Dream\\Ty?p?yt?\\openarena-0.8.1\\oa_ded.exe"="C:\\Documents and Settings\\Dream\\Ty?p?yt?\\openarena-0.8.1\\oa_ded.exe:*:Enabled:oa_ded"
"C:\\Documents and Settings\\Dream\\Ty?p?yt?\\RC44.5\\Stealthy.exe"="C:\\Documents and Settings\\Dream\\Ty?p?yt?\\RC44.5\\Stealthy.exe:*:Enabled:DC++"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files :
File Backups: - C:\DOCUME~1\Dream\TYPYT~1\SDFix\backups\backups.zip
Files with Hidden Attributes :
Tue 4 Jul 2006 210 A.SHR --- "C:\BOOT.BAK"
Fri 12 Dec 2008 24 ..SH. --- "C:\WINDOWS\SA26448C1.tmp"
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Wed 15 Sep 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Wed 15 Sep 2004 4,639 A.SH. --- "C:\Program Files\Windows Media Player\mplayer2.exe"
Thu 2 Sep 2004 73,728 A.SH. --- "C:\Program Files\Windows Media Player\wmplayer.exe"
Fri 19 Dec 2008 25,522,962 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\62d62e0211952100601ada7c358a5218\download\BIT18.tmp"
Finished!
|
Member
3 tuotearviota
|
20. joulukuuta 2008 @ 01:32 |
Linkki tähän viestiin
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:26:30, on 20.12.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\drivers\STDSB.exe
C:\WINDOWS\system32\drivers\Icon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Glary Utilities\memdefrag.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\slmdmsr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
F:\PhoneConnectorVMC.exe
C:\hjt\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\drivers\STDSB.exe
O4 - HKLM\..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [Glary Memory Optimizer] "C:\Program Files\Glary Utilities\memdefrag.exe" /autostart
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fin.htm
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slmdmsr.exe
--
End of file - 5523 bytes
SDFix: Version 1.240
Run by Dream on pe 19.12.2008 at 17:32
Microsoft Windows XP [versio 5.1.2600]
Running From: C:\Documents and Settings\Dream\Ty?p?yt?\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\x - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-19 17:37:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\aMSN\\bin\\wish.exe"="C:\\Program Files\\aMSN\\bin\\wish.exe:*:Enabled:Wish Application"
"C:\\Games\\Paintball2\\paintball2.exe"="C:\\Games\\Paintball2\\paintball2.exe:*:Enabled:paintball2"
"C:\\Documents and Settings\\Dream\\Ty?p?yt?\\utorrent.exe"="C:\\Documents and Settings\\Dream\\Ty?p?yt?\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Documents and Settings\\Dream\\Ty?p?yt?\\openarena-0.8.1\\openarena.exe"="C:\\Documents and Settings\\Dream\\Ty?p?yt?\\openarena-0.8.1\\openarena.exe:*:Enabled:openarena"
"C:\\Documents and Settings\\Dream\\Ty?p?yt?\\openarena-0.8.1\\oa_ded.exe"="C:\\Documents and Settings\\Dream\\Ty?p?yt?\\openarena-0.8.1\\oa_ded.exe:*:Enabled:oa_ded"
"C:\\Documents and Settings\\Dream\\Ty?p?yt?\\RC44.5\\Stealthy.exe"="C:\\Documents and Settings\\Dream\\Ty?p?yt?\\RC44.5\\Stealthy.exe:*:Enabled:DC++"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files :
File Backups: - C:\DOCUME~1\Dream\TYPYT~1\SDFix\backups\backups.zip
Files with Hidden Attributes :
Tue 4 Jul 2006 210 A.SHR --- "C:\BOOT.BAK"
Fri 12 Dec 2008 24 ..SH. --- "C:\WINDOWS\SA26448C1.tmp"
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Wed 15 Sep 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Wed 15 Sep 2004 4,639 A.SH. --- "C:\Program Files\Windows Media Player\mplayer2.exe"
Thu 2 Sep 2004 73,728 A.SH. --- "C:\Program Files\Windows Media Player\wmplayer.exe"
Fri 19 Dec 2008 25,522,962 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\62d62e0211952100601ada7c358a5218\download\BIT18.tmp"
Finished!
