|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
eScan errorit lisätty
|
|
Junior Member
|
24. helmikuuta 2009 @ 22:14 |
Linkki tähän viestiin
|
http://keskustelu.afterdawn.com/thread_view.cfm/752013
tuossa vanha topic jossa käskettiin näin..
eli tässä logi:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:12:56, on 24.2.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Comodo\AntiSpam\CAS32.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\Software Update 3\SoftAuto.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Comodo\SecureEmail\ComodoSE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com/intl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Toimittaja Elisa Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [ComodoAntiSpam] "C:\Program Files\Comodo\AntiSpam\CAS32.exe" -q
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\RunOnce: [NSSInstallation] C:\WINDOWS\system32\Adobe\Shockwave 11\nssstub.exe /RunOnce
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Lataa FlashGetillä - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Lataa kaikki FlashGetillä - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Palvelut - {18285173-96B5-45DC-B6FD-CA3A330E972E} - http://service.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: SMS-viesti - {33C39762-1B90-44D9-B6DE-2210E148CB7D} - http://sms.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: Tuki - {DB526E50-0195-43AF-9E9B-CC0C0A1B257E} - http://tuki.elisa.net/ (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\cemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cemlsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
O16 - DPF: {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - http://www.miniclip.com/toolbar/minicliptoolbar.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://www.wildtangent.com/install/wdriv...gent/wtinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/7/532/6712/6c5b...5/Installer.exe
O16 - DPF: {CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_02) -
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads...GameManager.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: oepl.dll
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c98b82ef51fa4a) (gupdate1c98b82ef51fa4a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
--
End of file - 11795 bytes
|
|
Hujo
Suspended permanently
|
25. helmikuuta 2009 @ 05:03 |
Linkki tähän viestiin
|
Joo täälä myös kaksi virustojuntaa käytössä
COMODO Internet Security josssa myös virustorjunta.
ja sitten on vielä avast
ja nortonin rääpeitä
=================
Poista lisää poista sovelutuksesta
Spybot - Search & Destroy
Poista kansio vikasiedossa
C:\Program Files\Spybot - Search & Destroy
===============
Scannaa hjt:llä merrkkaa paina Fix checked
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com/intl/
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O16 - DPF: {CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_02) -
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
=============
Luo poistolista:
? Avaa HiJackThis
? Klikkaa "Configure" valintaa oikealla alhaalla
? Klikkaa "Misc Tools"
? Klikkaa boxia joka sanoo "Uninstall Manager"
? Klikkaa valintaa "Save list"
? Kopioi ja liitä kyseinen lista muistiosta ketjuusi
Voiko tietsikka koskaan toimia?
|
Junior Member
|
25. helmikuuta 2009 @ 11:22 |
Linkki tähän viestiin
|
Tässä nyt tää uninstall_list
Ad-Aware
Ad-Aware
Adobe Acrobat 5.0
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Photoshop Elements 7.0
Adobe Photoshop Lightroom 2.2
Adobe Reader 9 - Suomi
Adobe Shockwave Player
Apple Software Update
avast! Antivirus
CCleaner (remove only)
Choice Guard
Comodo AntiSpam 2.6.0.0
COMODO Internet Security
Comodo SecureEmail 2.0.0.1
Creative Centrale
Creative Centrale
Creative Removable Disk Manager
Creative Software Update
Creative ZEN Mozaic User's Guide
Disneyn Aku Ankka
Disneyn Peter Pan Seikkailu Mikä-Mikä-Maassa
getPlus(R) for Adobe
Google Earth
Google Earth Plugin
Google Update Helper
Google Updater
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix-korjauspäivitys Windows Media Player 11:lle (KB939683)
