|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Apuva Security toolbar 7.1 ja hirveesti popuppeja
|
|
|
Wiljami
Junior Member
|
7. elokuuta 2007 @ 16:07 |
Linkki tähän viestiin
|
Eli kone tuikkii hirveet määräät popup ikkunoita IEllä ja tuliketulla.
Taisin saada jo poistettua tuon Toolbarin mutta tässä vielä viimeisin logi HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:05:58, on 7.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Wiljami\Omat tiedostot\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BDMCon] e:\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "E:\BitDefender plus v10\bdagent.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "E:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1182366219515
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c006DAC4.dat
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - E:\3DMaX\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NBService - Nero AG - E:\Nero Burning\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - E:\BitDefender plus v10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
--
End of file - 5444 bytes
Ajelin jo AVG antiviruksen ja spywaren muttei auta.
Hello World!
|
|
Wiljami
Junior Member
|
7. elokuuta 2007 @ 16:10 |
Linkki tähän viestiin
|
|
Popupit on lähinnä Jamba, smiley ja joittenkin travel sivujen.
Olisin kiitollinen avusta jos joku pystyy auttamaan!
Hello World!
|
|
Auttaja
Suspended permanently
|
7. elokuuta 2007 @ 16:38 |
Linkki tähän viestiin
|
|
|
Wiljami
Junior Member
|
7. elokuuta 2007 @ 17:24 |
Linkki tähän viestiin
|
Tässäpä tämä. Latasin ja ajoin spybot-search&destroy ohjelman joka näyttää tehonneen. Näkyykö mitään muuta?
ComboFix 07-08-04.3 - "Wiljami" 2007-08-07 21:05:03.2 [GMT 3:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.Tosi
((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 )))))))))))))))))))))))))))))))
2007-08-07 20:57 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-07 20:19 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-07 18:21 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-07 13:41 3,364 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-07 13:40 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-08-07 13:40 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-07 13:40 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-08-07 13:26 6,006 --a------ C:\dnsbak.reg
2007-08-07 13:20 dr------- C:\DOCUME~1\JRJEST~1\Omat tiedostot
2007-08-07 13:13 630,784 --a------ C:\DOCUME~1\JRJEST~1\NTUSER.DAT
2007-08-07 13:13 dr------- C:\DOCUME~1\JRJEST~1\K?ynnist?-valikko
2007-08-07 13:13 d--hs---- C:\WINDOWS\CSC
2007-08-07 13:13 d--h----- C:\DOCUME~1\JRJEST~1\Verkkoymp?rist?
2007-08-07 13:13 d--h----- C:\DOCUME~1\JRJEST~1\Tulostinymp?rist?
2007-08-07 13:13 d--h----- C:\DOCUME~1\JRJEST~1\Mallit
2007-08-07 13:13 d-------- C:\DOCUME~1\JRJEST~1\Ty?p?yt?
2007-08-07 13:13 d-------- C:\DOCUME~1\JRJEST~1\Suosikit
2007-08-07 12:59 194 --a------ C:\WINDOWS\system32\RBDELDRV.BAT
2007-08-07 12:52 d-------- C:\WINDOWS\system32\fi-fi
2007-08-07 12:50 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2007-08-07 12:50 d-------- C:\WINDOWS\network diagnostic
2007-08-07 12:13 80,895 --a------ C:\WINDOWS\system32\__c006DAC4.dat
2007-08-04 23:23 d----c--- C:\WINDOWS\system32\DRVSTORE
2007-08-02 18:39 C:\WINDOWS\Mafia
2007-08-02 18:39 C:\Program Files\Mafia
2007-07-29 14:37 52,736 --a------ C:\WINDOWS\ipuninst.exe
2007-07-28 01:00 d-------- C:\DOCUME~1\Wiljami\APPLIC~1\Command & Conquer 3 Tiberium Wars
2007-07-28 00:57 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-07-28 00:57 dr-h----- C:\DOCUME~1\Wiljami\APPLIC~1\SecuROM
2007-07-25 22:02 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-07-25 22:02 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-07-25 22:02 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-07-25 22:02 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-07-25 08:50 d--hs---- C:\WINDOWS\ftpcache
2007-07-24 22:56 d-------- C:\Program Files\Common Files\DirectX
2007-07-24 22:54 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-07-24 22:54 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-07-24 22:54 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-07-23 12:12 d-------- C:\Program Files\Common Files\element5 Shared
2007-07-23 12:12 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\element5
2007-07-22 22:47 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-07-22 18:35 d-------- C:\Program Files\MSXML 4.0
2007-07-22 11:27 d-------- C:\DOCUME~1\Wiljami\APPLIC~1\Ahead
2007-07-22 11:25 d-------- C:\Program Files\Common Files\Ahead
2007-07-22 11:25 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-07-21 23:32 d-------- C:\DOCUME~1\Wiljami\APPLIC~1\DivX
2007-07-21 23:31 36,624 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-07-21 23:31 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-07-21 23:31 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-07-21 23:31 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-21 23:31 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-07-21 23:31 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-07-21 23:22 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
2007-07-21 23:22 160,640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
2007-07-21 21:15 d--h----- C:\WINDOWS\PIF
2007-07-21 12:58 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-07-21 12:58 d-------- C:\DOCUME~1\Wiljami\APPLIC~1\Bitdefender
2007-07-21 12:56 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender
2007-07-21 01:09 8,576 --a------ C:\WINDOWS\system32\drivers\ewwgyccycpsb.sys
2007-07-21 00:52 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-07-21 00:50 d-------- C:\Program Files\Bonjour
2007-07-21 00:45 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-07-21 00:29 d-------- C:\S?l?
2007-07-21 00:28 d-------- C:\Kone
2007-07-21 00:27 d-------- C:\Pelit
2007-07-21 00:26 d-------- C:\2D-3D
2007-07-21 00:15 d-------- C:\FlexLm
2007-07-21 00:14 685,056 --a------ C:\WINDOWS\system32\drivers\hardlock.sys
2007-07-21 00:14 20,032 -ra------ C:\WINDOWS\system32\drivers\SNTNLUSB.SYS
2007-07-21 00:14 d-------- C:\WINDOWS\system32\RNBOSENT
2007-07-21 00:13 6,656 --a------ C:\WINDOWS\system32\haspvdd.dll
2007-07-21 00:13 47,616 --a------ C:\WINDOWS\system32\drivers\Haspnt.sys
2007-07-21 00:13 383 --a------ C:\WINDOWS\system32\haspdos.sys
2007-07-21 00:13 305,152 --a------ C:\WINDOWS\IsUninst.exe
2007-07-21 00:13 d-------- C:\Program Files\Common Files\Alias Shared
2007-07-20 17:41 d-------- C:\DOCUME~1\Wiljami\APPLIC~1\Downloaded Installations
2007-07-20 17:31 d-------- C:\Program Files\QuickTime
2007-07-20 17:31 d-------- C:\Program Files\Apple Software Update
2007-07-20 17:31 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-20 17:17 d-------- C:\WINDOWS\system32\LogFiles
2007-07-19 23:41 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk
2007-07-19 23:38 d-------- C:\Program Files\Common Files\Autodesk Shared
2007-07-19 23:38 d-------- C:\Program Files\Autodesk
2007-07-19 14:55 39 --a------ C:\WINDOWS\TDEVXCW60.DLL
2007-07-19 14:55 39 --a------ C:\WINDOWS\system32\TEVPXCW60.DLL
2007-07-16 23:07 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-07-16 19:43 d-------- C:\DOCUME~1\Wiljami\APPLIC~1\Wings3D
2007-07-16 13:04 d-------- C:\WINDOWS\system32\appmgmt
2007-07-16 13:02 d-------- C:\DOCUME~1\Wiljami\APPLIC~1\Apple Computer
2007-07-16 12:06 d-------- C:\WINDOWS\Downloaded Installations
2007-07-09 22:07 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-09 22:07 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-09 22:07 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-09 22:07 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-09 22:05 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-09 22:05 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-09 22:05 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-09 22:05 740,442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-09 22:05 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-09 22:05 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-07 11:18 --------- d-------- C:\DOCUME~1\Wiljami\APPLIC~1\uTorrent
2007-08-07 10:53 359808 --a--c--- C:\WINDOWS\system32\dllcache\TCPIP.SYS
2007-08-07 10:53 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2007-08-07 10:53 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-08-06 11:13 8704 --a-s---- C:\WINDOWS\system32\eigbbb.dll
2007-08-04 23:01 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-02 23:06 1277 --a------ C:\WINDOWS\mozver.dat
2007-07-21 13:03 913408 --a------ C:\WINDOWS\system32\xreglib.dll
2007-07-21 12:53 --------- d-------- C:\Program Files\NVIDIA Corporation
2007-07-19 23:38 70990 --a------ C:\WINDOWS\system32\perfc00B.dat
2007-07-19 23:38 366492 --a------ C:\WINDOWS\system32\perfh00B.dat
2007-06-29 00:43 8466432 --a------ C:\WINDOWS\system32\nvcpl.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvmctray.dll
2007-06-29 00:43 753664 --a------ C:\WINDOWS\system32\nvcplui.exe
2007-06-29 00:43 6807328 --a--c--- C:\WINDOWS\system32\dllcache\nv4_mini.sys
2007-06-29 00:43 6807328 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-06-29 00:43 6729728 --a------ C:\WINDOWS\system32\nvoglnt.dll
2007-06-29 00:43 6234112 --a------ C:\WINDOWS\system32\nvdisps.dll
2007-06-29 00:43 5690624 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-06-29 00:43 5455872 --a------ C:\WINDOWS\system32\nvdispsr.dll
2007-06-29 00:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-06-29 00:43 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2007-06-29 00:43 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2007-06-29 00:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-06-29 00:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcodins.dll
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcod.dll
2007-06-29 00:43 360448 --a------ C:\WINDOWS\system32\nvapi.dll
2007-06-29 00:43 3600384 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2007-06-29 00:43 3518464 --a------ C:\WINDOWS\system32\nvvitvs.dll
2007-06-29 00:43 3321856 --a------ C:\WINDOWS\system32\nvgames.dll
2007-06-29 00:43 3072000 --a------ C:\WINDOWS\system32\nvgamesr.dll
2007-06-29 00:43 307200 --a------ C:\WINDOWS\system32\nvexpbar.dll
2007-06-29 00:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2007-06-29 00:43 2854912 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2007-06-29 00:43 2416640 --a------ C:\WINDOWS\system32\nvwssr.dll
2007-06-29 00:43 2330624 --a------ C:\WINDOWS\system32\nvwss.dll