Mutta itse asiaan edelleen on tämä ongelma joka esiintyy välillä. Eli kun sivua ei löydy tulee: "jar:file:///C:/Program%20Files/Mozilla%20Firefox/chrome/fi.jar!/locale/browser-region/region.propertieskeskustelu.afterdawn.com" jossa osoite on tuossa lopussa vain eri.
|
|
Hujo
Suspended permanently
|
20. joulukuuta 2008 @ 01:50 |
Linkki tähän viestiin
|
-Lataa tämä ohjelma!
HostsXpert.zip
- Tee uusi kansio: C:\HostsXpert
- Pura kansioon C:\HostsXpert
Täältä englanniksi lisäohjeita
- Paina HostsXpert.exe ajaaksesi sen (sen pitää siis olla tuolla C:\HostsXpert kansiossa)
- Paina "Make Hosts Writable?" oikeassa yläkulmassa (jos toiminnassa)
- Klikkaa "Restore Microsoft's Hosts File" ja sitten OK
- Paina X lopettaaksesi
Voiko tietsikka koskaan toimia?
|
Member
3 tuotearviota
|
20. joulukuuta 2008 @ 02:42 |
Linkki tähän viestiin
|
|
Host tiedosto oli koskematon mutta tein kuten neuvoit. Ongelma esiintyy silti. Onkos enää mitään tehtävissä vai poistanko firefoxin ja putsaan rekisterin kaikesta sen roskasta ja asennan uusiksi.
|
|
Hujo
Suspended permanently
|
20. joulukuuta 2008 @ 03:15 |
Linkki tähän viestiin
|
|
Scannaa hjt:llä merkkaa paina Fix checked
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\drivers\STDSB.exe
O4 - HKLM\..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe
onkos koneella ripaiblaster ollut vai onko vielä
Voiko tietsikka koskaan toimia?
|
Member
3 tuotearviota
|
20. joulukuuta 2008 @ 03:27 |
Linkki tähän viestiin
|
Poistin Firefoxin ja kävin sen "pääkansiossa" siellä oli komponent kansio ja chrome kansio. Poistin ne boottasin koneen ja asensin firefoxin uudelleen. Nyt vikaa ei esiinny eli component kansion ask.js oli varmaan syyllinen.
Poistin mainitsemasi merkinnät.
Uusi logi onko vielä jotain nyt olisi 2h enää aikaan koneen lähtöön:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:24:50, on 20.12.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Glary Utilities\memdefrag.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\slmdmsr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
F:\PhoneConnectorVMC.exe
F:\vmc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hjt\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\RunOnce: [HDReg] c:\Apps\HDReg\HDRegApp.exe -r
O4 - HKCU\..\Run: [Glary Memory Optimizer] "C:\Program Files\Glary Utilities\memdefrag.exe" /autostart
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fin.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9A23660-FFC3-4CE0-AFA6-6E41A429E6FA}: NameServer = 195.226.224.72 195.226.224.76
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slmdmsr.exe
--
End of file - 5520 bytes
|
|
Hujo
Suspended permanently
|
20. joulukuuta 2008 @ 03:47 |
Linkki tähän viestiin
|
|
taitaa tuo cookelin selain vain tuoda ongelmia
Tossa oli yksi kaukku valmiina mutta lokin mukaan sitä ei tarvita
Onkos toi sun
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fin.htm
jos ei oo niin fixsaa pois
=============
scannaa uusi combofix loki
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 20. joulukuuta 2008 @ 03:50
|
Member
3 tuotearviota
|
20. joulukuuta 2008 @ 04:12 |
Linkki tähän viestiin
|
Koneessani ei ole koskaan ollutkaan Googlen omaa vaan sen muokattu opensource versio Iron ( http://www.srware.net/en/software_srware_iron.php ). Tuo ongelma tosin ei ole Ironin mukana tullut :)
Tuo ofline on taas Packard Bellin oma vakio IE sivu joka tulee kun koneen asentaa uusiksi palautusosiolta mutta poistin senkin vielä kun IE ei muutenkaan ole käytössä. Muutenkin vihaan PB tyyliä pakkotyrkyttää Norttonia :).