Hotfix-päivitys Windows XP:lle (KB952287)
HyperCam 2
iMesh
Java(TM) 6 Update 11
Junk Mail filter update
MediaBar 2.0
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Live Add-in 1.3
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
mIRC
Mozilla Firefox (3.0.6)
MSVCRT
PhotoFiltre Studio
Picasa 3
Päivitys Windows Internet Explorer 8:lle (KB961813)
Päivitys Windows XP:lle (KB951978)
Päivitys Windows XP:lle (KB955839)
QuickTime
RollerCoaster Tycoon 2
RollerCoaster Tycoon 2: Time Twister
RollerCoaster Tycoon 2: Wacky Worlds
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Segoe UI
Skype? 3.8
Suojauspäivitys ohjelmistolle Windows XP (KB941569)
Suojauspäivitys Windows Internet Explorer 7:lle (KB958215)
Suojauspäivitys Windows Internet Explorer 7:lle (KB960714)
Suojauspäivitys Windows Media Player 11:lle (KB936782)
Suojauspäivitys Windows Media Player 11:lle (KB954154)
Suojauspäivitys Windows Media Playerille (KB952069)
Suojauspäivitys Windows XP:lle (KB938464)
Suojauspäivitys Windows XP:lle (KB946648)
Suojauspäivitys Windows XP:lle (KB950762)
Suojauspäivitys Windows XP:lle (KB950974)
Suojauspäivitys Windows XP:lle (KB951066)
Suojauspäivitys Windows XP:lle (KB951376-v2)
Suojauspäivitys Windows XP:lle (KB951698)
Suojauspäivitys Windows XP:lle (KB951748)
Suojauspäivitys Windows XP:lle (KB952954)
Suojauspäivitys Windows XP:lle (KB954211)
Suojauspäivitys Windows XP:lle (KB954459)
Suojauspäivitys Windows XP:lle (KB954600)
Suojauspäivitys Windows XP:lle (KB955069)
Suojauspäivitys Windows XP:lle (KB956391)
Suojauspäivitys Windows XP:lle (KB956802)
Suojauspäivitys Windows XP:lle (KB956803)
Suojauspäivitys Windows XP:lle (KB956841)
Suojauspäivitys Windows XP:lle (KB957097)
Suojauspäivitys Windows XP:lle (KB958644)
Suojauspäivitys Windows XP:lle (KB958687)
Suojauspäivitys Windows XP:lle (KB960715)
User Guide
User Guide
Windows Internet Explorer 8 Release Candidate 1
Windows Live Call
Windows Live Communications Platform
Windows Live Messenger
Windows Live -perheturva
Windows Live Sync
Windows Live Toolbar
Windows Live Writer
Windows Liven asennustyökalu
Windows Liven asennustyökalu
Windows Liven kirjautumisavustaja
Windows Liven lataustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
Wings 2 v1.3.6
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
|
|
Hujo
Suspended permanently
|
25. helmikuuta 2009 @ 12:23 |
Linkki tähän viestiin
|
Juuu heitä pois tuo Lisää poista sovelutuksesta
avast! Antivirus
Poista kansio vikasiedossa
C:\Program Files\Alwil Software
C:\Program Files\Common Files\Symantec Shared
=========
Lataa Malwarebytes' Anti-Malware työpöydällesi.
1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi
Voiko tietsikka koskaan toimia?
|
Junior Member
|
25. helmikuuta 2009 @ 16:26 |
Linkki tähän viestiin
|
Huhhuh, olipas hirveetä löysi comodokin samalla pari virusta:
Malwarebytes' Anti-Malware 1.34
Tietokantaversio: 1801
Windows 5.1.2600 Service Pack 3
25.2.2009 16:22:16
mbam-log-2009-02-25 (16-22-16).txt
Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 258410
Kulunut aika: 1 hour(s), 28 minute(s), 12 second(s)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 26
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 3
Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)
Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriavaimia:
HKEY_CLASSES_ROOT\imeshmediabar.stockbar (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\imeshmediabar.stockbar.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{450b9e4d-4014-4de3-b34e-014a81468293} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c7f00a9a-f1bc-436e-82c7-e8cae6fd67f7} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ad7fafb0-16d6-40c3-af27-585d6e6453fd} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{288c5f13-7e52-4ada-a32e-f5bf9d125f99} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)
Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)
Saastuneita tiedostoja:
C:\Documents and Settings\Default User\Käynnistä-valikko\NoCreditCard.lnk (Dialer) -> Quarantined and deleted successfully.
C:\Documents and Settings\kone\Käynnistä-valikko\NoCreditCard.lnk (Dialer) -> Quarantined and deleted successfully.