2007-06-29 00:43 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2007-06-29 00:43 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2007-06-29 00:43 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-06-29 00:43 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-06-29 00:43 155716 --a------ C:\WINDOWS\system32\nvsvc32.exe
2007-06-29 00:43 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-06-29 00:43 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2007-06-29 00:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-06-29 00:43 1142784 --a------ C:\WINDOWS\system32\nvmobls.dll
2007-06-29 00:43 1073152 --a------ C:\WINDOWS\system32\nvcpluir.dll
2007-06-29 00:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-06-29 00:43 1018772 --a------ C:\WINDOWS\system32\nvucode.bin
2007-06-28 23:05 --------- d-------- C:\Program Files\Messenger
2007-06-27 22:18 --------- d-------- C:\Program Files\Movie Maker
2007-06-27 22:17 --------- d-------- C:\Program Files\Windows NT
2007-06-22 17:29 --------- d-------- C:\Program Files\ASUS
2007-06-21 22:15 --------- d-------- C:\DOCUME~1\Wiljami\APPLIC~1\WinRAR
2007-06-20 22:50 --------- d-------- C:\DOCUME~1\Wiljami\APPLIC~1\InstallShield
2007-06-20 22:01 --------- d-------- C:\Program Files\Logitech
2007-06-20 22:01 --------- d-------- C:\Program Files\Common Files\Logitech
2007-06-20 22:00 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-06-20 21:57 --------- d--h----- C:\Program Files\WindowsUpdate
2007-06-20 21:56 0 --a------ C:\WINDOWS\nsreg.dat
2007-06-20 02:02 --------- d-------- C:\Program Files\Common Files\SpeechEngines
2007-06-20 02:02 --------- d-------- C:\Program Files\Common Files\ODBC
2007-06-20 01:27 --------- d-------- C:\Program Files\Realtek
2007-06-20 01:10 0 -rahs---- C:\MSDOS.SYS
2007-06-20 01:10 0 -rahs---- C:\IO.SYS
2007-06-20 01:10 0 --a------ C:\CONFIG.SYS
2007-06-20 01:10 0 --a------ C:\AUTOEXEC.BAT
2007-06-20 01:10 --------- d-------- C:\Program Files\microsoft frontpage
2007-06-20 01:09 --------- d-------- C:\Program Files\Common Files\MSSoap
2007-06-20 01:08 21672 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-06-20 01:08 --------- d-------- C:\Program Files\Online Services
2007-06-20 01:08 --------- d-------- C:\Program Files\MSN Gaming Zone
2007-05-16 18:14 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 18:14 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 18:14 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 18:14 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 18:14 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 18:14 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-08 11:59 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2006-10-31 07:27]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 15:44]
"JMB36X Configure"="C:\WINDOWS\System32\JMRaidSetup.exe" [2006-10-30 15:44]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-15 01:21 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [2005-05-04 02:43 C:\WINDOWS\Alcmtr.exe]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 09:50 C:\WINDOWS\LOGI_MWX.EXE]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe" [2006-11-14 22:25]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"BDMCon"="e:\BITDEF~1\bdmcon.exe" [2007-07-21 13:03]
"BDAgent"="E:\BitDefender plus v10\bdagent.exe" [2007-07-21 13:02]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-07 15:19]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 12:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04]
"DAEMON Tools"="E:\DAEMON Tools\daemon.exe" [2007-04-04 01:29]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-07-10 21:47]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\__c006DAC4.dat
R0 a347bus;a347bus;C:\WINDOWS\system32\DRIVERS\a347bus.sys
R0 a347scsi;a347scsi;C:\WINDOWS\system32\Drivers\a347scsi.sys
R0 JGOGO;JMicron Hot-Plug Driver;C:\WINDOWS\system32\DRIVERS\JGOGO.sys
R0 JRAID;JRAID;C:\WINDOWS\system32\DRIVERS\jraid.sys
R1 AsIO;AsIO;C:\WINDOWS\system32\drivers\AsIO.sys
R1 aslm75;aslm75;\??\C:\WINDOWS\system32\drivers\aslm75.sys
R1 bdpredir;bdpredir;\??\E:\BitDefender plus v10\bdpredir.sys
R1 PQNTDrv;PQNTDrv;C:\WINDOWS\system32\drivers\PQNTDrv.sys
R2 BDRSDRV;BDRSDRV;\??\E:\BitDefender plus v10\bdrsdrv.sys
R2 Hardlock;Hardlock;\??\C:\WINDOWS\system32\drivers\hardlock.sys
R3 MTsensor;ATK0110 ACPI UTILITY;C:\WINDOWS\system32\DRIVERS\ASACPI.sys
R3 NVR0Dev;NVR0Dev;\??\C:\WINDOWS\nvoclock.sys
S2 DS1410D;DS1410D;\??\C:\WINDOWS\system32\drivers\ds1410d.sys
S4 Messagcr;Messagcr;c:\temp\svchost.exe
*Newly Created Service* - AVGASCLN
Contents of the 'Scheduled Tasks' folder
2007-07-24 12:01:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-07 21:05:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x00ffc\xd3w\2]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120"
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-07 21:06:08
--- E O F ---
Hello World!
|
|
Auttaja
Suspended permanently
|
7. elokuuta 2007 @ 18:15 |
Linkki tähän viestiin
|
Avaa Notepad ja kopioi/liitä allaolevassa lainausboxissa oleva teksti sinne:
Lainaus:
File::
C:\WINDOWS\system32\__c006DAC4.dat
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=-
Tallenna se nimellä CFScript. (Tarkista että on juuri noin kirjoitettu)
Sitten raahaa CFScript ComboFix.exeen kuten alla.
Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.
=======
Kaspersky online-skanneri
Skannaa koneesi Kaspersky Online Skannerilla
Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.
[*] Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
[*] Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
[*] Klikkaa nyt asetuksia, Scan Settings
[*] Tarkista asetuksista, että seuraavat ovat valittuina:
o Scan using the following Anti-Virus database:
+ Extended (Jos valittavissa, muuten valitse Standard)
o Scan Options:
+ Scan Archives
+ Scan Mail Bases
[*] Klikkaa OK
[*] Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
[*] Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
[*] Klikkaa nyt Save as Text-painiketta.
[*] Tallenna tiedosto työpöydällesi.
[*] Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi.
|
|
Wiljami
Junior Member
|
7. elokuuta 2007 @ 19:09 |
Linkki tähän viestiin
|
Tässä tämä combofix logi
ComboFix 07-08-04.3 - "Wiljami" 2007-08-07 22:50:03.3 [GMT 3:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.Tosi
((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 )))))))))))))))))))))))))))))))
2007-08-07 22:51 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-07 22:51 d-------- C:\WINDOWS\LastGood
2007-08-07 22:51 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-08-07 20:57 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-07 20:19 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-07 18:21 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-07 13:41 3,364 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-07 13:40 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-08-07 13:40 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-07 13:40 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-08-07 13:26 6,006 --a------ C:\dnsbak.reg
2007-08-07 13:20 dr------- C:\DOCUME~1\JRJEST~1\Omat tiedostot
2007-08-07 13:13 630,784 --a------ C:\DOCUME~1\JRJEST~1\NTUSER.DAT
2007-08-07 13:13 dr------- C:\DOCUME~1\JRJEST~1\K?ynnist?-valikko
2007-08-07 13:13 d--hs---- C:\WINDOWS\CSC
2007-08-07 13:13 d--h----- C:\DOCUME~1\JRJEST~1\Verkkoymp?rist?
2007-08-07 13:13 d--h----- C:\DOCUME~1\JRJEST~1\Tulostinymp?rist?
2007-08-07 13:13 d--h----- C:\DOCUME~1\JRJEST~1\Mallit
2007-08-07 13:13 d-------- C:\DOCUME~1\JRJEST~1\Ty?p?yt?
2007-08-07 13:13 d-------- C:\DOCUME~1\JRJEST~1\Suosikit
2007-08-07 12:59 194 --a------ C:\WINDOWS\system32\RBDELDRV.BAT
2007-08-07 12:52 d-------- C:\WINDOWS\system32\fi-fi
2007-08-07 12:50 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2007-08-07 12:50 d-------- C:\WINDOWS\network diagnostic
2007-08-07 12:13 80,895 --a------ C:\WINDOWS\system32\__c006DAC4.dat
2007-08-04 23:23 d----c--- C:\WINDOWS\system32\DRVSTORE
2007-08-02 18:39 C:\WINDOWS\Mafia
2007-08-02 18:39 C:\Program Files\Mafia
2007-07-29 14:37 52,736 --a------ C:\WINDOWS\ipuninst.exe
2007-07-28 01:00 d-------- C:\DOCUME~1\Wiljami\APPLIC~1\Command & Conquer 3 Tiberium Wars
2007-07-28 00:57 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-07-28 00:57 dr-h----- C:\DOCUME~1\Wiljami\APPLIC~1\SecuROM
2007-07-25 22:02 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-07-25 22:02 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-07-25 22:02 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-07-25 22:02 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-07-25 08:50 d--hs---- C:\WINDOWS\ftpcache
2007-07-24 22:56 d-------- C:\Program Files\Common Files\DirectX
2007-07-24 22:54 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-07-24 22:54 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-07-24 22:54 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-07-23 12:12 d-------- C:\Program Files\Common Files\element5 Shared
2007-07-23 12:12 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\element5
2007-07-22 22:47 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-07-22 18:35 d-------- C:\Program Files\MSXML 4.0
2007-07-22 11:27 d-------- C:\DOCUME~1\Wiljami\APPLIC~1\Ahead
2007-07-22 11:25 d-------- C:\Program Files\Common Files\Ahead
2007-07-22 11:25 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-07-21 23:32 d-------- C:\DOCUME~1\Wiljami\APPLIC~1\DivX
2007-07-21 23:31 36,624 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-07-21 23:31 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-07-21 23:31 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-07-21 23:31 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-21 23:31 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-07-21 23:31 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-07-21 23:22 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
2007-07-21 23:22 160,640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
2007-07-21 21:15 d--h----- C:\WINDOWS\PIF
2007-07-21 12:58 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-07-21 12:58 d-------- C:\DOCUME~1\Wiljami\APPLIC~1\Bitdefender
2007-07-21 12:56 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender
2007-07-21 01:09 8,576 --a------ C:\WINDOWS\system32\drivers\ewwgyccycpsb.sys
2007-07-21 00:52 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-07-21 00:50 d-------- C:\Program Files\Bonjour
2007-07-21 00:45 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-07-21 00:29 d-------- C:\S?l?