ComboFix 08-12-18.01 - Dream 2008-12-20 4:08:31.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.703.263 [GMT 2:00]
Sijainti: c:\cf\ComboFix.exe
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-11-20 to 2008-12-20 )))))))))))))))))
.
2008-12-20 02:37 . 2008-12-20 02:39 <KANSIO> d-------- C:\HostsXpert
2008-12-19 17:31 . 2008-12-19 17:31 577,536 --a------ c:\windows\system32\dllcache\user32.dll
2008-12-19 17:30 . 2008-12-19 17:30 <KANSIO> d-------- c:\windows\ERUNT
2008-12-19 17:13 . 2008-12-20 03:02 <KANSIO> d-------- c:\windows\system32\CatRoot_bak
2008-12-19 14:31 . 2008-12-19 16:37 <KANSIO> d-------- C:\cf
2008-12-19 12:00 . 2008-12-20 04:07 <KANSIO> d-------- C:\hjt
2008-12-18 15:57 . 2008-12-18 15:57 <KANSIO> d-------- c:\program files\Exact Audio Copy
2008-12-18 15:57 . 2008-12-18 15:57 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\AccurateRip
2008-12-18 15:56 . 2008-12-18 15:56 <KANSIO> d-------- C:\lame
2008-12-17 18:05 . 2008-12-17 19:59 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\vlc
2008-12-17 18:05 . 2008-12-18 17:15 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\dvdcss
2008-12-17 18:04 . 2008-12-17 18:04 <KANSIO> d-------- c:\program files\VideoLAN
2008-12-17 17:11 . 2008-12-17 17:11 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\Sonic
2008-12-17 17:06 . 2008-12-17 17:06 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\Leadertech
2008-12-16 02:29 . 2008-12-16 02:29 11,381 --a------ c:\windows\E220AutoRunLog.tmp
2008-12-16 00:02 . 2008-12-16 00:02 <KANSIO> d-------- c:\program files\OpenAL
2008-12-15 23:42 . 2008-12-15 23:42 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\OpenArena
2008-12-15 20:27 . 2008-12-15 20:31 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\Wormux
2008-12-15 18:13 . 2008-12-15 18:13 <KANSIO> d-------- C:\Games
2008-12-13 18:38 . 2008-12-13 18:38 <KANSIO> d-------- c:\program files\uTorrent
2008-12-13 18:38 . 2008-12-18 05:45 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\uTorrent
2008-12-13 02:29 . 2008-12-13 02:29 <KANSIO> d-------- c:\program files\Alwil Software
2008-12-13 01:45 . 2008-12-13 01:45 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\AdobeUM
2008-12-12 06:48 . 2008-12-12 06:55 <KANSIO> d-------- c:\program files\Notebook Hardware Control
2008-12-12 06:25 . 2008-12-12 06:25 <KANSIO> d-------- c:\program files\xp-AntiSpy
2008-12-12 06:07 . 2008-12-12 06:08 <KANSIO> d-------- c:\documents and settings\Dream\Shared
2008-12-12 06:02 . 2008-12-12 06:03 <KANSIO> d-------- C:\Incomplete
2008-12-12 06:02 . 2008-12-12 06:12 <KANSIO> d-------- c:\documents and settings\Dream\Incomplete
2008-12-12 06:01 . 2008-12-12 06:12 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\MP3Rocket
2008-12-12 05:28 . 2008-12-12 05:28 <KANSIO> d-------- c:\program files\CCleaner
2008-12-12 03:16 . 2008-12-12 03:16 <KANSIO> d-------- c:\program files\Empire Interactive
2008-12-12 01:29 . 2008-12-12 01:31 <KANSIO> d-------- c:\windows\system32\NtmsData
2008-12-12 01:13 . 2008-12-12 01:13 <KANSIO> d-------- c:\program files\MagicDisc
2008-12-12 01:13 . 2008-07-28 17:19 116,736 --a------ c:\windows\system32\drivers\mcdbus.sys
2008-12-12 01:12 . 2008-12-12 03:22 <KANSIO> d-------- c:\program files\SlySoft
2008-12-12 01:12 . 2008-12-12 01:19 24 ---hs---- c:\windows\SA26448C1.tmp
2008-12-12 01:11 . 2008-12-12 01:11 617 --a------ c:\windows\eReg.dat