C:\WINDOWS\tmlpcert2005 (Adware.EGDAccess) -> Quarantined and deleted successfully.
|
|
Hujo
Suspended permanently
|
25. helmikuuta 2009 @ 18:16 |
Linkki tähän viestiin
|
1.Lataa Combofix.exe työpöydällesi yhdestä linkistä:
Combofix1
Combofix2
Älä asenna Palutus consolia
2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Voiko tietsikka koskaan toimia?
|
Junior Member
|
25. helmikuuta 2009 @ 19:45 |
Linkki tähän viestiin
|
Lainaus, alkuperäisen viestin kirjoitti Hujo:
1.Lataa Combofix.exe työpöydällesi yhdestä linkistä:
Combofix1
Combofix2
Älä asenna Palutus consolia
2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
En saa ladattua tota, tulee kyllä comodolle ilmoituksia, allowaan ne mutta sitte ku se on loppu niin avautuu joku juttu missä on vaa .
|
|
Hujo
Suspended permanently
|
25. helmikuuta 2009 @ 20:19 |
Linkki tähän viestiin
|
tehääs tällä ajo
Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.
Käynnistä koneesi vikasietotilaan:
sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä
Jossakin koneissa hakataan F8:sin sijasta F5:tä
" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.
Voiko tietsikka koskaan toimia?
|
Junior Member
|
28. helmikuuta 2009 @ 23:15 |
Linkki tähän viestiin
|
|
joo tota selvis että combofix ei käynnisty sen takia ku comodo jatkuvasti valittaa viruksesta ja joudun lopettamaan sen prosessin tehtävienhallinnan kautta muuten kokoajan tynkkää sen virustiedoston mitä ei löydy, koska comodo poistaa sen. Comodon moka?
|
|
Hujo
Suspended permanently
|
1. maaliskuuta 2009 @ 02:49 |
Linkki tähän viestiin
|
|
scannaa uusi hjt:n loki
Voiko tietsikka koskaan toimia?
|
Junior Member
|
1. maaliskuuta 2009 @ 11:46 |
Linkki tähän viestiin
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:18, on 1.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Comodo\AntiSpam\CAS32.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\Software Update 3\SoftAuto.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Comodo\SecureEmail\ComodoSE.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com/intl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Toimittaja Elisa Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [ComodoAntiSpam] "C:\Program Files\Comodo\AntiSpam\CAS32.exe" -q
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\RunOnce: [NSSInstallation] C:\WINDOWS\system32\Adobe\Shockwave 11\nssstub.exe /RunOnce
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Lataa FlashGetillä - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Lataa kaikki FlashGetillä - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Palvelut - {18285173-96B5-45DC-B6FD-CA3A330E972E} - http://service.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: SMS-viesti - {33C39762-1B90-44D9-B6DE-2210E148CB7D} - http://sms.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: Tuki - {DB526E50-0195-43AF-9E9B-CC0C0A1B257E} - http://tuki.elisa.net/ (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\cemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cemlsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
O16 - DPF: {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - http://www.miniclip.com/toolbar/minicliptoolbar.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://www.wildtangent.com/install/wdriv...gent/wtinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/7/532/6712/6c5b...5/Installer.exe
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads...GameManager.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O16 - DPF: {DF9C24D1-030E-49ED-5EB5-D6610086C313} (ChatRepublicPlayer ActiveX) - http://superstarracing.net/ChatRepublicPlayer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c98b82ef51fa4a) (gupdate1c98b82ef51fa4a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
--
End of file - 10554 bytes
|
|
Hujo
Suspended permanently
|
1. maaliskuuta 2009 @ 14:19 |
Linkki tähän viestiin
|
Kopioi / liitä seuraava teksti alapuolella tyhjään muistioFiluun
Varmista että tiedoston tyyppi on ?all Files? ja tallenna se Poisto.bat. nimisenä
työpöydällesi.
@echo off
sc stop SNDSrvc
sc delete SNDSrvc
Tupla-klikkaa Poisto.bat. filua työpöydälläsi , ikkuna avautuu ja Sulkeutuu tämä on normaalia.
