|
Ponnahdusikkunat...
|
|
|
salaba
Suspended due to non-functional email address
|
9. marraskuuta 2008 @ 14:57 |
Linkki tähän viestiin
|
Morjens!
Olis sellast asiaa et mikäköhän auttas ku netti heittelee ponnahdusikkunoita vähän väliä, vaikka ponnahdusikkunoiden esto päällä.
HJT-logi:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:55:59, on 9.11.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\MSI\BTOESB~1\BTSTAC~1.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_8BB2992914609B0A.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [poke mp3 cdrom meta] C:\Documents and Settings\All Users\Application Data\Jump Poll Poke Mp3\Grey bind.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-TJHL1.exe" /REG
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Tickonline] C:\DOCUME~1\Omistaja\APPLIC~1\GREYRE~1\titlethird.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.nelonen.fi
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/...ex/qtplugin.cab
O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} (IfolorUploader Control) - http://fika-web.ifolor.net/OrderingGener...loader_fika.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5CE72DD0-4695-4D18-A4D3-3367ACD37578} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onl.../fshc/fscax.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1202207984875
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1202208096359
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://fi.photobox.com/clients/uploader_v2.2.0.6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E48DA8A-7B31-4CDA-AB28-1EC3D2FF6092}: NameServer = 213.139.190.3 212.50.131.153
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 9252 bytes
|
AfterDawn Addict
|
9. marraskuuta 2008 @ 21:27 |
Linkki tähän viestiin
|
En tunnistanut palomuuria koneeltasi.
Asennukset on syytä tehdä Järjestelmänvalvojan tunnuksilla
Asenna koneellesi YKSI palomuuriohjelma NYT:
1) ZoneAlarm
2) Agnitum
3) Sunbelt/Kerio
4) Comodo
Jos käytät sisäänrakennettua Windowsin palomuuria, se ei ole suositeltua sillä se ei estä koneelta ulosmeneviä yhteyksiä.
Muista käyttää vain yhtä palomuuria kerrallaan.
----------------------------------------------------------------
Lataa Lop S&D TÄÄLTÄ
Irroita nettipiuha seinästä siksi aikaa.
On suositeltavaa ottaa virustorjunnan reaaliaikainen tarkistus pois päältä
ettei se häiritse Lop S&D:n toimintaa; voit laittaa sen
takaisin päälle tarkistuksen jälkeen
Lataa Lop S&D TÄÄLTÄ
Tuplaklikkaa Lop S&D.exeä
Valitse Suomi kieleksi painamalla U ja Enter.
Tämän jälkeen valitse Optio 1 (Etsi) painamalla 1 ja Enter
Odota, kunnes tarkistus on valmis
Loki avautuu muistioon. Lähetä se seuraavassa viestissäsi. Se löytyy myös sijainnista
Lähetä C:\lopR.txt ja HJT logi
.
(:)
|
|
salaba
Suspended due to non-functional email address
|
14. marraskuuta 2008 @ 19:17 |
Linkki tähän viestiin
|
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3000+ )
BIOS : BIOS Date: 09/06/05 20:25:26 Ver: 08.00.09
USER : Omistaja ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081114-0] 4.8.1229 (Not Activated)
Firewall : (Not Activated)
C:\ (Local Disk) - NTFS - Total:58 Go (Free:47 Go)
D:\ (Local Disk) - NTFS - Total:58 Go (Free:32 Go)
E:\ (Local Disk) - NTFS - Total:69 Go (Free:41 Go)
F:\ (CD or DVD)
G:\ (CD or DVD)
H:\ (USB)
I:\ (USB)
J:\ (CD or DVD)
K:\ (CD or DVD)
L:\ (CD or DVD)
M:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( pe 14.11.2008|19:13 )
--------------------\\ Listaa hakemistoja sijainnissa APPLIC~1
[24.02.2008|14:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[07.06.2008|20:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[07.06.2008|20:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[05.02.2008|17:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI MMC