2008-12-12 00:23 . 2008-12-12 00:51 <KANSIO> d-------- c:\program files\Cube
2008-12-11 23:57 . 2008-12-12 00:00 <KANSIO> d-------- c:\program files\Soldier Under Fire
2008-12-11 23:57 . 2008-12-12 00:00 <KANSIO> d--h----- c:\program files\InstallJammer Registry
2008-12-11 01:24 . 2008-12-11 01:24 <KANSIO> d-------- C:\OEMCUST
2008-12-11 01:24 . 2008-12-11 01:24 <KANSIO> d-------- C:\FACTONLY
2008-12-11 01:24 . 2008-12-11 01:24 <KANSIO> d-------- C:\CABS
2008-12-11 01:14 . 2008-12-11 01:14 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\CyberLink
2008-12-11 00:04 . 2008-08-14 15:39 2,188,288 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-11 00:04 . 2008-08-14 15:39 2,145,280 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-11 00:04 . 2008-08-14 15:39 2,065,280 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-11 00:04 . 2008-08-14 15:39 2,023,424 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-10 23:51 . 2008-10-03 12:17 247,326 --------- c:\windows\system32\dllcache\strmdll.dll
2008-12-10 13:43 . 2007-03-08 01:51 129,784 --------- c:\windows\system32\pxafs.dll
2008-12-10 13:43 . 2007-03-08 01:51 9,464 --------- c:\windows\system32\drivers\cdralw2k.sys
2008-12-10 13:43 . 2007-03-08 01:51 9,336 --------- c:\windows\system32\drivers\cdr4_xp.sys
2008-12-10 13:42 . 2008-12-10 13:49 <KANSIO> d-------- c:\program files\Winamp
2008-12-10 13:42 . 2008-12-10 13:50 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\Winamp
2008-12-09 21:02 . 2008-12-09 21:02 <KANSIO> d-------- c:\program files\Vodafone
2008-12-09 21:02 . 2008-12-09 21:02 <KANSIO> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-09 00:36 . 2008-12-09 00:37 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\Media Player Classic
2008-12-07 17:24 . 2008-12-07 17:24 741,888 --a------ c:\program files\uTool.exe
2008-12-07 14:28 . 2008-12-07 14:33 <KANSIO> d-------- c:\windows\SxsCaPendDel
2008-12-06 22:32 . 2008-12-06 22:32 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\Vodafone
2008-12-06 22:29 . 2008-12-06 22:29 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\InstallShield
2008-12-06 22:27 . 2008-12-06 22:27 <KANSIO> d-------- c:\documents and settings\LocalService\Application Data\Vodafone
2008-12-06 22:26 . 2008-12-07 14:27 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Vodafone
2008-12-06 22:24 . 2008-12-06 22:24 8,464 --a------ c:\windows\system32\SpOrder.dll
2008-12-05 20:01 . 2008-12-14 20:34 <KANSIO> d-------- c:\documents and settings\Dream\amsn
2008-12-05 14:26 . 2008-12-05 14:26 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\OpenOffice.org
2008-12-05 14:14 . 2008-12-11 01:06 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\GlarySoft
2008-12-05 14:13 . 2008-12-05 14:13 <KANSIO> d-------- c:\documents and settings\Dream\Application Data\Malwarebytes
2008-12-05 14:13 . 2008-12-09 00:35 <KANSIO> d-------- c:\documents and settings\Dream\.smplayer
2008-12-05 14:02 . 2008-12-05 23:51 <KANSIO> d--h----- c:\documents and settings\Dream\Verkkoympäristö
2008-12-05 14:02 . 2008-12-20 03:40 <KANSIO> dr------- c:\documents and settings\Dream\Työpöytä
2008-12-05 14:02 . 2008-12-05 23:51 <KANSIO> d--h----- c:\documents and settings\Dream\Tulostinympäristö
2008-12-05 14:02 . 2008-12-20 03:21 <KANSIO> dr------- c:\documents and settings\Dream\Suosikit
2008-12-05 14:02 . 2008-12-18 17:13 <KANSIO> dr------- c:\documents and settings\Dream\Omat tiedostot