Poista kansio
C:\Program Files\Common Files\Symantec Shared
=============
scannaa hjt:llä merkkaa paina Fix checked
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com/intl/
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O9 - Extra button: Palvelut - {18285173-96B5-45DC-B6FD-CA3A330E972E} - http://service.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: SMS-viesti - {33C39762-1B90-44D9-B6DE-2210E148CB7D} - http://sms.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: Tuki - {DB526E50-0195-43AF-9E9B-CC0C0A1B257E} - http://tuki.elisa.net/ (file missing) (HKCU)
O16 - DPF: {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - http://www.miniclip.com/toolbar/minicliptoolbar.cab
Voiko tietsikka koskaan toimia?
|
Junior Member
|
1. maaliskuuta 2009 @ 18:22 |
Linkki tähän viestiin
|
|
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
en löytänyt, muut poistin ja symantec shared kansiota ei ees oo olemassa enää :O
|
|
Hujo
Suspended permanently
|
1. maaliskuuta 2009 @ 18:33 |
Linkki tähän viestiin
|
|
Mikäs on koneen toiminta
Voiko tietsikka koskaan toimia?
|
Junior Member
|
1. maaliskuuta 2009 @ 18:58 |
Linkki tähän viestiin
|
|
|
|
Hujo
Suspended permanently
|
1. maaliskuuta 2009 @ 19:12 |
Linkki tähän viestiin
|
poista koneelta
Comodo AntiSpam 2.6.0.0
COMODO Internet Security
Comodo SecureEmail 2.0.0.1
Poista kansio
C:\Program Files\COMODO
===============
Laita Windowsin palomuuri päälle
===============
Lataa koneelle
avasti
Rekisteröi tuolla
Rekisteröinti
============
aja sdfix
aja combofix
scannaa viimisenä uusi hjt:n loki
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 1. maaliskuuta 2009 @ 19:13
|
Junior Member
|
1. maaliskuuta 2009 @ 20:09 |
Linkki tähän viestiin
|
sdfix.. en osais purkaa sitä tiedostoa vikasiedossa.. ja eikös toi windowsin palomuuri oo p... no jaa teen nyt näitä, mutta mitä palomuuria ite käytät?
|
Junior Member
|
1. maaliskuuta 2009 @ 20:13 |
Linkki tähän viestiin
|
|
ai niin ja uskaltaisko tota combofixiä kokeilla kun comodo löytää viruksia siitä
|
|
Hujo
Suspended permanently
|
1. maaliskuuta 2009 @ 20:19 |
Linkki tähän viestiin
|
|
viskaa toi comodo pois koneelta.
ja ota se avasti takasin
xp:n palomuuria käytän :D
Voiko tietsikka koskaan toimia?
|
Junior Member
|
1. maaliskuuta 2009 @ 20:36 |
Linkki tähän viestiin
|
|
entäs combofix? varokkin jos siinä on joku virus..
|
|
Hujo
Suspended permanently
|
1. maaliskuuta 2009 @ 21:53 |
Linkki tähän viestiin
|
|
sitten ajat sen combofixsin.
Kyllähän sinne vielä mahtuu Malwarebytes' Anti-Malwaren löytämien sekaan vielä yksi lisää :)
Voiko tietsikka koskaan toimia?
|
Junior Member
|
2. maaliskuuta 2009 @ 14:08 |
Linkki tähän viestiin
|
ei auttanu.. :(
ComboFix 09-03-01.01 - Omistaja 2009-03-02 13:46:41.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.511.251 [GMT 2:00]
Sijainti: c:\documents and settings\Omistaja\Työpöytä\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090301-0] *On-access scanning disabled* (Updated)
* Uusi palautuspiste luotu
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\dialers
c:\program files\INSTALL.LOG
c:\windows\system32\iAlmcoin.dll
D:\Autorun.inf
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-02-02 to 2009-03-02 )))))))))))))))))
.