[23.07.2008|21:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodata Limited
[21.05.2008|17:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg8
[21.03.2008|21:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Backup
[03.03.2008|23:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\F-Secure
[03.03.2008|23:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\fssg
[04.10.2008|15:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[23.03.2008|23:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[21.03.2008|20:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft(2)
[10.11.2008|13:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Jump Poll Poke Mp3
[02.08.2008|14:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[11.06.2008|15:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[22.03.2008|09:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[31.07.2008|21:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Software
[31.07.2008|21:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound
[21.03.2008|21:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\sentinel
[19.06.2008|20:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[07.06.2008|20:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[05.02.2008|13:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[05.02.2008|14:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[07.08.2008|22:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ZoomBrowser
[0|tiedosto(a)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\tavua
[26|kansio(ta)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\tavua vapaana
[05.02.2008|11:06] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[0|tiedosto(a)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\tavua
[3|kansio(ta)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\tavua vapaana
[21.03.2008|20:20] C:\DOCUME~1\JRJEST~1\APPLIC~1\Microsoft
[0|tiedosto(a)] C:\DOCUME~1\JRJEST~1\APPLIC~1\tavua
[3|kansio(ta)] C:\DOCUME~1\JRJEST~1\APPLIC~1\tavua vapaana
[25.03.2008|19:21] C:\DOCUME~1\JRJEST~1.JAN\APPLIC~1\Grisoft
[21.05.2008|17:03] C:\DOCUME~1\JRJEST~1.JAN\APPLIC~1\Microsoft
[0|tiedosto(a)] C:\DOCUME~1\JRJEST~1.JAN\APPLIC~1\tavua
[4|kansio(ta)] C:\DOCUME~1\JRJEST~1.JAN\APPLIC~1\tavua vapaana
[10.06.2008|23:14] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[21.05.2008|17:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[0|tiedosto(a)] C:\DOCUME~1\LOCALS~1\APPLIC~1\tavua
[4|kansio(ta)] C:\DOCUME~1\LOCALS~1\APPLIC~1\tavua vapaana
[21.05.2008|17:03] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[0|tiedosto(a)] C:\DOCUME~1\NETWOR~1\APPLIC~1\tavua
[3|kansio(ta)] C:\DOCUME~1\NETWOR~1\APPLIC~1\tavua vapaana
[24.02.2008|19:19] C:\DOCUME~1\Omistaja\APPLIC~1\Adobe
[24.02.2008|14:16] C:\DOCUME~1\Omistaja\APPLIC~1\AdobeUM
[09.06.2008|11:07] C:\DOCUME~1\Omistaja\APPLIC~1\Apple Computer
[16.05.2008|21:31] C:\DOCUME~1\Omistaja\APPLIC~1\AVGTOOLBAR
[27.10.2008|22:38] C:\DOCUME~1\Omistaja\APPLIC~1\BitTorrent
[16.05.2008|19:23] C:\DOCUME~1\Omistaja\APPLIC~1\BSplayer
[11.03.2008|11:23] C:\DOCUME~1\Omistaja\APPLIC~1\BSplayer Pro
[05.02.2008|22:39] C:\DOCUME~1\Omistaja\APPLIC~1\Comodo
[14.11.2008|19:10] C:\DOCUME~1\Omistaja\APPLIC~1\DNA
[05.02.2008|12:58] C:\DOCUME~1\Omistaja\APPLIC~1\F-Secure
[04.10.2008|15:48] C:\DOCUME~1\Omistaja\APPLIC~1\Google
[10.11.2008|17:05] C:\DOCUME~1\Omistaja\APPLIC~1\GreyRealHold
[23.03.2008|23:25] C:\DOCUME~1\Omistaja\APPLIC~1\Grisoft
[05.02.2008|11:43] C:\DOCUME~1\Omistaja\APPLIC~1\Help
[05.02.2008|11:09] C:\DOCUME~1\Omistaja\APPLIC~1\Identities
[05.02.2008|11:53] C:\DOCUME~1\Omistaja\APPLIC~1\ispnews