2008-12-05 14:02 . 2008-12-05 23:52 <KANSIO> d--h----- c:\documents and settings\Dream\Mallit
2008-12-05 14:02 . 2008-12-13 18:38 <KANSIO> dr------- c:\documents and settings\Dream\Käynnistä-valikko
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-19 15:23 --------- d-----w c:\program files\Java
2008-12-18 06:12 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-18 06:12 --------- d-----w c:\program files\SpywareBlaster
2008-12-17 17:59 --------- d-----w c:\documents and settings\Dream\Application Data\vlc
2008-12-11 23:12 12,464 ----a-w c:\windows\system32\drivers\secdrv.sys
2008-12-10 23:14 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2008-12-10 23:05 --------- d-----w c:\program files\Sonic
2008-12-07 12:27 --------- d-----w c:\documents and settings\All Users\Application Data\Vodafone
2008-12-06 20:27 --------- d-----w c:\documents and settings\LocalService\Application Data\Vodafone
2008-12-06 20:25 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-05 21:53 --------- d-----w c:\program files\ShowTime
2008-12-05 21:51 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-05 21:51 --------- d-----w c:\program files\Synaptics
2008-12-05 21:51 --------- d-----w c:\program files\S3
2008-12-05 21:51 --------- d-----w c:\program files\microsoft frontpage
2008-12-05 21:51 --------- d-----w c:\program files\CyberLink
2008-12-05 21:51 --------- d-----w c:\program files\Common Files\SureThing Shared
2008-12-05 21:51 --------- d-----w c:\program files\Common Files\Adobe
2008-12-05 19:07 --------- d-----w c:\program files\MSXML 4.0
2008-12-05 18:00 --------- d-----w c:\program files\aMSN
2008-12-05 14:41 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-05 13:48 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-12-05 12:24 --------- d-----w c:\program files\OpenOffice.org 3
2008-12-05 12:16 --------- d-----w c:\documents and settings\All Users\Application Data\fssg
2008-12-05 12:14 --------- d-----w c:\program files\Glary Utilities
2008-12-05 12:13 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-03 17:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-03 17:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 13:00 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 13:00 283,648 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 12:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 12:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 12:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 12:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 12:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 12:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 12:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 12:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 12:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 12:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 12:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 12:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 12:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 12:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 12:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-15 17:00 332,800 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 09:45 18,432 ------w c:\windows\system32\dllcache\iedw.exe
2008-10-03 10:17 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 14:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
.