2007-07-21 00:28 d-------- C:\Kone
2007-07-21 00:27 d-------- C:\Pelit
2007-07-21 00:26 d-------- C:\2D-3D
2007-07-21 00:15 d-------- C:\FlexLm
2007-07-21 00:14 685,056 --a------ C:\WINDOWS\system32\drivers\hardlock.sys
2007-07-21 00:14 20,032 -ra------ C:\WINDOWS\system32\drivers\SNTNLUSB.SYS
2007-07-21 00:14 d-------- C:\WINDOWS\system32\RNBOSENT
2007-07-21 00:13 6,656 --a------ C:\WINDOWS\system32\haspvdd.dll
2007-07-21 00:13 47,616 --a------ C:\WINDOWS\system32\drivers\Haspnt.sys
2007-07-21 00:13 383 --a------ C:\WINDOWS\system32\haspdos.sys
2007-07-21 00:13 305,152 --a------ C:\WINDOWS\IsUninst.exe
2007-07-21 00:13 d-------- C:\Program Files\Common Files\Alias Shared
2007-07-20 17:41 d-------- C:\DOCUME~1\Wiljami\APPLIC~1\Downloaded Installations
2007-07-20 17:31 d-------- C:\Program Files\QuickTime
2007-07-20 17:31 d-------- C:\Program Files\Apple Software Update
2007-07-20 17:31 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-20 17:17 d-------- C:\WINDOWS\system32\LogFiles
2007-07-19 23:41 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk
2007-07-19 23:38 d-------- C:\Program Files\Common Files\Autodesk Shared
2007-07-19 23:38 d-------- C:\Program Files\Autodesk
2007-07-19 14:55 39 --a------ C:\WINDOWS\TDEVXCW60.DLL
2007-07-19 14:55 39 --a------ C:\WINDOWS\system32\TEVPXCW60.DLL
2007-07-16 23:07 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-07-16 19:43 d-------- C:\DOCUME~1\Wiljami\APPLIC~1\Wings3D
2007-07-16 13:04 d-------- C:\WINDOWS\system32\appmgmt
2007-07-16 13:02 d-------- C:\DOCUME~1\Wiljami\APPLIC~1\Apple Computer
2007-07-16 12:06 d-------- C:\WINDOWS\Downloaded Installations
2007-07-09 22:07 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-09 22:07 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-09 22:07 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-09 22:07 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-09 22:05 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-09 22:05 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-09 22:05 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-07 21:56 --------- d-------- C:\DOCUME~1\Wiljami\APPLIC~1\uTorrent
2007-08-07 10:53 359808 --a--c--- C:\WINDOWS\system32\dllcache\TCPIP.SYS
2007-08-07 10:53 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2007-08-07 10:53 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-08-06 11:13 8704 --a-s---- C:\WINDOWS\system32\eigbbb.dll
2007-08-04 23:01 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-02 23:06 1277 --a------ C:\WINDOWS\mozver.dat
2007-07-21 13:03 913408 --a------ C:\WINDOWS\system32\xreglib.dll
2007-07-21 12:53 --------- d-------- C:\Program Files\NVIDIA Corporation
2007-07-19 23:38 70990 --a------ C:\WINDOWS\system32\perfc00B.dat
2007-07-19 23:38 366492 --a------ C:\WINDOWS\system32\perfh00B.dat
2007-06-29 00:43 8466432 --a------ C:\WINDOWS\system32\nvcpl.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvmctray.dll
2007-06-29 00:43 753664 --a------ C:\WINDOWS\system32\nvcplui.exe
2007-06-29 00:43 6807328 --a--c--- C:\WINDOWS\system32\dllcache\nv4_mini.sys
2007-06-29 00:43 6807328 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-06-29 00:43 6729728 --a------ C:\WINDOWS\system32\nvoglnt.dll
2007-06-29 00:43 6234112 --a------ C:\WINDOWS\system32\nvdisps.dll
2007-06-29 00:43 5690624 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-06-29 00:43 5455872 --a------ C:\WINDOWS\system32\nvdispsr.dll
2007-06-29 00:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-06-29 00:43 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2007-06-29 00:43 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2007-06-29 00:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-06-29 00:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcodins.dll
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcod.dll
2007-06-29 00:43 360448 --a------ C:\WINDOWS\system32\nvapi.dll
2007-06-29 00:43 3600384 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2007-06-29 00:43 3518464 --a------ C:\WINDOWS\system32\nvvitvs.dll
2007-06-29 00:43 3321856 --a------ C:\WINDOWS\system32\nvgames.dll
2007-06-29 00:43 3072000 --a------ C:\WINDOWS\system32\nvgamesr.dll
2007-06-29 00:43 307200 --a------ C:\WINDOWS\system32\nvexpbar.dll
2007-06-29 00:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2007-06-29 00:43 2854912 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2007-06-29 00:43 2416640 --a------ C:\WINDOWS\system32\nvwssr.dll
2007-06-29 00:43 2330624 --a------ C:\WINDOWS\system32\nvwss.dll
2007-06-29 00:43 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2007-06-29 00:43 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2007-06-29 00:43 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-06-29 00:43 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-06-29 00:43 155716 --a------ C:\WINDOWS\system32\nvsvc32.exe
2007-06-29 00:43 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-06-29 00:43 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2007-06-29 00:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-06-29 00:43 1142784 --a------ C:\WINDOWS\system32\nvmobls.dll
2007-06-29 00:43 1073152 --a------ C:\WINDOWS\system32\nvcpluir.dll
2007-06-29 00:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-06-29 00:43 1018772 --a------ C:\WINDOWS\system32\nvucode.bin
2007-06-28 23:05 --------- d-------- C:\Program Files\Messenger
2007-06-27 22:18 --------- d-------- C:\Program Files\Movie Maker
2007-06-27 22:17 --------- d-------- C:\Program Files\Windows NT
2007-06-22 17:29 --------- d-------- C:\Program Files\ASUS
2007-06-21 22:15 --------- d-------- C:\DOCUME~1\Wiljami\APPLIC~1\WinRAR
2007-06-20 22:50 --------- d-------- C:\DOCUME~1\Wiljami\APPLIC~1\InstallShield
2007-06-20 22:01 --------- d-------- C:\Program Files\Logitech
2007-06-20 22:01 --------- d-------- C:\Program Files\Common Files\Logitech
2007-06-20 22:00 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-06-20 21:57 --------- d--h----- C:\Program Files\WindowsUpdate
2007-06-20 21:56 0 --a------ C:\WINDOWS\nsreg.dat
2007-06-20 02:02 --------- d-------- C:\Program Files\Common Files\SpeechEngines
2007-06-20 02:02 --------- d-------- C:\Program Files\Common Files\ODBC
2007-06-20 01:27 --------- d-------- C:\Program Files\Realtek
2007-06-20 01:10 0 -rahs---- C:\MSDOS.SYS
2007-06-20 01:10 0 -rahs---- C:\IO.SYS
2007-06-20 01:10 0 --a------ C:\CONFIG.SYS
2007-06-20 01:10 0 --a------ C:\AUTOEXEC.BAT
2007-06-20 01:10 --------- d-------- C:\Program Files\microsoft frontpage
2007-06-20 01:09 --------- d-------- C:\Program Files\Common Files\MSSoap
2007-06-20 01:08 21672 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-06-20 01:08 --------- d-------- C:\Program Files\Online Services
2007-06-20 01:08 --------- d-------- C:\Program Files\MSN Gaming Zone
2007-05-16 18:14 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 18:14 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 18:14 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 18:14 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 18:14 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 18:14 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-08 11:59 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2006-10-31 07:27]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 15:44]
"JMB36X Configure"="C:\WINDOWS\System32\JMRaidSetup.exe" [2006-10-30 15:44]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-15 01:21 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [2005-05-04 02:43 C:\WINDOWS\Alcmtr.exe]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 09:50 C:\WINDOWS\LOGI_MWX.EXE]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe" [2006-11-14 22:25]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"BDMCon"="e:\BITDEF~1\bdmcon.exe" [2007-07-21 13:03]
"BDAgent"="E:\BitDefender plus v10\bdagent.exe" [2007-07-21 13:02]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-07 15:19]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 12:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04]
"DAEMON Tools"="E:\DAEMON Tools\daemon.exe" [2007-04-04 01:29]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-07-10 21:47]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\__c006DAC4.dat
R0 a347bus;a347bus;C:\WINDOWS\system32\DRIVERS\a347bus.sys
R0 a347scsi;a347scsi;C:\WINDOWS\system32\Drivers\a347scsi.sys
R0 JGOGO;JMicron Hot-Plug Driver;C:\WINDOWS\system32\DRIVERS\JGOGO.sys
R0 JRAID;JRAID;C:\WINDOWS\system32\DRIVERS\jraid.sys
R1 AsIO;AsIO;C:\WINDOWS\system32\drivers\AsIO.sys
R1 aslm75;aslm75;\??\C:\WINDOWS\system32\drivers\aslm75.sys
R1 bdpredir;bdpredir;\??\E:\BitDefender plus v10\bdpredir.sys
R1 PQNTDrv;PQNTDrv;C:\WINDOWS\system32\drivers\PQNTDrv.sys
R2 BDRSDRV;BDRSDRV;\??\E:\BitDefender plus v10\bdrsdrv.sys
R2 Hardlock;Hardlock;\??\C:\WINDOWS\system32\drivers\hardlock.sys
R3 MTsensor;ATK0110 ACPI UTILITY;C:\WINDOWS\system32\DRIVERS\ASACPI.sys
R3 NVR0Dev;NVR0Dev;\??\C:\WINDOWS\nvoclock.sys
S2 DS1410D;DS1410D;\??\C:\WINDOWS\system32\drivers\ds1410d.sys
S4 Messagcr;Messagcr;c:\temp\svchost.exe
Contents of the 'Scheduled Tasks' folder
2007-07-24 12:01:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-07 22:52:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x00ffc\xd3w\2]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120"
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-07 22:52:49
C:\ComboFix2.txt ... 2007-08-07 21:06
--- E O F ---
Laitan kohta tuon kaspersky tuloksen kun on valmis.
Hello World!
|
|
Auttaja
Suspended permanently
|
7. elokuuta 2007 @ 20:18 |
Linkki tähän viestiin
|
Juups. eli toi cfscript ei nyt toiminut.. eipä se haittaa..
======
sulla on kaks antivursta avg7 ja bitdefender.. poista toinen
=======
Avaa hijackthis merkkaa seuraavat rivi(t) ja paina fix checked, sulje muut ohjelmat siksi aikaa.
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c006DAC4.dat
Tässä ohje miten merkataan:
========
Laita piilotiedostot näkyviin ja poiston jälkeen piiloon takaisin
poista tää C:\WINDOWS\system32\__c006DAC4.dat
======
eli uusi hjtlogi ja kasperskyn logi..
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 7. elokuuta 2007 @ 20:22
|
|
Wiljami
Junior Member
|
8. elokuuta 2007 @ 03:55 |
Linkki tähän viestiin
|
Heips.
Kokeilin poistella tuota
C:\WINDOWS\system32\__c006DAC4.dat
mutta eipä onnistunutkaan. Myöskään HjT ei poista sitä vaikka se sanoo poistavansa sen. Eli on aina vaan uudestaan siellä. Filua ei voi poistaa ja windows sanoo että lähdetiedosto on käytössä. Yritin ladata KillBoxin jota tuo HjT ehdotti mutta se ei käynnistynyt koneella jostain syystä. Liekkö syynä että oon nyt vikasietotilassa. Pitää kokeilla normaalissa..
Hello World!
|
|
Wiljami
Junior Member
|
8. elokuuta 2007 @ 04:09 |
Linkki tähän viestiin
|
|
Juu ei tosiaan auennut koko ohjelma, valittaa jostain "Component MSCOMCTL.OCX or one of its dependencies not correctly registered: a file is missing or invalid?
Että tälläistä, mitäs tehdään?
On muuten myös toinen juttu jota en voi poistaa
C:\Program Files\Mafia pelin kansiota
kone sanoo "Ei voi poistaa tiedosto: lähdetiedostosta tai levyltä ei voi lukea. Mitään onglemaa kovossa ei ole löytynyt joten nyt mättää jossain muualla.