2009-03-01 18:15 . 2009-03-01 18:16 47 --a------ C:\Poisto.bat
2009-03-01 15:56 . 2009-03-01 15:56 <KANSIO> d-------- c:\program files\Common Files\Skype
2009-03-01 11:37 . 2009-03-01 11:37 <KANSIO> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-01 11:37 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-01 11:37 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-28 22:47 . 2009-02-28 22:47 65 --a------ c:\windows\boc427.ini
2009-02-28 19:31 . 2009-02-28 22:44 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\BOC427
2009-02-28 19:31 . 2008-07-14 05:09 212,728 --a------ c:\windows\CMDLIC.DLL
2009-02-28 19:31 . 2008-07-14 05:09 205,560 --a------ c:\windows\UNBOC.EXE
2009-02-28 19:31 . 2008-04-14 18:11 24,064 --a------ c:\windows\system32\wsock32.dlb
2009-02-27 21:30 . 2009-02-27 21:30 <KANSIO> d-------- c:\documents and settings\Omistaja\Application Data\Windows Desktop Search
2009-02-27 19:33 . 2009-02-27 19:33 <KANSIO> d-------- c:\windows\system32\GroupPolicy
2009-02-27 19:33 . 2009-02-27 19:33 <KANSIO> d-------- c:\program files\Windows Desktop Search
2009-02-27 19:22 . 2008-03-07 19:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
2009-02-27 19:22 . 2008-03-07 19:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
2009-02-27 19:22 . 2008-03-07 19:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
2009-02-26 10:51 . 2009-01-09 21:19 1,089,883 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-02-25 23:51 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-02-25 23:38 . 2009-02-25 23:50 <KANSIO> d-------- c:\windows\system32\XPSViewer
2009-02-25 23:38 . 2009-02-25 23:38 <KANSIO> d-------- c:\program files\Reference Assemblies
2009-02-25 23:38 . 2009-02-25 23:38 <KANSIO> d-------- c:\program files\MSBuild
2009-02-25 23:37 . 2009-02-25 23:37 <KANSIO> d-------- C:\8efe1066a27e691d2ff4ef318783cd
2009-02-25 23:37 . 2008-07-06 14:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-02-25 23:37 . 2008-07-06 14:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-02-25 23:37 . 2008-07-06 12:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-02-25 23:37 . 2008-07-06 14:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-02-25 23:37 . 2008-07-06 14:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-02-25 23:37 . 2008-07-06 14:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-02-25 23:37 . 2008-07-06 14:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-02-25 14:51 . 2009-02-25 14:51 <KANSIO> d-------- c:\documents and settings\Omistaja\Application Data\Malwarebytes
2009-02-25 14:49 . 2009-02-25 14:49 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-24 22:09 . 2009-02-24 22:09 <KANSIO> d-------- c:\program files\Trend Micro
2009-02-22 12:38 . 2009-02-21 22:51 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-21 22:54 . 2009-02-21 22:51 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-21 22:48 . 2009-02-21 22:54 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-21 22:48 . 2009-02-21 22:49 <KANSIO> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-21 21:47 . 2009-02-06 18:08 55,152 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys
2009-02-21 21:31 . 2009-02-21 21:31 <KANSIO> d-------- c:\program files\Microsoft Sync Framework
2009-02-21 21:30 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2009-02-21 21:28 . 2009-02-21 21:28 <KANSIO> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-02-21 12:23 . 2009-02-21 12:38 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-02-20 18:17 . 2009-02-20 18:17 <KANSIO> d-------- c:\documents and settings\Omistaja\Application Data\F-Secure
2009-02-20 18:00 . 2009-02-21 12:43 <KANSIO> d-------- c:\program files\F-Secure Internet Security
2009-02-20 17:58 . 2009-02-20 17:59 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\fssg
2009-02-20 17:56 . 2009-02-21 12:34 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\f-secure
2009-02-20 13:30 . 2009-03-01 20:41 <KANSIO> d-------- c:\documents and settings\Omistaja\Application Data\Comodo
2009-02-20 11:04 . 2009-02-20 11:04 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\38FA
2009-02-17 19:00 . 2009-02-17 19:00 <KANSIO> d-------- c:\program files\NOS
2009-02-17 19:00 . 2009-02-17 19:02 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\NOS