((((((((((((((((((((((((((((( snapshot@2008-12-19_14.35.32,40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 13:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2008-12-19 15:30:38 3,518,464 ----a-w c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-12-19 15:30:38 274,432 ----a-w c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-08-07 13:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-12-19 15:30:28 3,518,464 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-12-19 15:30:28 274,432 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 2008-11-03 14:10:26 17,318,336 ----a-w c:\windows\system32\MRT.exe
+ 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\system32\MRT.exe
+ 2008-12-19 23:21:17 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_554.dat
+ 2008-12-19 23:21:25 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_ec.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Glary Memory Optimizer"="c:\program files\Glary Utilities\memdefrag.exe" [2008-12-01 89600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-03-10 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-03-10 688218]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-05 136600]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 c:\windows\SOUNDMAN.EXE]
"VTTimer"="VTTimer.exe" [2005-03-08 c:\windows\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-09-14 c:\windows\system32\VTTrayp.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-09-15 15360]
c:\documents and settings\Dream\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-12-12 575488]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"PCMService"="c:\apps\Powercinema\PCMService.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\aMSN\\bin\\wish.exe"=
"c:\\Games\\Paintball2\\paintball2.exe"=
"c:\\Documents and Settings\\Dream\\Työpöytä\\utorrent.exe"=
"c:\\Documents and Settings\\Dream\\Työpöytä\\openarena-0.8.1\\openarena.exe"=
"c:\\Documents and Settings\\Dream\\Työpöytä\\openarena-0.8.1\\oa_ded.exe"=
"c:\\Documents and Settings\\Dream\\Työpöytä\\RC44.5\\Stealthy.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-13 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-13 20560]
R2 MTC0007_STDSB;Scroll Bar Driver;c:\windows\system32\drivers\STDSB.sys [2006-07-04 11279]
S2 STDSB;STDSB;c:\windows\system32\DRIVERS\STDSB.sys [2006-07-04 11279]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a98d27a-c3d5-11dd-954f-0040d0955565}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a98d27b-c3d5-11dd-954f-0040d0955565}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b91fb26-c45d-11dd-9552-0040d0955565}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b91fb27-c45d-11dd-9552-0040d0955565}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83d7e908-cb08-11dd-9589-0040d0955565}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95379f20-c385-11dd-9545-0040d0955565}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98727ee6-c621-11dd-9562-0040d0955565}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98727ee7-c621-11dd-9562-0040d0955565}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9d21804-c623-11dd-9565-0040d0955565}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9d21805-c623-11dd-9565-0040d0955565}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ecd9d0c6-c55c-11dd-955c-0040d0955565}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ecd9d0c7-c55c-11dd-955c-0040d0955565}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5cc91c0-c2c3-11dd-953e-806d6172696f}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
.
'Ajoitetut tehtävät'-kansion sisältö
2008-12-19 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-12-01 09:38]
2008-12-20 c:\windows\Tasks\HDReg.job
- c:\apps\HDReg\HDRegRem.exe [2003-07-15 09:14]
.
- - - - POISTETUT JÄMÄRIVIT - - - -
HKLM-RunOnce-<NO NAME> - (no file)
.
------- Täydentävä tarkistus -------
.
TCP: {F9A23660-FFC3-4CE0-AFA6-6E41A429E6FA} = 195.226.224.72 195.226.224.76
FF - ProfilePath - c:\documents and settings\Dream\Application Data\Mozilla\Firefox\Profiles\hvtu78d5.default\
ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.rights.version", 3);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.rights.3.shown", false);
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-20 04:09:56
Windows 5.1.2600 Service Pack 2 NTFS
tarkistaa piilotettuja prosesseja ...
tarkistaa piilotettuja käynnistysarvoja ...
tarkistaa piilotettuja tiedostoja ...
tarkistus on valmis
piilotetut tiedostot: 0
**************************************************************************
.
Valmistumisajankohta: 2008-12-20 4:10:43
ComboFix-quarantined-files.txt 2008-12-20 02:10:40
ComboFix2.txt 2008-12-19 14:39:50
ComboFix3.txt 2008-12-19 12:36:04
Ennen ajoa: 29 516 255 232 tavua vapaana
Ajon jälkeen: 29,506,445,312 tavua vapaana
250 --- E O F --- 2008-12-19 16:17:47
|
|
Hujo
Suspended permanently
|
20. joulukuuta 2008 @ 04:46 |
Linkki tähän viestiin
|
|
Kirjoita suorita luukkuun
ComboFix /u
Klikkaa OK
=============
Tyhjennä Malwarebytes' Anti-Malware karanteeni
tyhjennä roskat
=============
Poista kansiot:
C:\HostsXpert
SDFix
C:\cf <-- oo tehnyt vissiin combofix kansion noin poista sieltä löytyy omakin kansio
C:\ComboFix
C:\Qoobox
============
Miltäs se kone tuntuu
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 20. joulukuuta 2008 @ 05:53
|
Member
3 tuotearviota
|
20. joulukuuta 2008 @ 05:39 |
Linkki tähän viestiin
|
|
Toimii hyvin :) Kiitos avusta.
|
|
Hujo
Suspended permanently
|
20. joulukuuta 2008 @ 05:55 |
Linkki tähän viestiin
|
katos mitä laitoin ylös tuohon lisää
================
Lataa OTMoveIt
OTMoveIt ja tallenna se työpöydällesi.