[05.02.2008|13:02] C:\DOCUME~1\Omistaja\APPLIC~1\Macromedia
[11.06.2008|15:36] C:\DOCUME~1\Omistaja\APPLIC~1\Malwarebytes
[05.02.2008|18:37] C:\DOCUME~1\Omistaja\APPLIC~1\Media Player Classic
[21.05.2008|17:03] C:\DOCUME~1\Omistaja\APPLIC~1\Microsoft
[10.02.2008|14:34] C:\DOCUME~1\Omistaja\APPLIC~1\Microsoft Web Folders
[24.05.2008|23:38] C:\DOCUME~1\Omistaja\APPLIC~1\Mozilla
[31.07.2008|22:00] C:\DOCUME~1\Omistaja\APPLIC~1\NCH Swift Sound
[05.03.2008|21:46] C:\DOCUME~1\Omistaja\APPLIC~1\Netscape
[25.02.2008|13:27] C:\DOCUME~1\Omistaja\APPLIC~1\News to Screen
[19.04.2008|14:00] C:\DOCUME~1\Omistaja\APPLIC~1\Sun
[31.07.2008|21:23] C:\DOCUME~1\Omistaja\APPLIC~1\uTorrent
[09.06.2008|21:20] C:\DOCUME~1\Omistaja\APPLIC~1\WinRAR
[07.08.2008|22:38] C:\DOCUME~1\Omistaja\APPLIC~1\ZoomBrowser EX
[0|tiedosto(a)] C:\DOCUME~1\Omistaja\APPLIC~1\tavua
[31|kansio(ta)] C:\DOCUME~1\Omistaja\APPLIC~1\tavua vapaana
--------------------\\ Ajoitetut tehtävät sijaitsee C:\WINDOWS\Tasks
[07.06.2008 20:32][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[14.11.2008 18:43][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job
[14.11.2008 18:40][--ah-----] C:\WINDOWS\tasks\SA.DAT
[16.09.2002 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listaa hakemistoja sijainnissa C:\Program Files
[08.07.2008|15:54] C:\Program Files\Adobe
[07.10.2008|17:36] C:\Program Files\Alwil Software
[05.02.2008|11:26] C:\Program Files\AMD
[07.06.2008|20:32] C:\Program Files\Apple Software Update
[05.02.2008|11:30] C:\Program Files\ASUS
[05.02.2008|11:41] C:\Program Files\ATI Multimedia
[07.10.2008|17:34] C:\Program Files\avast
[03.03.2008|23:37] C:\Program Files\BAANA TIETOTURVA
[01.08.2008|12:57] C:\Program Files\BitTorrent
[22.02.2008|16:06] C:\Program Files\Canon
[05.02.2008|15:23] C:\Program Files\CCleaner
[02.08.2008|14:56] C:\Program Files\Common Files
[05.02.2008|15:38] C:\Program Files\CONEXANT
[18.05.2008|18:22] C:\Program Files\DC++
[27.10.2008|21:22] C:\Program Files\DNA
[23.07.2008|16:28] C:\Program Files\D-Tools
[14.11.2008|19:03] C:\Program Files\Dz++
[04.10.2008|15:45] C:\Program Files\Google
[23.03.2008|23:25] C:\Program Files\Grisoft
[16.05.2008|17:36] C:\Program Files\InstallShield Installation Information
[14.10.2008|23:22] C:\Program Files\Internet Explorer
[09.10.2008|21:02] C:\Program Files\Java
[02.08.2008|14:57] C:\Program Files\Lavasoft
[09.11.2008|15:00] C:\Program Files\Malwarebytes' Anti-Malware
[04.11.2008|21:34] C:\Program Files\mediaplayer classic
[17.08.2008|22:23] C:\Program Files\Messenger
[21.05.2008|17:08] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[10.02.2008|14:34] C:\Program Files\microsoft frontpage
[10.02.2008|14:34] C:\Program Files\Microsoft Office
[21.10.2008|13:44] C:\Program Files\Microsoft Silverlight
[10.02.2008|14:36] C:\Program Files\Microsoft Visual Studio
[16.05.2008|22:04] C:\Program Files\Movie Maker
[16.05.2008|17:16] C:\Program Files\mozilla
[08.11.2008|17:54] C:\Program Files\Mozilla Firefox
[05.02.2008|15:52] C:\Program Files\MSBuild
[05.02.2008|14:05] C:\Program Files\MSI
[05.02.2008|11:04] C:\Program Files\MSN
[05.02.2008|11:04] C:\Program Files\MSN Gaming Zone
[05.02.2008|16:22] C:\Program Files\MSXML 6.0
[31.07.2008|22:00] C:\Program Files\NCH Software
[31.07.2008|22:01] C:\Program Files\NCH Swift Sound
[16.05.2008|21:59] C:\Program Files\NetMeeting
[21.03.2008|20:21] C:\Program Files\Netscape
[07.06.2008|20:12] C:\Program Files\Norton AntiVirus
[05.02.2008|11:33] C:\Program Files\NVIDIA Corporation
[16.05.2008|21:59] C:\Program Files\Outlook Express
[07.06.2008|20:33] C:\Program Files\QuickTime
[05.02.2008|15:49] C:\Program Files\Reference Assemblies