2009-02-14 11:51 . 2009-02-14 11:51 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\10271
2009-02-13 20:43 . 2009-02-19 15:03 <KANSIO> d-------- c:\program files\mIRC
2009-02-09 11:53 . 2009-02-09 11:53 <KANSIO> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-02-09 11:53 . 2009-02-09 11:53 <KANSIO> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-02-06 19:32 . 2009-02-06 19:32 308,104 --a------ c:\windows\WLXPGSS.SCR
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll
2009-02-05 16:10 . 2009-02-05 16:10 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\3280
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-02 11:52 --------- d-----w c:\documents and settings\Omistaja\Application Data\Skype
2009-03-02 10:56 --------- d-----w c:\documents and settings\Omistaja\Application Data\skypePM
2009-03-01 18:49 --------- d-----w c:\program files\COMODO
2009-03-01 18:39 --------- d-----w c:\documents and settings\All Users\Application Data\comodo
2009-03-01 13:56 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-03-01 13:56 --------- d-----r c:\program files\Skype
2009-03-01 11:12 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-26 16:51 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-25 09:11 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-23 16:49 --------- d-----w c:\program files\Wings 2
2009-02-21 20:48 --------- d-----w c:\program files\Lavasoft
2009-02-21 19:48 --------- d-----w c:\program files\Microsoft
2009-02-21 19:47 --------- d-----w c:\program files\Windows Live
2009-02-20 12:17 --------- d-----w c:\documents and settings\All Users\Application Data\_comodo_
2009-02-20 09:02 --------- d-----w c:\program files\iMesh Applications
2009-02-19 13:12 --------- d-----w c:\documents and settings\Omistaja\Application Data\mIRC
2009-02-18 11:48 --------- d-----w c:\program files\Common Files\Adobe
2009-02-12 13:12 --------- d-----w c:\program files\Google
2009-02-10 08:44 34 ----a-w c:\documents and settings\Omistaja\jagex_runescape_preferences.dat
2009-02-09 17:59 --------- d-----w c:\program files\CCleaner
2009-02-01 16:07 --------- d-----w c:\documents and settings\Omistaja\Application Data\Apple Computer
2009-02-01 16:03 --------- d-----w c:\program files\QuickTime
2009-02-01 16:02 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-01 16:01 --------- d-----w c:\program files\Apple Software Update
2009-02-01 16:01 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-01-31 19:51 --------- d-----w c:\documents and settings\All Users\Application Data\81E4
2009-01-31 08:18 --------- d-----w c:\documents and settings\All Users\Application Data\38177
2009-01-30 19:35 --------- d-----w c:\documents and settings\All Users\Application Data\242E
2009-01-30 19:24 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-30 19:24 --------- d--h--w c:\documents and settings\All Users\Application Data\{FC488EFD-EF53-4EB6-A106-329E2816542A}
2009-01-30 19:23 --------- d-----w c:\program files\Creative
2009-01-30 19:21 --------- d--h--w c:\documents and settings\All Users\Application Data\{C39CADE8-EC32-4A3E-ADF3-99FB5B7A317D}
2009-01-30 19:20 --------- d--h--w c:\documents and settings\All Users\Application Data\{90F3B5EB-A471-42F9-A905-991C2DB2312C}
2009-01-30 16:27 --------- d-----w c:\documents and settings\Omistaja\Application Data\Creative
2009-01-30 16:25 --------- d-----w c:\documents and settings\All Users\Application Data\Creative
2009-01-30 16:23 --------- d-----w c:\program files\Audible
2009-01-28 16:05 --------- d-----w c:\documents and settings\All Users\Application Data\8AB
2009-01-26 10:40 --------- d-----w c:\documents and settings\Omistaja\Application Data\Nvu
2009-01-24 21:54 --------- d-----w c:\documents and settings\All Users\Application Data\Chat Republic Games
2009-01-24 13:30 --------- d-----w c:\documents and settings\All Users\Application Data\espionServerData
2009-01-24 13:27 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-01-24 13:19 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-01-24 12:47 --------- d-----w c:\documents and settings\Omistaja\Application Data\Download Manager
2009-01-22 14:37 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-19 10:47 27,136 ----a-w c:\windows\~GLH0001.TMP
2009-01-16 20:55 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-01-16 13:05 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-01-16 13:05 --------- d-----w c:\program files\Java