Hello World!
|
|
Auttaja
Suspended permanently
|
8. elokuuta 2007 @ 09:02 |
Linkki tähän viestiin
|
Lataa Killbox Option^Explicitiltä.
Huomaa: Jos sinulla on jo Killbox, tämä on uusi versio joka sinun tulee asentaa. Poista aikaisempi.
[*]Tallenna työpöydällesi.
[*] Valitse: [*]Replace on Reboot ja laita vielä merkki Use Dummy
[*]Kopioi ja liitä alapuolella oleva tiedostopolku leikepöydälle mustaamalla se ja painamalla CTRL + C (tai, mustaamisen jälkeen, oikea klikki hiirellä ja valitse kopioi):
C:\WINDOWS\system32\__c006DAC4.dat
[*] Palaa Killboxiin, mene File valikkoon, ja valitse Paste from Clipboard.
[*]Klikkaa puna-valkoista Delete File valintaa. Klikkaa Yes "Delete on Reboot" pyyntöön. Klikkaa OK mihin vain PendingFileRenameOperations pyyntöön (ja anna fixaajan tietää jos jokin tälläinen tulee!).
Käynnistä koneesi itse jos se ei sitä automaattisesti tee
Jos saat tälläisen viestin: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." Kun yrität ajaa KillBoxia, klikkaa tätä ladataksesi ja ajaaksesi Missingfilessetup.exe;n. Sitten koita KillBoxia uudestaan.
Sitten tee noi korjaukset hijackthissillä (jos pystyt) ja laita uusi hijackthislogi
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 8. elokuuta 2007 @ 09:02
|
|
Wiljami
Junior Member
|
8. elokuuta 2007 @ 19:10 |
Linkki tähän viestiin
|
No nyt tais lähteä. Ei näy enää HjT :ssä
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:07:51, on 8.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
E:\BitDefender plus v10\bdagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
E:\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
E:\BitDefender plus v10\vsserv.exe
C:\WINDOWS\System32\svchost.exe
e:\bitdef~1\bdmcon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Wiljami\Omat tiedostot\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BDMCon] e:\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "E:\BitDefender plus v10\bdagent.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "E:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1182366219515
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - E:\3DMaX\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NBService - Nero AG - E:\Nero Burning\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - E:\BitDefender plus v10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
--
End of file - 6585 bytes
Hello World!
|
|
Auttaja
Suspended permanently
|
8. elokuuta 2007 @ 19:31 |
Linkki tähän viestiin
|
ei taida bitdefenderiss olla palomuuria? vai
Jos käytät vain Windowsin omaa palomuuria, niin se ei ole riittävä suoja. Lataa vaikka näistä kolmesta Yksi palomuuri koneellesi ja asenna se. Poista sitten myös windowsin palomuuri käytöstä. Nämä 3 ovat aika suosittuja ja ilmaisia palomuureja:
Comodo
Kerio
Zonealarm
========
Skannaa koneesi Ewido Online Scannerilla
* Lataa Ewido_micro.exe tästä.
* Tallenna tiedosto esimerkiksi työpöydälle.
* Tuplaklikkaa Ewido_micro.exeä työpöydälläsi.
* Ewido alkaa samantien päivittämään tunnisteitaan. Tässä voi mennä hetki.
* Kun päivitykset on ladattu, varmista että kaikki kohdat ovat rastitettuja ikkunan vasemmassa laidassa.
* Klikkaa vasemmalla alhaalla olevaa Start Scan -nappia.
* Scannaus alkaa. Tässä voi kestää jonkun aikaa, riippuen tiedostojen määrästä.
* Kun skannaus on valmis ja löytyneitä kohteita on, niin varmista, että kaikkien kohteiden vasemmalla puolella olevissa kohdissa on rastit.
* Klikkaa Save report -nappia ja tallenna raportti vaikka työpöydälle.
* Klikkaa Remove Infections -nappia.
* Kun vastaat aukeavaan ilmoitukseen ok, niin kaikki saastuneet tiedostot poistetaan.
* Poiston jälkeen voit sammuttaa Ewido Online Scannerin painamalla yläkulmassa olevaa punaista rastia.
* Käynnistä kone nyt uudelleen ja postita tallentamasi raportti viestiketjuusi
==========
Loistava ohje tietokoneeen nopeuttamiseksi
http://neko.1g.fi/ohje/hidastelua.html
++++++++++
Lataa Deckard's System Scanner Työpöydällesi.
Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman.
[*]Sulje kaikki avoimet ikkunat ja ohjelmat.
[*]Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita.
[*]Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt
[*]Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V )
[*]kopioi ja liitä Extra.txt & Main.txt sisältö seuraavaan vastaukseesi.
ja ewido online skannerin raportti
|
|
Wiljami
Junior Member
|
9. elokuuta 2007 @ 13:25 |
Linkki tähän viestiin
|
BitDefenderissä on kyllä palomuuri joka tuntuisi toimivan hyvin.
Elikkäs tässä ois näitä logeja:
__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________
Name: TrackingCookie.Yieldmanager
Path: C:\Documents and Settings\Wiljami\Cookies\wiljami@ad.yieldmanager[2].txt
Risk: Medium
Name: TrackingCookie.Atdmt
Path: C:\Documents and Settings\Wiljami\Cookies\wiljami@atdmt[1].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Wiljami\Cookies\wiljami@blinck.112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.Cpvfeed
Path: C:\Documents and Settings\Wiljami\Cookies\wiljami@cpvfeed[1].txt
Risk: Medium
Name: TrackingCookie.Doubleclick
Path: C:\Documents and Settings\Wiljami\Cookies\wiljami@doubleclick[1].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Wiljami\Cookies\wiljami@msnportal.112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.Realmedia
Path: C:\Documents and Settings\Wiljami\Cookies\wiljami@realmedia[2].txt
Risk: Medium
Name: TrackingCookie.Statistik-gallup
Path: C:\Documents and Settings\Wiljami\Cookies\wiljami@statistik-gallup[1].txt
Risk: Medium
Name: TrackingCookie.Zedo
Path: C:\Documents and Settings\Wiljami\Cookies\wiljami@zedo[1].txt
Risk: Medium
Name: TrackingCookie.Statistik-gallup
Path: :mozilla.6:C:\Documents and Settings\Wiljami\Application Data\Mozilla\Firefox\Profiles\ydgkk0qt.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Tradedoubler
Path: :mozilla.7:C:\Documents and Settings\Wiljami\Application Data\Mozilla\Firefox\Profiles\ydgkk0qt.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Tradedoubler
Path: :mozilla.8:C:\Documents and Settings\Wiljami\Application Data\Mozilla\Firefox\Profiles\ydgkk0qt.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adtech
Path: :mozilla.9:C:\Documents and Settings\Wiljami\Application Data\Mozilla\Firefox\Profiles\ydgkk0qt.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adtech
Path: :mozilla.10:C:\Documents and Settings\Wiljami\Application Data\Mozilla\Firefox\Profiles\ydgkk0qt.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Doubleclick
Path: :mozilla.21:C:\Documents and Settings\Wiljami\Application Data\Mozilla\Firefox\Profiles\ydgkk0qt.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Atdmt
Path: :mozilla.22:C:\Documents and Settings\Wiljami\Application Data\Mozilla\Firefox\Profiles\ydgkk0qt.default\cookies.txt
Risk: Medium
Name: TrackingCookie.2o7
Path: :mozilla.40:C:\Documents and Settings\Wiljami\Application Data\Mozilla\Firefox\Profiles\ydgkk0qt.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Cpvfeed
Path: :mozilla.42:C:\Documents and Settings\Wiljami\Application Data\Mozilla\Firefox\Profiles\ydgkk0qt.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Yieldmanager
Path: :mozilla.43:C:\Documents and Settings\Wiljami\Application Data\Mozilla\Firefox\Profiles\ydgkk0qt.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Yieldmanager
Path: :mozilla.44:C:\Documents and Settings\Wiljami\Application Data\Mozilla\Firefox\Profiles\ydgkk0qt.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Cpvfeed
Path: :mozilla.48:C:\Documents and Settings\Wiljami\Application Data\Mozilla\Firefox\Profiles\ydgkk0qt.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Cpvfeed
Path: :mozilla.49:C:\Documents and Settings\Wiljami\Application Data\Mozilla\Firefox\Profiles\ydgkk0qt.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Cpvfeed
Path: :mozilla.50:C:\Documents and Settings\Wiljami\Application Data\Mozilla\Firefox\Profiles\ydgkk0qt.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adbrite
Path: :mozilla.86:C:\Documents and Settings\Wiljami\Application Data\Mozilla\Firefox\Profiles\ydgkk0qt.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adbrite
Path: :mozilla.87:C:\Documents and Settings\Wiljami\Application Data\Mozilla\Firefox\Profiles\ydgkk0qt.default\cookies.txt
Risk: Medium
Deckard's System Scanner v20070807.62
Run by Wiljami on 2007-08-09 at 17:17:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
12: 2007-08-09 14:17:32 UTC - RP196 - Deckard's System Scanner Restore Point
11: 2007-08-08 20:31:26 UTC - RP195 - Removed World in Conflict - BETA
10: 2007-08-08 20:29:20 UTC - RP194 - Removed Maelstrom
9: 2007-08-08 20:21:04 UTC - RP193 - Installed DirectX
8: 2007-08-08 20:19:13 UTC - RP192 - Installed World in Conflict - BETA
-- First Restore Point --
1: 2007-08-07 03:41:52 UTC - RP185 - Järjestelmän tarkistuspiste
Backed up registry hives.
Performed disk cleanup.
System Drive C: has 3 GiB (less than 15%) free.