Tuplaklikkaa OTMoveIt.exe.
Klikkaa CleanUp!.
Valitse Yes kun kysytään "Begin cleanup Process?".
Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.
HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.
Voiko tietsikka koskaan toimia?
|
Member
3 tuotearviota
|
20. joulukuuta 2008 @ 06:09 |
Linkki tähän viestiin
|
Tehty.
Kannettavassa on suojana:
-avast! home (koneen käynnistyessa skannaa)
-mbam (päivitys 1-2 x viikko skannaus 1 x viikko)
-spywareblaster (päivitys kerran viikko)
-ewido_micro (skanni kerran kk)
-windows palomuuri (läppäri on mokkulan varassa joten ei aina netissä)
-ccleaner (tarvittaessa)
Olisiko puutetta tai korvaavaa ohjelmaa vai pärjäänkö jatkossakin näillä
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 20. joulukuuta 2008 @ 06:10
|
|
Hujo
Suspended permanently
|
20. joulukuuta 2008 @ 06:22 |
Linkki tähän viestiin
|
Kyllä noilla pärjää
palomuuri vois olla kyllä softa mutta jos maalaisjärkee käyttää niin tuollakin pärjää
Windows XP SP2 ton vois päivittää SP3
Internet Explorer v6.00 toi v7
Jos koneessa rahkeet riittää siihen kyllä rupee tuleen niitä päivityksiä sitten.
============
Mulla ei oo kuin
avast
wintoosan palomuuri
MBAM
ccleaner
============
Mikäs on mokkulan nopeus
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 20. joulukuuta 2008 @ 06:30
|
Member
3 tuotearviota
|
20. joulukuuta 2008 @ 06:35 |
Linkki tähän viestiin
|
|
Unohtui mainita että Firefoxissa on adblock antamassa vielä jotain pientä suojaa ja poistamassa sivuilta häiritseviä mainoksia.
Itse asiaan taas:
Elisan 384 (45 kt/s sisään ja 17 ulos noin karkeasti) eli hitain mahdollinen, tuli tuo hommattua melkeenpä heti kun tuli tarjolle. Tosin läppäri on pääosin eukolla kirjotuskoneena ja pienenä nettialustana joten voisi jopa sanoa että suurimman osan päivästä kiinni.
Sp3 en ole juuri halunnut asentaa siksi että sen jälkeen pakkaa tulemaan useitakin isoja päivityksiä jotka taas tahtoo pätkästä mokkulan yhteyden poikki. Pitää koittaa jossain välissä paremmalla netillä latailla mutta tällähetkellä se ei ole oikein vaihtoehtona. IE6 tai 7 ei taas ole merkityksellinen koska sitä selainta ei käytetä koskaan (uskoakseni siis turhaa päivittää).
Sivuhistoraa kun katsoin niin:
Irc-galleria
Huutonetti
Salakuunneltua
Ircquotes
MBnet
Afterdawn
ja pari blogia tuntuu olevan ne aktiiviset sivut. Maalaisjärjellä ollaan pyritty käyttämään ja pysymään vain asiallisilla sivustoilla.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 20. joulukuuta 2008 @ 06:40
|
|
Mainos
|
|
|
|
Hujo
Suspended permanently
|
20. joulukuuta 2008 @ 07:13 |
Linkki tähän viestiin
|
Ok, tässä vain aattelin tuota mokkulaa itelle ottaa,
niin sen takia tuota kysäsin.
Jooo eiköhän noilla pärjää mitä ohjelmia siellä oli
spywareblaster esim se jo jarraa.
avast huutaa aika äkkiä myös.
eiköhän noilla vuoden pärjää :D
Voiko tietsikka koskaan toimia?
|
|