2009-01-16 11:49 --------- d-----w c:\program files\Windows Live SkyDrive
2009-01-16 11:45 --------- d-----w c:\program files\Common Files\Windows Live
2009-01-15 17:40 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-15 00:05 911,872 ----a-w c:\windows\system32\wininet.dll
2009-01-15 00:05 43,008 ----a-w c:\windows\system32\licmgr10.dll
2009-01-15 00:04 18,944 ----a-w c:\windows\system32\corpol.dll
2009-01-15 00:03 72,704 ----a-w c:\windows\system32\admparse.dll
2009-01-15 00:03 71,680 ----a-w c:\windows\system32\iesetup.dll
2009-01-15 00:03 420,352 ----a-w c:\windows\system32\vbscript.dll
2009-01-15 00:01 34,304 ----a-w c:\windows\system32\imgutil.dll
2009-01-15 00:00 48,128 ----a-w c:\windows\system32\mshtmler.dll
2009-01-15 00:00 45,568 ----a-w c:\windows\system32\mshta.exe
2009-01-14 23:50 156,160 ----a-w c:\windows\system32\msls31.dll
2009-01-09 16:14 --------- d-----w c:\program files\Alwil Software
2009-01-09 10:30 --------- d-----w c:\documents and settings\Omistaja\Application Data\yoclient
2009-01-05 22:33 3,751,995 ----a-w c:\windows\system32\GPhotos.scr
2007-10-13 13:35 3,518 ----a-w c:\program files\uninstal.log
2007-08-11 15:16 0 ----a-w c:\documents and settings\Omistaja\conf.dat
2005-11-14 20:11 32 ----a-r c:\documents and settings\All Users\hash.dat
2005-01-28 06:07 30,432 ----a-w c:\documents and settings\Omistaja\Application Data\GDIPFONTCACHEV1.DAT
2003-12-13 13:45 28,880 ----a-w c:\windows\system32\config\systemprofile\Application Data\GDIPFONTCACHEV1.DAT
2003-12-13 13:45 28,880 ----a-w c:\documents and settings\kone\Application Data\GDIPFONTCACHEV1.DAT
1999-06-25 07:55 149,504 ----a-w c:\program files\UNWISE.EXE
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2008-09-02 16:04 398768 --a------ c:\program files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-20 39408]
"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-05-28 401408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-28 315392]
"PS2"="c:\windows\system32\ps2.exe" [2002-08-01 81920]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-21 509784]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NSSInstallation"="c:\windows\system32\Adobe\Shockwave 11\nssstub.exe" [2009-02-02 181624]
c:\documents and settings\All Users\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= oepl.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LEGO Media\\Constructive\\LEGO LOCO\\Exe\\Loco.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Downloads\\CabalTemp\\ESTdnheadless.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Wings 2\\bin\\Wings.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\english\\setup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-21 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-01 114768]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 163840]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-01 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-02-21 55152]
R2 fsssvc;Windows Live -perheturva;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S2 gupdate1c98b82ef51fa4a;Google Update Service (gupdate1c98b82ef51fa4a);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 133104]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
S3 Fadpu16E;Fadpu16E;\??\c:\docume~1\Omistaja\LOCALS~1\Temp\Fadpu16E.sys --> c:\docume~1\Omistaja\LOCALS~1\Temp\Fadpu16E.sys [?]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-02-17 33752]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
'Ajoitetut tehtävät'-kansion sisältö
2009-02-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-21 22:51]
2009-02-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2009-03-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-10 15:23]
2009-03-02 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 15:24]
2009-03-02 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-02-02 18:12]
2009-03-02 c:\windows\Tasks\PCHealth-ajoitus lataamiskirjastoa varten.job
- c:\windows\PCHealth\UploadLB\Binaries\UploadM.exe [2008-04-14 18:12]
2009-03-02 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-09-02 15:25]
2009-03-02 c:\windows\Tasks\User_Feed_Synchronization-{B597C89C-46F7-4B26-8D00-F7FB6638B0EE}.job
- c:\windows\system32\msfeedssync.exe [2009-01-15 02:01]
.