[14.11.2008|19:09] C:\Program Files\Sunbelt Software
[21.03.2008|20:29] C:\Program Files\Trend Micro
[05.02.2008|11:39] C:\Program Files\Uninstall Information
[01.08.2008|10:29] C:\Program Files\uTorrent
[05.02.2008|17:38] C:\Program Files\Webteh
[22.03.2008|09:59] C:\Program Files\Windows Defender
[05.02.2008|14:49] C:\Program Files\Windows Live
[05.02.2008|11:40] C:\Program Files\Windows Media Components
[05.02.2008|15:47] C:\Program Files\Windows Media Connect 2
[16.05.2008|21:59] C:\Program Files\Windows Media Player
[16.05.2008|21:59] C:\Program Files\Windows NT
[05.02.2008|11:04] C:\Program Files\WindowsUpdate
[09.06.2008|21:19] C:\Program Files\WinRAR
[05.02.2008|11:06] C:\Program Files\xerox
[05.02.2008|18:11] C:\Program Files\XP Codec Pack
[0|tiedosto(a)] C:\Program Files\tavua
[65|kansio(ta)] C:\Program Files\tavua vapaana
--------------------\\ Listaa hakemistoja sijainnissa C:\Program Files\Common Files
[24.02.2008|14:23] C:\Program Files\Common Files\Adobe
[16.05.2008|17:36] C:\Program Files\Common Files\ATI
[23.07.2008|20:20] C:\Program Files\Common Files\Autodata Limited Shared
[22.02.2008|16:05] C:\Program Files\Common Files\Canon
[05.02.2008|11:38] C:\Program Files\Common Files\CyberLink
[10.02.2008|14:36] C:\Program Files\Common Files\Designer
[05.02.2008|11:30] C:\Program Files\Common Files\InstallShield
[11.06.2008|15:22] C:\Program Files\Common Files\Java
[16.05.2008|17:47] C:\Program Files\Common Files\Microsoft Shared
[05.02.2008|11:05] C:\Program Files\Common Files\MSSoap
[14.11.2008|15:20] C:\Program Files\Common Files\Nero
[05.02.2008|11:00] C:\Program Files\Common Files\ODBC
[16.05.2008|19:10] C:\Program Files\Common Files\Panda Software
[05.02.2008|11:05] C:\Program Files\Common Files\Services
[05.02.2008|11:00] C:\Program Files\Common Files\SpeechEngines
[07.06.2008|20:12] C:\Program Files\Common Files\Symantec Shared
[16.05.2008|21:59] C:\Program Files\Common Files\System
[05.02.2008|14:49] C:\Program Files\Common Files\WindowsLiveInstaller
[02.08.2008|14:56] C:\Program Files\Common Files\Wise Installation Wizard
[0|tiedosto(a)] C:\Program Files\Common Files\tavua
[21|kansio(ta)] C:\Program Files\Common Files\tavua vapaana
--------------------\\ Process
( 44 Processes )
IEXPLORE.EXE ~ [PID:276]
--------------------\\ Etsii S_Lopilla
C:\DOCUME~1\Omistaja\APPLIC~1\GREYRE~1
C:\DOCUME~1\Omistaja\APPLIC~1\GREYRE~1\tpmldegf.exe
--------------------\\ Etsii Lopin tiedostoja ja kansioita
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Jump Poll Poke Mp3
--------------------\\ Etsii rekisterikohteita
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProcSurfFirst]
"DisplayName"="CiD Help"
"UninstallString"="C:\\DOCUME~1\\Omistaja\\APPLIC~1\\GREYRE~1\\titlethird.exe -uninstall"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
--------------------\\ Tarkistaa Hosts-tiedostoa
Hosts-tiedosto PUHDAS
--------------------\\ Tarkistaa Catchmella onko piilotettuja tiedostoja
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-14 19:14:20
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 10
--------------------\\ Tarkistaa muita infektioita
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\Omistaja\Application Data\uTorrent\Autodata v3.18 2CD's + Crack.torrent
[F:3][D:3]-> C:\DOCUME~1\Omistaja\LOCALS~1\Temp
[F:14][D:0]-> C:\DOCUME~1\Omistaja\Cookies
[F:286][D:4]-> C:\DOCUME~1\Omistaja\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - pe 14.11.2008|19:14 - Option : [1]
--------------------\\ Tarkistus valmistui 19:14:52
|
AfterDawn Addict
|
14. marraskuuta 2008 @ 20:52 |
Linkki tähän viestiin
|
|
b]Käynnistä Lop S&D[/b]
Valitse Optio 3 (Korjaa - Hosts) painamalla 3 ja Enter
ÄLÄ sulje ikkunaa korjauksen aikana!