-- HijackThis (run as Wiljami.exe) ---------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:18:27, on 9.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
E:\BITDEF~1\bdmcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
E:\BitDefender plus v10\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Wiljami\Työpöytä\dss.exe
C:\DOCUME~1\Wiljami\OMATTI~1\Wiljami.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [BDMCon] e:\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1182366219515
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - E:\3DMaX\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NBService - Nero AG - E:\Nero Burning\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - E:\BitDefender plus v10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
--
End of file - 4819 bytes
-- HijackThis Fixed Entries (C:\DOCUME~1\Wiljami\OMATTI~1\backups\) ------------
backup-20070807-145603-555 O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\__c003D7FD.dat
backup-20070807-145719-864 O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
backup-20070807-145819-528 O20 - AppInit_DLLs: C:\WINDOWS\system32\__c006DAC4.dat
backup-20070807-145845-926 O23 - Service: Messagcr - Unknown owner - c:\temp\svchost.exe
backup-20070807-150406-102 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
backup-20070807-150406-959 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
backup-20070807-195207-274 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
backup-20070807-195207-295 O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
backup-20070807-195309-194 O20 - AppInit_DLLs: C:\WINDOWS\system32\__c006DAC4.dat
backup-20070807-195354-697 O22 - SharedTaskScheduler: arouse - {c4da240e-7525-404a-b366-f50a422376d8} - (no file)
backup-20070807-195355-959 O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
backup-20070807-195631-291 O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
backup-20070808-073440-131 O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
backup-20070808-073440-828 O20 - AppInit_DLLs: C:\WINDOWS\system32\__c006DAC4.dat
backup-20070808-074139-241 O20 - AppInit_DLLs: C:\WINDOWS\system32\__c006DAC4.dat
backup-20070808-074638-357 O20 - AppInit_DLLs: C:\WINDOWS\system32\__c006DAC4.dat
backup-20070808-075025-319 O20 - AppInit_DLLs: C:\WINDOWS\system32\__c006DAC4.dat
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 aslm75 - c:\windows\system32\drivers\aslm75.sys
R1 bdpredir - e:\bitdefender plus v10\bdpredir.sys
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys
R2 Haspnt - c:\windows\system32\drivers\haspnt.sys
R3 NVR0Dev - c:\windows\nvoclock.sys
S2 DS1410D - c:\windows\system32\drivers\ds1410d.sys (file missing)
S3 catchme - c:\docume~1\wiljami\locals~1\temp\catchme.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Autodesk Licensing Service - "c:\program files\common files\autodesk shared\service\adskscsrv.exe"
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" Apple Computer, Inc.; Bonjour>
R2 nTuneService (nTune Service) - c:\program files\nvidia corporation\ntune\ntuneservice.exe /startservice
S2 mi-raysat_3dsmax9_32 (mental ray 3.5 Satellite (32-bit)) - e:\3dmax\mentalray\satellite\raysat_3dsmax9_32server.exe
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe"
S3 License Management Service ESD - "c:\program files\common files\element5 shared\service\licence manager esd.exe"
S3 NBService - e:\nero burning\nero 7\nero backitup\nbservice.exe
S4 Messagcr - c:\temp\svchost.exe (file missing)
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2007-07-24 15:01:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2007-07-09 and 2007-08-09 -----------------------------
2007-08-09 00:27:42 0 d-------- C:\WINDOWS\pss
2007-08-08 23:02:09 0 d-------- C:\!KillBox
2007-08-08 23:00:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-08-07 20:19:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-08-07 18:21:13 0 d-------- C:\Documents and Settings\Wiljami\Application Data\Grisoft
2007-08-07 15:19:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-08-07 13:41:18 3364 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-07 13:40:49 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-08-07 13:40:49 53248 --a------ C:\WINDOWS\system32\Process.exe http://www.beyondlogic.org; Command Line Process Utility>
2007-08-07 13:40:49 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-07 13:26:46 6006 --a------ C:\dnsbak.reg
2007-08-07 13:20:43 0 dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
2007-08-07 13:15:58 0 d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Macromedia
2007-08-07 13:13:42 0 d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2007-08-07 13:13:42 0 d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2007-08-07 13:13:42 0 d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2007-08-07 13:13:42 0 d-------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2007-08-07 13:13:42 0 dr-h----- C:\Documents and Settings\Järjestelmänvalvoja\SendTo
2007-08-07 13:13:42 0 d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Recent
2007-08-07 13:13:42 626688 --a------ C:\Documents and Settings\Järjestelmänvalvoja\NTUSER.DAT
2007-08-07 13:13:42 0 d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2007-08-07 13:13:42 0 d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Local Settings
2007-08-07 13:13:42 0 dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2007-08-07 13:13:42 0 d--hs---- C:\Documents and Settings\Järjestelmänvalvoja\Cookies
2007-08-07 13:13:42 0 dr-h----- C:\Documents and Settings\Järjestelmänvalvoja\Application Data
2007-08-07 13:13:42 0 d---s---- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Microsoft
2007-08-07 13:13:37 0 d--hs---- C:\WINDOWS\CSC
2007-08-07 12:59:22 194 --a------ C:\WINDOWS\system32\RBDELDRV.BAT
2007-08-07 12:52:32 0 d-------- C:\WINDOWS\system32\fi-fi
2007-08-07 12:50:51 0 d-------- C:\WINDOWS\network diagnostic
2007-08-07 12:20:21 0 --a------ C:\Documents and Settings\Wiljami\NULL
2007-08-04 23:23:10 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-08-02 23:06:18 0 d-------- C:\WINDOWS\Sun
2007-08-02 23:06:18 0 d-------- C:\Documents and Settings\Wiljami\Application Data\Sun
2007-08-02 23:05:48 0 d-------- C:\Program Files\Java
2007-08-02 23:04:58 0 d-------- C:\Program Files\Common Files\Java
2007-07-29 14:37:21 52736 --a------ C:\WINDOWS\ipuninst.exe
2007-07-28 01:00:36 0 d-------- C:\Documents and Settings\Wiljami\Application Data\Command & Conquer 3 Tiberium Wars
2007-07-28 00:57:16 0 dr-h----- C:\Documents and Settings\Wiljami\Application Data\SecuROM
2007-07-25 08:50:23 0 d--hs---- C:\WINDOWS\ftpcache
2007-07-24 22:56:43 0 d-------- C:\Program Files\Common Files\DirectX
2007-07-23 12:12:15 0 d-------- C:\Documents and Settings\All Users\Application Data\element5
2007-07-23 12:12:06 0 d-------- C:\Program Files\Common Files\element5 Shared
2007-07-22 22:47:20 682232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-07-22 18:35:38 0 d-------- C:\Program Files\MSXML 4.0
2007-07-22 11:27:17 0 d-------- C:\Documents and Settings\Wiljami\Application Data\Ahead
2007-07-22 11:25:58 0 d-------- C:\Program Files\Common Files\Ahead
2007-07-22 11:25:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-07-21 23:32:22 0 d-------- C:\Documents and Settings\Wiljami\Application Data\DivX
2007-07-21 23:22:51 5248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
2007-07-21 23:22:51 160640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
2007-07-21 21:15:51 0 d--h----- C:\WINDOWS\PIF
2007-07-21 12:58:47 81984 --a------ C:\WINDOWS\system32\bdod.bin
2007-07-21 12:58:21 0 d-------- C:\Documents and Settings\Wiljami\Application Data\Bitdefender
2007-07-21 12:56:38 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2007-07-21 01:09:11 8576 --a------ C:\WINDOWS\system32\drivers\ewwgyccycpsb.sys
2007-07-21 00:52:08 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-07-21 00:50:22 0 d-------- C:\Program Files\Bonjour
2007-07-21 00:45:49 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-07-21 00:29:06 0 d-------- C:\Sälä
2007-07-21 00:28:19 0 d-------- C:\Kone
2007-07-21 00:27:54 0 d-------- C:\Pelit
2007-07-21 00:26:24 0 d-------- C:\2D-3D
2007-07-21 00:15:53 0 d-------- C:\FlexLm
2007-07-21 00:14:05 20032 -ra------ C:\WINDOWS\system32\drivers\SNTNLUSB.SYS USB Security Device Driver>
2007-07-21 00:14:02 0 --a------ C:\WINDOWS\TempFile
2007-07-21 00:14:00 0 d-------- C:\WINDOWS\system32\RNBOSENT
2007-07-21 00:13:57 305152 --a------ C:\WINDOWS\IsUninst.exe
2007-07-21 00:13:54 6656 --a------ C:\WINDOWS\system32\haspvdd.dll
2007-07-21 00:13:54 383 --a------ C:\WINDOWS\system32\haspdos.sys
2007-07-21 00:13:53 47616 --a------ C:\WINDOWS\system32\drivers\Haspnt.sys
2007-07-21 00:13:17 0 d-------- C:\Program Files\Common Files\Alias Shared
2007-07-20 17:44:53 0 dr-h----- C:\Documents and Settings\Wiljami\Recent
2007-07-20 17:41:05 0 d-------- C:\Documents and Settings\Wiljami\Application Data\Downloaded Installations
2007-07-20 17:31:44 0 d-------- C:\Program Files\QuickTime
2007-07-20 17:31:38 0 d-------- C:\Program Files\Apple Software Update
2007-07-20 17:31:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-07-20 17:17:28 0 d-------- C:\WINDOWS\system32\LogFiles
2007-07-19 23:41:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2007-07-19 23:38:52 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2007-07-19 23:38:52 0 d-------- C:\Program Files\Autodesk
2007-07-19 14:55:51 39 --a------ C:\WINDOWS\TDEVXCW60.DLL
2007-07-19 14:55:51 39 --a------ C:\WINDOWS\system32\TEVPXCW60.DLL
2007-07-18 23:38:04 4 --a------ C:\Documents and Settings\Wiljami\ini
2007-07-16 23:07:47 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-07-16 19:43:13 0 d-------- C:\Documents and Settings\Wiljami\Application Data\Wings3D
2007-07-16 13:04:55 0 d-------- C:\WINDOWS\system32\appmgmt
2007-07-16 13:02:50 0 d-------- C:\Documents and Settings\Wiljami\Application Data\Apple Computer
2007-07-16 13:02:18 1763 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2007-07-16 12:06:38 0 d-------- C:\WINDOWS\Downloaded Installations
2007-07-09 22:07:50 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-09 22:05:58 196608 --a------ C:\WINDOWS\system32\dtu100.dll DivX, Inc.; DivX, Inc. dtu100>
2007-07-09 22:05:58 73728 --a------ C:\WINDOWS\system32\dpl100.dll DivX, Inc.; DivX, Inc. dpl100>
2007-07-09 22:05:54 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-09 22:05:54 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-09 22:05:54 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-09 22:05:54 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-09 22:05:28 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
-- Find3M Report ---------------------------------------------------------------
2007-08-08 23:19:13 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-08 11:53:25 0 d-------- C:\Documents and Settings\Wiljami\Application Data\uTorrent
2007-08-06 11:13:22 8704 --a-s---- C:\WINDOWS\system32\eigbbb.dll
2007-08-02 23:06:10 1277 --a------ C:\WINDOWS\mozver.dat
2007-08-02 23:04:58 0 d-------- C:\Program Files\Common Files
2007-07-22 15:03:58 0 d-------- C:\Documents and Settings\Wiljami\Application Data\Adobe
2007-07-21 13:03:41 913408 --a------ C:\WINDOWS\system32\xreglib.dll
2007-07-21 12:53:59 0 d-------- C:\Program Files\NVIDIA Corporation
2007-07-21 00:50:21 0 d-------- C:\Program Files\Common Files\Adobe
2007-07-19 23:38:42 366492 --a------ C:\WINDOWS\system32\perfh00B.dat
2007-07-19 23:38:42 70990 --a------ C:\WINDOWS\system32\perfc00B.dat
2007-07-16 18:46:57 0 d-------- C:\Documents and Settings\Wiljami\Application Data\Macromedia
2007-06-29 00:43:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-06-29 00:43:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-06-29 00:43:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-06-29 00:43:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-06-29 00:43:00 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-06-29 00:43:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-06-29 00:43:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-06-29 00:43:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-06-28 23:05:25 0 d-------- C:\Program Files\Messenger
2007-06-27 22:18:15 0 d-------- C:\Program Files\Movie Maker
2007-06-27 22:17:40 0 d-------- C:\Program Files\Windows NT
2007-06-22 17:29:06 0 d-------- C:\Program Files\ASUS
2007-06-21 22:15:27 0 d-------- C:\Documents and Settings\Wiljami\Application Data\WinRAR
2007-06-20 22:50:12 0 d-------- C:\Documents and Settings\Wiljami\Application Data\InstallShield
2007-06-20 22:01:01 0 d-------- C:\Program Files\Logitech
2007-06-20 22:01:01 0 d-------- C:\Program Files\Common Files\Logitech
2007-06-20 22:00:55 0 d-------- C:\Program Files\Common Files\InstallShield
2007-06-20 21:57:05 0 d--h----- C:\Program Files\WindowsUpdate
2007-06-20 21:56:31 0 --a------ C:\WINDOWS\nsreg.dat
2007-06-20 21:56:30 0 d-------- C:\Documents and Settings\Wiljami\Application Data\Mozilla
2007-06-20 02:05:58 62 --ahs---- C:\Documents and Settings\Wiljami\Application Data\desktop.ini
2007-06-20 02:02:45 0 d-------- C:\Program Files\Common Files\ODBC
2007-06-20 02:02:42 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-06-20 01:27:23 0 d-------- C:\Program Files\Realtek
2007-06-20 01:13:13 0 d-------- C:\Documents and Settings\Wiljami\Application Data\Identities
2007-06-20 01:10:41 0 d-------- C:\Program Files\microsoft frontpage
2007-06-20 01:10:29 0 -rahs---- C:\MSDOS.SYS
2007-06-20 01:10:29 0 -rahs---- C:\IO.SYS
2007-06-20 01:10:29 0 --a------ C:\CONFIG.SYS
2007-06-20 01:10:29 0 --a------ C:\AUTOEXEC.BAT
2007-06-20 01:09:17 0 d-------- C:\Program Files\Common Files\MSSoap
2007-06-20 01:08:49 21672 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-06-20 01:08:46 0 d-------- C:\Program Files\Online Services
2007-06-20 01:08:41 0 d-------- C:\Program Files\MSN Gaming Zone
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [31.10.2006 07:27]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [30.10.2006 15:44]
"Logitech Utility"="Logi_MwX.Exe" [11.12.2003 09:50 C:\WINDOWS\LOGI_MWX.EXE]
"BDMCon"="e:\BITDEF~1\bdmcon.exe" [21.07.2007 13:03]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [29.06.2007 00:43]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [15.09.2004 02:12]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusStartupHelp]
C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
"E:\BitDefender plus v10\bdagent.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]
C:\WINDOWS\System32\JMRaidSetup.exe boot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
-- End of Deckard's System Scanner: finished at 2007-08-09 at 17:19:48 ---------
Deckard's System Scanner v20070807.62
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Other (040B) - see http://preview.tinyurl.com/mhhp6
CPU 0: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz
CPU 1: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz
Percentage of Memory in Use: 19%
Physical Memory (total/avail): 2046.48 MiB / 1649.86 MiB
Pagefile Memory (total/avail): 3942.18 MiB / 3646.57 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1961.06 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 75.13 GiB total, 3 GiB free.