.
------- Täydentävä tarkistus -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Lataa FlashGetillä - c:\program files\FlashGet\jc_link.htm
IE: Lataa kaikki FlashGetillä - c:\program files\FlashGet\jc_all.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {DF9C24D1-030E-49ED-5EB5-D6610086C313} - hxxp://superstarracing.net/ChatRepublicPlayer.cab
FF - ProfilePath - c:\documents and settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\bdzi22fq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1768927&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Habbo-FI Customized Web Search
FF - prefs.js: browser.startup.homepage - google.fi/ig
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1768927&SearchSource=2&q=
FF - component: c:\documents and settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\bdzi22fq.default\extensions\{2cd812a4-b1b7-4fa7-9f81-61c52cacdbea}\components\FFAlert.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npkanevapatch.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-02 13:52:40
Windows 5.1.2600 Service Pack 3 NTFS
tarkistaa piilotettuja prosesseja ...
tarkistaa piilotettuja käynnistysarvoja ...
tarkistaa piilotettuja tiedostoja ...
tarkistus on valmis
piilotetut tiedostot: 0
**************************************************************************
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):38,31,2a,9c,ca,a9,56,b9,08,d8,1f,5f,76,12,ec,d5,9c,05,6a,78,c0,
7f,85,81,fa,e2,0d,4a,cb,e0,50,31,4d,cb,f8,4c,5e,bc,f8,43,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9b167484-3e1a-47be-b0ce-a0f8817c0587}]
@Denied: (Full) (Everyone)
"Model"=dword:0000010d
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\˙cĶw�*]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"
.
Valmistumisajankohta: 2009-03-02 13:57:24
ComboFix-quarantined-files.txt 2009-03-02 11:56:48
Ennen ajoa: 71 919 714 304 tavua vapaana
Ajon jälkeen: 72,013,099,008 tavua vapaana
278 --- E O F --- 2009-03-01 10:12:14
|
|
Hujo
Suspended permanently
|
2. maaliskuuta 2009 @ 14:54 |
Linkki tähän viestiin
|
|
Scannaa uusi hjt:n loki
Voiko tietsikka koskaan toimia?
|
Junior Member
|
2. maaliskuuta 2009 @ 17:32 |
Linkki tähän viestiin
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:32:38, on 2.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\Software Update 3\SoftAuto.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\iMesh Applications\iMesh\iMesh.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [NSSInstallation] C:\WINDOWS\system32\Adobe\Shockwave 11\nssstub.exe /RunOnce
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Lataa FlashGetillä - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Lataa kaikki FlashGetillä - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/7/532/6712/6c5b...5/Installer.exe
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads...GameManager.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O16 - DPF: {DF9C24D1-030E-49ED-5EB5-D6610086C313} (ChatRepublicPlayer ActiveX) - http://superstarracing.net/ChatRepublicPlayer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: oepl.dll
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c98b82ef51fa4a) (gupdate1c98b82ef51fa4a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
--
End of file - 9405 bytes
|
|
Mainos
|
|
|
|
Hujo
Suspended permanently
|
2. maaliskuuta 2009 @ 19:59 |
Linkki tähän viestiin
|
Nyt tuon alla olevan lainauksen sisällön Kopioit / liität Tyhjään muistioon
käynnistä nappi >apuohjelmat > muistio
Lainaus:
Folder::
c:\program files\F-Secure Internet
c:\documents and settings\All Users\Application Data\f-secure
c:\documents and settings\Omistaja\Application Data\Comodo
c:\documents and settings\All Users\Application Data\comodo
c:\documents and settings\All Users\Application Data\_comodo_
c:\documents and settings\All Users\Application Data\Symantec
Tallenna nimellä
Kohde: Työpöytä
Tiedostonnimi: CFScript.txt
Tallennusmuoto: Kaikki tiedostot
Sitten raahaa CFScript ComboFix.exeen kuten alla.
Laita tuleva loki tänne.
Sammutat ja käynnistät koneen
Voiko tietsikka koskaan toimia?
|
|