Loki avautuu muistioon. Lähetä se seuraavassa viestissäsi. Se löytyy myös sijainnista C:\lopR.txt
Lähetä lopR.txt logi ja HJT:N logi
.
(:)
|
|
salaba
Suspended due to non-functional email address
|
16. marraskuuta 2008 @ 00:36 |
Linkki tähän viestiin
|
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3000+ )
BIOS : BIOS Date: 09/06/05 20:25:26 Ver: 08.00.09
USER : Omistaja ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081115-0] 4.8.1229 (Not Activated)
Firewall : Sunbelt Personal Firewall 4.6.1861 T (Activated)
C:\ (Local Disk) - NTFS - Total:58 Go (Free:47 Go)
D:\ (Local Disk) - NTFS - Total:58 Go (Free:32 Go)
E:\ (Local Disk) - NTFS - Total:69 Go (Free:41 Go)
F:\ (CD or DVD)
G:\ (CD or DVD)
H:\ (USB)
I:\ (USB)
J:\ (CD or DVD)
K:\ (CD or DVD)
L:\ (CD or DVD)
M:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [3] ( su 16.11.2008| 0:23 )
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Korjaa
Poistettu! - C:\DOCUME~1\Omistaja\APPLIC~1\GREYRE~1\tpmldegf.exe
Poistettu! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Jump Poll Poke Mp3
Poistettu! - C:\DOCUME~1\Omistaja\APPLIC~1\GREYRE~1
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listaa hakemistoja sijainnissa APPLIC~1
[24.02.2008|14:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[07.06.2008|20:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[07.06.2008|20:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[05.02.2008|17:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI MMC
[23.07.2008|21:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodata Limited
[21.05.2008|17:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg8
[21.03.2008|21:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Backup
[03.03.2008|23:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\F-Secure
[03.03.2008|23:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\fssg
[04.10.2008|15:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[23.03.2008|23:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[21.03.2008|20:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft(2)
[02.08.2008|14:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[11.06.2008|15:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[22.03.2008|09:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[31.07.2008|21:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Software
[31.07.2008|21:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound
[21.03.2008|21:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\sentinel
[19.06.2008|20:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[07.06.2008|20:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[05.02.2008|13:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[05.02.2008|14:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[07.08.2008|22:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ZoomBrowser
[0|tiedosto(a)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\tavua