D: is Fixed (NTFS) - 136.72 GiB total, 97.43 GiB free.
E: is Fixed (NTFS) - 195.32 GiB total, 95.63 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)
H: is Fixed (NTFS) - 58.59 GiB total, 58.52 GiB free.
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
AntivirusOverride is set.
FW: Bitdefender Firewall v8.0 (Softwin)
AV: Bitdefender Antivirus v8.0 (Softwin) Outdated
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\\Utorrent\\utorrent.exe"="E:\\Utorrent\\utorrent.exe:*:Enabled:µTorrent"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Wiljami\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BANAANI
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Wiljami
LOGONSERVER=\\BANAANI
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;E:\Maya3D 8.5\bin;E:\Backburner\;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Wiljami\LOCALS~1\Temp
TMP=C:\DOCUME~1\Wiljami\LOCALS~1\Temp
USERDOMAIN=BANAANI
USERNAME=Wiljami
USERPROFILE=C:\Documents and Settings\Wiljami
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Wiljami (admin)
Järjestelmänvalvoja (new local, admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> E:\Nero Burning\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
--> MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3dsmax ancillary install --> MsiExec.exe /I{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}
517142 - ZBrush (Windows) (Shared Components) --> C:\Program Files\Common Files\element5 Shared\Uninstall\517142 ZBrush Windows\B1FFA000\UninstApplet.exe /uninstall
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 8.1.0 - Suomi --> MsiExec.exe /I{AC76BA86-7AD7-1035-7B44-A81000000003}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
ASUS Probe V2.25.02 --> C:\WINDOWS\uninst.exe -fd:\Probe2\DeIsL1.isu -c"d:\Probe2\probunis.dll"
µTorrent --> "E:\Utorrent\uninstall.exe"
Autodesk 3ds Max 9 32-bit --> MsiExec.exe /I{E96D4088-AAC5-437F-9E39-EC0E387897B4}
Autodesk Design Review 2008 --> MsiExec.exe /I{FACF203E-0F4D-489A-B80C-D185253C8FCB}
Autodesk DWF Viewer 7 --> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Backburner --> MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379}
BitDefender Antivirus Plus v10 --> MsiExec.exe /I{F9FFD19E-B9BA-4C0C-B088-A385F9E9A15B}
Command & Conquer 3 --> MsiExec.exe /I{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}
DivX Codec --> E:\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> E:\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> E:\DivX\DivXWebPlayerUninstall.exe /PLUGIN
FBX Plugin 2006.08 for Max 9.0 --> C:\Program Files\Autodesk\FBX\FbxPlugins\2006.08\Max90\Uninstall.exe
Genesis Rising --> "D:\Genesis Rising\unins000.exe"
GPGNet --> MsiExec.exe /I{C194D333-B84A-4BB7-B35E-060732D98DC4}
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXP$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Documents and Settings\Wiljami\Omat tiedostot\HijackThis.exe" /uninstall
Hotfix-päivitys Windows XP:lle (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix-päivitys Windows XP:lle (KB935448) --> "C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
JMB36X Raid Configurer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly
Logitech MouseWare 9.80 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0xb -l000b UNINSTALL
Lost Planet Extreme Condition --> MsiExec.exe /I{AD281A87-2AD3-4CEB-AF85-468FD84698D8}
Maya 8.5 --> MsiExec.exe /I{A1E0E88A-F5E9-4414-A0D7-31940E965EC5}
Maya 8.5 Documentation (en_US) --> MsiExec.exe /I{81525B87-9344-4834-883C-C6A9D78EA1DF}
Medieval II Total War --> C:\Program Files\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\Setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0.0.6) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 7 Ultra Edition --> MsiExec.exe /I{235BBFC6-D863-4066-A01A-3BD504C31035}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA nTune --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1035
Overlord --> C:\Program Files\InstallShield Installation Information\{259A8A5E-2886-4BED-9EF1-D5485282CCC3}\Setup.exe -runfromtemp -l0x0009 -removeonly
PC Probe II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\Setup.exe" -l0x9
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Päivitys Windows XP:lle (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
PowerQuest PartitionMagic 8.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
Prey --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A785BBA7-3FB9-4D81-BC35-4A2028915ACB}\setup.exe" -l0x9 -removeonly
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0xb -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Suojauspäivitys ohjelmistolle Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB904706) -->
Suojauspäivitys Windows XP:lle (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB913433) --> C:\WINDOWS\System32\MacroMed\Flash\genuinst.exe C:\WINDOWS\System32\MacroMed\Flash\KB913433.inf
Suojauspäivitys Windows XP:lle (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB933566) --> "C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Supreme Commander --> C:\Program Files\InstallShield Installation Information\{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}\setup.exe -runfromtemp -l0x0009 -removeonly
Sword of the Stars --> D:\Sword of the Stars\Uninstall.exe
Video ActiveX Solution 1.15 --> C:\Program Files\Video ActiveX Access\uninst.exe
Wings 3D 0.98.36 --> E:\wings3d_0.98.36\Uninstall.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
VobSub v2.23 (Remove Only) --> "C:\Documents and Settings\Wiljami\Työpöytä\VobSub\uninstall.exe"
ZBrush3 --> MsiExec.exe /I{6084D038-3401-4C9D-A216-86E6EEA25AFB}
-- Application Event Log -------------------------------------------------------
Event ID #675: Error
Event Submitted/Written: 08/09/2007 05:15:37 PM
Event Source: RaySat_3dsmax9_32 Server
Event Description:
(1632) getservbyname: Pyydetty nimi on kelvollinen ja löytyi tietokannasta, mutta siihen ei ole yhdistetty haettavia tietoja (0x2afc)
Event ID #670: Error
Event Submitted/Written: 08/09/2007 00:17:53 AM
Event Source: RaySat_3dsmax9_32 Server
Event Description:
(1632) getservbyname: Pyydetty nimi on kelvollinen ja löytyi tietokannasta, mutta siihen ei ole yhdistetty haettavia tietoja (0x2afc)
Event ID #664: Error
Event Submitted/Written: 08/08/2007 11:35:56 PM
Event Source: RaySat_3dsmax9_32 Server
Event Description:
(1632) getservbyname: Pyydetty nimi on kelvollinen ja löytyi tietokannasta, mutta siihen ei ole yhdistetty haettavia tietoja (0x2afc)
Event ID #661: Error
Event Submitted/Written: 08/08/2007 11:27:31 PM
Event Source: Application Hang
Event Description:
Lukkiutunut sovellus wic.exe, versio 0.9.0.0, lukkiutumismoduuli hungapp, versio 0.0.0.0, lukkiutumisosoite 0x00000000.
Event ID #658: Error
Event Submitted/Written: 08/08/2007 11:05:56 PM
Event Source: RaySat_3dsmax9_32 Server
Event Description:
(1632) getservbyname: Pyydetty nimi on kelvollinen ja löytyi tietokannasta, mutta siihen ei ole yhdistetty haettavia tietoja (0x2afc)
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event ID #3313: Error
Event Submitted/Written: 08/09/2007 05:15:38 PM
Event Source: Service Control Manager
Event Description:
Palvelua DS1410D ei voi käynnistää. Virhekoodi on
%%2
Event ID #3289: Error
Event Submitted/Written: 08/09/2007 00:18:15 AM
Event Source: Service Control Manager
Event Description:
Palvelua DS1410D ei voi käynnistää. Virhekoodi on
%%2
Event ID #3267: Error
Event Submitted/Written: 08/08/2007 11:35:59 PM
Event Source: Service Control Manager
Event Description:
Palvelua DS1410D ei voi käynnistää. Virhekoodi on
%%2
Event ID #3243: Error
Event Submitted/Written: 08/08/2007 11:06:01 PM
Event Source: Service Control Manager
Event Description:
Palvelua DS1410D ei voi käynnistää. Virhekoodi on
%%2
Event ID #3211: Error
Event Submitted/Written: 08/08/2007 10:58:25 PM
Event Source: Service Control Manager
Event Description:
Palvelua DS1410D ei voi käynnistää. Virhekoodi on
%%2
-- End of Deckard's System Scanner: finished at 2007-08-09 at 17:19:48 ---------
Hello World!
|
|
Auttaja
Suspended permanently
|
9. elokuuta 2007 @ 13:34 |
Linkki tähän viestiin
|
Lataa SDFix by AndyManchesta http://downloads.andymanchesta.com/RemovalTools/SDFix.exe ja tallenna se työpöydällesi.
Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi:
* Käynnistä tietokone
* Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa
* Seuraavaksi pitäisi ilmestyä valikko
* Valitse valikosta vikasietotila.
* Tee ohjelmalle oma kansio C:\SDFix ja siirrä se sinne
* Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
* Paina Y käynnistääksesi skriptin.
* Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
* Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
* Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
* Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
* Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
* Lopuksi avaa SDFix kansio ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi
|
|
Wiljami
Junior Member
|
9. elokuuta 2007 @ 18:25 |
Linkki tähän viestiin
|
|
Tässäpä tämä
SDFix: Version 1.97
Run by Wiljami on to 09.08.2007 at 22:16
Microsoft Windows XP [versio 5.1.2600]
Running From: C:\SDFix\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"E:\\Utorrent\\utorrent.exe"="E:\\Utorrent\\utorrent.exe:*:Enabled:æTorrent"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
---------------
Files with Hidden Attributes:
Finished
Hello World!
|
|
Auttaja
Suspended permanently
|
9. elokuuta 2007 @ 20:49 |
Linkki tähän viestiin
|
Pysy puhtaana
-> Tyhjennä järjestelmänpalautus Ohjeet
Tyhjennä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä.
-> Käytä CCleaneria -> CCleaner
Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.
-> Asenna SpywareBlaster -> SpywareBlaster
SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia!
Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas
-> Asenna MVPS Hosts tiedosto -> MVPS Hosts
Estää koneesi yhteyden haitallisiin sivustoihin.
Opas saatavilla suomeksi! Nimimerkki Axelin opas
-> Vaihda selaimesi Firefoxiin -> Firefox
Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer.
-> Pidä järjestelmäsi ajantasalla. -> Windows Update
Vieraile Windows Updatessa säännöllisesti.
-> Pidä palomuuri ja virustorjunta ajantasalla
Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi.
ja hyvä myös escan http://koti.mbnet.fi/pattaya1/escanmwav.htm
->Pidä ohjelmistosi ajantasalla. -> Secunia Software Inspector
Secunia Software Inspector tutkii sinun järjestälmäsi ja ohjelmistosi puuttuvien turvallisuuspäivityksien osalta. Tavallinen tutkinta kestää normaalisti 5-40 sekuntia, kun läpikotainen (thorough system inspection) voi kestää useita minuutteja.
->Seuraa säännöllisesti viestintäviraston tietoja uusista haavoittuvuuksista -> CERT-FI
Jos tulevaisuudessa tulee haittaohjelmien kanssa ongelmia, älä epäröi laittaa Hijackthis-logia tarkistettavaksi!
|
|
Wiljami
Junior Member
|
10. elokuuta 2007 @ 12:07 |
Linkki tähän viestiin
|
|
Kiitos oiken paljon avusta! Tuli puhdasta.
Voitko vielä auttaa poistamaan tuon mafia pelin kansion kun en saa ti pois.
Eli se sijaitsee
C:\Program Files\Mafia
Pelin olen jo uninstalloinut mutta tuo kansio ei vain poistu, se myös näkyy tuolla käynnistä valikon ohjelmissa mutta sieltä siihen ei saa mitään yhteyttä eli hiiren oikealla napilla ei aukea valikkoa.
Itse kansion päältä saa avattua valikon mutta mitään sille ei kuitenkaan pysty tekemään. Olen tehnyt kovon tarkistuksen eikä siellä ollut ongelmia. Poistamista kun yrittää kertoo windows vain että "Ei voi poistaa tiedosto: lähdetiedostosta tai levyltä ei voi lukea."
Kiitos vielä avusta.
Hello World!
|
|
Auttaja
Suspended permanently
|
10. elokuuta 2007 @ 12:20 |
Linkki tähän viestiin
|
Avaa Notepad ja kopioi/liitä allaolevassa lainausboxissa oleva teksti sinne:
Lainaus:
Folder::
C:\Program Files\Mafia
Tallenna se nimellä CFScript (Tarkista että on juuri noin kirjoitettu)
Sitten raahaa CFScript ComboFix.exeen kuten alla.
Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.
|
|
Wiljami
Junior Member
|
10. elokuuta 2007 @ 18:08 |
Linkki tähän viestiin
|
Eipä se pyytänyt uudelleen käynnistämään?!?
Pitääko siihen filun nimeen jäädä se .txt vai ei? Kokeilin kummallakin tavalla muttei mitään sen kummempaa tapahtunut. Mafia kansiokin on vielä paikallaan. Mutta tässä vielä tuo logi
ComboFix 07-08-09.3 - "Wiljami" 2007-08-10 22:00:43.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1547 [GMT 3:00]
Command switches used :: C:\Documents and Settings\Wiljami\Ty?p?yt?\CFScript
* Created a new restore point
((((((((((((((((((((((((( Files Created from 2007-07-10 to 2007-08-10 )))))))))))))))))))))))))))))))
2007-08-10 01:05 d--hs---- C:\$RECYCLE.BIN
2007-08-10 00:38 d--hs---- C:\Boot
2007-08-09 22:16 d-------- C:\WINDOWS\ERUNT
2007-08-09 17:17 d-------- C:\Deckard
2007-08-09 00:27 d-------- C:\WINDOWS\pss
2007-08-08 23:21 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-08-08 23:21 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-08-08 23:21 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-08-08 23:02 d-------- C:\!KillBox
2007-08-07 20:57 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-07 20:19 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-07 18:21 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-07 13:41 3,364 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-07 13:40 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-08-07 13:40 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-07 13:40 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-08-07 13:26 6,006 --a------ C:\dnsbak.reg
2007-08-07 13:20 dr------- C:\DOCUME~1\JRJEST~1\Omat tiedostot
2007-08-07 13:13 626,688 --a------ C:\DOCUME~1\JRJEST~1\NTUSER.DAT
2007-08-07 13:13 dr------- C:\DOCUME~1\JRJEST~1\K?ynnist?-valikko
2007-08-07 13:13 d--hs---- C:\WINDOWS\CSC
2007-08-07 13:13 d--h----- C:\DOCUME~1\JRJEST~1\Verkkoymp?rist?
2007-08-07 13:13 d--h----- C:\DOCUME~1\JRJEST~1\Tulostinymp?rist?
2007-08-07 13:13 d--h----- C:\DOCUME~1\JRJEST~1\Mallit
2007-08-07 13:13 d-------- C:\DOCUME~1\JRJEST~1\Ty?p?yt?
2007-08-07 13:13 d-------- C:\DOCUME~1\JRJEST~1\Suosikit
2007-08-07 12:59 194 --a------ C:\WINDOWS\system32\RBDELDRV.BAT
2007-08-07 12:52 d-------- C:\WINDOWS\system32\fi-fi
2007-08-07 12:50 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2007-08-07 12:50 d-------- C:\WINDOWS\network diagnostic
2007-08-04 23:23 d----c--- C:\WINDOWS\system32\DRVSTORE
2007-08-02 18:39 C:\WINDOWS\Mafia
2007-08-02 18:39 C:\Program Files\Mafia
2007-07-29 14:37 52,736 --a------ C:\WINDOWS\ipuninst.exe
2007-07-28 01:00 d-------- C:\DOCUME~1\Wiljami\APPLIC~1\Command & Conquer 3 Tiberium Wars
2007-07-28 00:57 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-07-28 00:57 dr-h----- C:\DOCUME~1\Wiljami\APPLIC~1\SecuROM
2007-07-25 22:02 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-07-25 22:02 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-07-25 22:02 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-07-25 22:02 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-07-25 08:50 d--hs---- C:\WINDOWS\ftpcache
2007-07-24 22:56 d-------- C:\Program Files\Common Files\DirectX
2007-07-24 22:54 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-07-24 22:54 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-07-24 22:54 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-07-23 12:12 d-------- C:\Program Files\Common Files\element5 Shared
2007-07-23 12:12 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\element5
2007-07-22 22:47 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-07-22 18:35 d-------- C:\Program Files\MSXML 4.0
2007-07-22 11:27 d-------- C:\DOCUME~1\Wiljami\APPLIC~1\Ahead
2007-07-22 11:25 d-------- C:\Program Files\Common Files\Ahead
2007-07-22 11:25 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-07-21 23:32 d-------- C:\DOCUME~1\Wiljami\APPLIC~1\DivX
2007-07-21 23:31 36,624 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-07-21 23:31 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-07-21 23:31 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-07-21 23:31 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-21 23:31 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-07-21 23:31 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-07-21 23:22 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
2007-07-21 23:22 160,640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
2007-07-21 21:15 d--h----- C:\WINDOWS\PIF
2007-07-21 12:58 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-07-21 12:58 d-------- C:\DOCUME~1\Wiljami\APPLIC~1\Bitdefender
2007-07-21 12:56 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender
2007-07-21 01:09 8,576 --a------ C:\WINDOWS\system32\drivers\ewwgyccycpsb.sys
2007-07-21 00:52 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-07-21 00:50 d-------- C:\Program Files\Bonjour
2007-07-21 00:45 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-07-21 00:29 d-------- C:\S?l?
2007-07-21 00:28 d-------- C:\Kone
2007-07-21 00:27 d-------- C:\Pelit
2007-07-21 00:26 d-------- C:\2D-3D
2007-07-21 00:15 d-------- C:\FlexLm
2007-07-21 00:14 685,056 --a------ C:\WINDOWS\system32\drivers\hardlock.sys
2007-07-21 00:14 20,032 -ra------ C:\WINDOWS\system32\drivers\SNTNLUSB.SYS
2007-07-21 00:14 d-------- C:\WINDOWS\system32\RNBOSENT
2007-07-21 00:13 6,656 --a------ C:\WINDOWS\system32\haspvdd.dll
2007-07-21 00:13 47,616 --a------ C:\WINDOWS\system32\drivers\Haspnt.sys
2007-07-21 00:13 383 --a------ C:\WINDOWS\system32\haspdos.sys
2007-07-21 00:13 305,152 --a------ C:\WINDOWS\IsUninst.exe
2007-07-21 00:13 d-------- C:\Program Files\Common Files\Alias Shared
2007-07-20 17:41 d-------- C:\DOCUME~1\Wiljami\APPLIC~1\Downloaded Installations
2007-07-20 17:31 d-------- C:\Program Files\QuickTime
2007-07-20 17:31 d-------- C:\Program Files\Apple Software Update
2007-07-20 17:31 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-20 17:17 d-------- C:\WINDOWS\system32\LogFiles
2007-07-19 23:41 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk
2007-07-19 23:38 d-------- C:\Program Files\Common Files\Autodesk Shared
2007-07-19 23:38 d-------- C:\Program Files\Autodesk
2007-07-19 14:55 39 --a------ C:\WINDOWS\TDEVXCW60.DLL
2007-07-19 14:55 39 --a------ C:\WINDOWS\system32\TEVPXCW60.DLL
2007-07-16 23:07 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-07-16 19:43 d-------- C:\DOCUME~1\Wiljami\APPLIC~1\Wings3D
2007-07-16 13:04 d-------- C:\WINDOWS\system32\appmgmt
2007-07-16 13:02 d-------- C:\DOCUME~1\Wiljami\APPLIC~1\Apple Computer
2007-07-16 12:06 d-------- C:\WINDOWS\Downloaded Installations
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-10 16:32 --------- d-------- C:\DOCUME~1\Wiljami\APPLIC~1\uTorrent
2007-08-08 23:19 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-07 10:53 359808 --a--c--- C:\WINDOWS\system32\dllcache\TCPIP.SYS
2007-08-07 10:53 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2007-08-07 10:53 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-08-06 11:13 8704 --a-s---- C:\WINDOWS\system32\eigbbb.dll
2007-08-02 23:06 1277 --a------ C:\WINDOWS\mozver.dat
2007-07-21 13:03 913408 --a------ C:\WINDOWS\system32\xreglib.dll
2007-07-21 12:53 --------- d-------- C:\Program Files\NVIDIA Corporation
2007-07-19 23:38 70990 --a------ C:\WINDOWS\system32\perfc00B.dat
2007-07-19 23:38 366492 --a------ C:\WINDOWS\system32\perfh00B.dat
2007-07-09 22:07 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-09 22:07 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-09 22:07 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-09 22:07 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-09 22:05 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-09 22:05 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-09 22:05 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-09 22:05 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-09 22:05 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-09 22:05 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-09 22:05 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-09 22:05 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-09 22:05 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-09 22:05 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-09 22:05 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-09 22:05 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-09 22:05 124472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-07-09 22:05 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-06-29 00:43 8466432 --a------ C:\WINDOWS\system32\nvcpl.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvmctray.dll
2007-06-29 00:43 753664 --a------ C:\WINDOWS\system32\nvcplui.exe
2007-06-29 00:43 6807328 --a--c--- C:\WINDOWS\system32\dllcache\nv4_mini.sys
2007-06-29 00:43 6807328 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-06-29 00:43 6729728 --a------ C:\WINDOWS\system32\nvoglnt.dll
2007-06-29 00:43 6234112 --a------ C:\WINDOWS\system32\nvdisps.dll
2007-06-29 00:43 5690624 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-06-29 00:43 5455872 --a------ C:\WINDOWS\system32\nvdispsr.dll
2007-06-29 00:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-06-29 00:43 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2007-06-29 00:43 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2007-06-29 00:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-06-29 00:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcodins.dll
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcod.dll
2007-06-29 00:43 360448 --a------ C:\WINDOWS\system32\nvapi.dll
2007-06-29 00:43 3600384 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2007-06-29 00:43 3518464 --a------ C:\WINDOWS\system32\nvvitvs.dll
2007-06-29 00:43 3321856 --a------ C:\WINDOWS\system32\nvgames.dll
2007-06-29 00:43 3072000 --a------ C:\WINDOWS\system32\nvgamesr.dll
2007-06-29 00:43 307200 --a------ C:\WINDOWS\system32\nvexpbar.dll
2007-06-29 00:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2007-06-29 00:43 2854912 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2007-06-29 00:43 2416640 --a------ C:\WINDOWS\system32\nvwssr.dll
2007-06-29 00:43 2330624 --a------ C:\WINDOWS\system32\nvwss.dll
2007-06-29 00:43 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2007-06-29 00:43 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2007-06-29 00:43 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-06-29 00:43 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-06-29 00:43 155716 --a------ C:\WINDOWS\system32\nvsvc32.exe
2007-06-29 00:43 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-06-29 00:43 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2007-06-29 00:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-06-29 00:43 1142784 --a------ C:\WINDOWS\system32\nvmobls.dll
2007-06-29 00:43 1073152 --a------ C:\WINDOWS\system32\nvcpluir.dll
2007-06-29 00:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-06-29 00:43 1018772 --a------ C:\WINDOWS\system32\nvucode.bin
2007-06-28 23:05 --------- d-------- C:\Program Files\Messenger
2007-06-27 22:18 --------- d-------- C:\Program Files\Movie Maker
2007-06-27 22:17 --------- d-------- C:\Program Files\Windows NT
2007-06-22 17:29 --------- d-------- C:\Program Files\ASUS
2007-06-21 22:15 --------- d-------- C:\DOCUME~1\Wiljami\APPLIC~1\WinRAR
2007-06-20 22:50 --------- d-------- C:\DOCUME~1\Wiljami\APPLIC~1\InstallShield
2007-06-20 22:01 --------- d-------- C:\Program Files\Logitech
2007-06-20 22:01 --------- d-------- C:\Program Files\Common Files\Logitech
2007-06-20 22:00 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-06-20 21:57 --------- d--h----- C:\Program Files\WindowsUpdate
2007-06-20 21:56 0 --a------ C:\WINDOWS\nsreg.dat
2007-06-20 02:02 --------- d-------- C:\Program Files\Common Files\SpeechEngines
2007-06-20 02:02 --------- d-------- C:\Program Files\Common Files\ODBC
2007-06-20 01:27 --------- d-------- C:\Program Files\Realtek
2007-06-20 01:10 0 -rahs---- C:\MSDOS.SYS
2007-06-20 01:10 0 -rahs---- C:\IO.SYS
2007-06-20 01:10 0 --a------ C:\CONFIG.SYS
2007-06-20 01:10 0 --a------ C:\AUTOEXEC.BAT
2007-06-20 01:10 --------- d-------- C:\Program Files\microsoft frontpage
2007-06-20 01:09 --------- d-------- C:\Program Files\Common Files\MSSoap
2007-06-20 01:08 21672 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-06-20 01:08 --------- d-------- C:\Program Files\Online Services
2007-06-20 01:08 --------- d-------- C:\Program Files\MSN Gaming Zone
2007-05-16 18:14 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 18:14 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 18:14 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 18:14 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 18:14 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 18:14 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2006-10-31 07:27]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 15:44]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 09:50 C:\WINDOWS\LOGI_MWX.EXE]
"BDMCon"="e:\BITDEF~1\bdmcon.exe" [2007-07-21 13:03]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusStartupHelp]
C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
"E:\BitDefender plus v10\bdagent.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]
C:\WINDOWS\System32\JMRaidSetup.exe boot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
R0 a347bus;a347bus;C:\WINDOWS\system32\DRIVERS\a347bus.sys
R0 a347scsi;a347scsi;C:\WINDOWS\system32\Drivers\a347scsi.sys
R0 JGOGO;JMicron Hot-Plug Driver;C:\WINDOWS\system32\DRIVERS\JGOGO.sys
R0 JRAID;JRAID;C:\WINDOWS\system32\DRIVERS\jraid.sys
R1 AsIO;AsIO;C:\WINDOWS\system32\drivers\AsIO.sys
R1 aslm75;aslm75;\??\C:\WINDOWS\system32\drivers\aslm75.sys
R1 PQNTDrv;PQNTDrv;C:\WINDOWS\system32\drivers\PQNTDrv.sys
R2 Hardlock;Hardlock;\??\C:\WINDOWS\system32\drivers\hardlock.sys
R3 MTsensor;ATK0110 ACPI UTILITY;C:\WINDOWS\system32\DRIVERS\ASACPI.sys
R3 NVR0Dev;NVR0Dev;\??\C:\WINDOWS\nvoclock.sys
S2 DS1410D;DS1410D;\??\C:\WINDOWS\system32\drivers\ds1410d.sys
S4 Messagcr;Messagcr;c:\temp\svchost.exe
Contents of the 'Scheduled Tasks' folder
2007-07-24 12:01:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-10 22:01:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x00ffc\xd3w\2]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120"
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVG Anti-Spyware Driver]
"ImagePath"="\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVG Anti-Spyware Guard]
"ImagePath"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AvgAsCln]
"ImagePath"="System32\DRIVERS\AvgAsCln.sys"
Completion time: 2007-08-10 22:01:26
C:\ComboFix2.txt ... 2007-08-10 21:52
C:\ComboFix3.txt ... 2007-08-07 22:52
--- E O F ---
Hello World!
|
|
Auttaja
Suspended permanently
|
10. elokuuta 2007 @ 18:14 |
Linkki tähän viestiin
|
|
|
Wiljami
Junior Member
|
10. elokuuta 2007 @ 18:48 |
Linkki tähän viestiin
|
|
Juu kokeiltu on vikasietotilaa muttei auta. Huomasin muuten että tuolla windowsin kansiossa oli kanssa mafia kansio jossa oli uninstal.exe jonka sai poistettua mutta kansiota ei. Sitten huomasin kanssa että logissa
2007-08-07 12:50 d-------- C:\WINDOWS\network diagnostic
2007-08-04 23:23 d----c--- C:\WINDOWS\system32\DRVSTORE
2007-08-02 18:39 C:\WINDOWS\Mafia
2007-08-02 18:39 C:\Program Files\Mafia
2007-07-29 14:37 52,736 --a------ C:\WINDOWS\ipuninst.exe
2007-07-28 01:00 d-------- C:\DOCUME~1\Wiljami\APPLIC~1\Command & Conquer 3 Tiberium Wars
noissa mafia riveissä ei ole samanlaisia juttuja edessä kuin noissa muissa riveissä eli d------ pläpläplää osaa. Tarkoittaako se jotain?
Hello World!
|
|
Auttaja
Suspended permanently
|
10. elokuuta 2007 @ 18:58 |
Linkki tähän viestiin
|
|
Uskosin sen tarkottavan että tiedostot ovat jollain tavalla vahingoittuneita ett niit ei pysty lukee...
|
|
Wiljami
Junior Member
|
10. elokuuta 2007 @ 19:01 |
Linkki tähän viestiin
|
|
Yritin vielä poistaa killboxilla mutta tulee tälläinen ilmoitus
"PendingFileRenameOperations Registry Data has been Removed by External Process!"
Mitäs tää meinaa?
Ihme juttu kun ei saa poistettua.
Hello World!
|
|
Wiljami
Junior Member
|
10. elokuuta 2007 @ 19:05 |
Linkki tähän viestiin
|
|
Kansioihin pystyy laittamaan tiedostoja ja niitä pystyy käyttämään sekä poistamaan sieltä mutta kansiota ei.. tosi hassua.
Hello World!
|
|
Mainos
|
|
|
|
Auttaja
Suspended permanently
|
10. elokuuta 2007 @ 19:08 |
Linkki tähän viestiin
|
Luo käynnistyslista
* Avaa HiJackThis
* Klikkaa "Configure" valintaa oikealla alhaalla
* Klikkaa "Misc Tools"
* Rastita 2 boxia boxin vierestä jossa lukee "Generate StartupList log"
* Klikkaa valintaa "Generate StartupList log"
* Kopioi ja liitä käynnistyslistasi muistiosta postiisi
|
|