[25|kansio(ta)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\tavua vapaana
[05.02.2008|11:06] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[0|tiedosto(a)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\tavua
[3|kansio(ta)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\tavua vapaana
[21.03.2008|20:20] C:\DOCUME~1\JRJEST~1\APPLIC~1\Microsoft
[0|tiedosto(a)] C:\DOCUME~1\JRJEST~1\APPLIC~1\tavua
[3|kansio(ta)] C:\DOCUME~1\JRJEST~1\APPLIC~1\tavua vapaana
[25.03.2008|19:21] C:\DOCUME~1\JRJEST~1.JAN\APPLIC~1\Grisoft
[21.05.2008|17:03] C:\DOCUME~1\JRJEST~1.JAN\APPLIC~1\Microsoft
[0|tiedosto(a)] C:\DOCUME~1\JRJEST~1.JAN\APPLIC~1\tavua
[4|kansio(ta)] C:\DOCUME~1\JRJEST~1.JAN\APPLIC~1\tavua vapaana
[10.06.2008|23:14] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[21.05.2008|17:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[0|tiedosto(a)] C:\DOCUME~1\LOCALS~1\APPLIC~1\tavua
[4|kansio(ta)] C:\DOCUME~1\LOCALS~1\APPLIC~1\tavua vapaana
[21.05.2008|17:03] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[0|tiedosto(a)] C:\DOCUME~1\NETWOR~1\APPLIC~1\tavua
[3|kansio(ta)] C:\DOCUME~1\NETWOR~1\APPLIC~1\tavua vapaana
[24.02.2008|19:19] C:\DOCUME~1\Omistaja\APPLIC~1\Adobe
[24.02.2008|14:16] C:\DOCUME~1\Omistaja\APPLIC~1\AdobeUM
[09.06.2008|11:07] C:\DOCUME~1\Omistaja\APPLIC~1\Apple Computer
[16.05.2008|21:31] C:\DOCUME~1\Omistaja\APPLIC~1\AVGTOOLBAR
[27.10.2008|22:38] C:\DOCUME~1\Omistaja\APPLIC~1\BitTorrent
[16.05.2008|19:23] C:\DOCUME~1\Omistaja\APPLIC~1\BSplayer
[11.03.2008|11:23] C:\DOCUME~1\Omistaja\APPLIC~1\BSplayer Pro
[05.02.2008|22:39] C:\DOCUME~1\Omistaja\APPLIC~1\Comodo
[16.11.2008|00:18] C:\DOCUME~1\Omistaja\APPLIC~1\DNA
[05.02.2008|12:58] C:\DOCUME~1\Omistaja\APPLIC~1\F-Secure
[04.10.2008|15:48] C:\DOCUME~1\Omistaja\APPLIC~1\Google
[23.03.2008|23:25] C:\DOCUME~1\Omistaja\APPLIC~1\Grisoft
[05.02.2008|11:43] C:\DOCUME~1\Omistaja\APPLIC~1\Help
[05.02.2008|11:09] C:\DOCUME~1\Omistaja\APPLIC~1\Identities
[05.02.2008|11:53] C:\DOCUME~1\Omistaja\APPLIC~1\ispnews
[05.02.2008|13:02] C:\DOCUME~1\Omistaja\APPLIC~1\Macromedia
[11.06.2008|15:36] C:\DOCUME~1\Omistaja\APPLIC~1\Malwarebytes
[05.02.2008|18:37] C:\DOCUME~1\Omistaja\APPLIC~1\Media Player Classic
[21.05.2008|17:03] C:\DOCUME~1\Omistaja\APPLIC~1\Microsoft
[10.02.2008|14:34] C:\DOCUME~1\Omistaja\APPLIC~1\Microsoft Web Folders
[24.05.2008|23:38] C:\DOCUME~1\Omistaja\APPLIC~1\Mozilla
[31.07.2008|22:00] C:\DOCUME~1\Omistaja\APPLIC~1\NCH Swift Sound
[05.03.2008|21:46] C:\DOCUME~1\Omistaja\APPLIC~1\Netscape
[25.02.2008|13:27] C:\DOCUME~1\Omistaja\APPLIC~1\News to Screen
[19.04.2008|14:00] C:\DOCUME~1\Omistaja\APPLIC~1\Sun
[31.07.2008|21:23] C:\DOCUME~1\Omistaja\APPLIC~1\uTorrent
[09.06.2008|21:20] C:\DOCUME~1\Omistaja\APPLIC~1\WinRAR
[07.08.2008|22:38] C:\DOCUME~1\Omistaja\APPLIC~1\ZoomBrowser EX
[0|tiedosto(a)] C:\DOCUME~1\Omistaja\APPLIC~1\tavua
[30|kansio(ta)] C:\DOCUME~1\Omistaja\APPLIC~1\tavua vapaana
--------------------\\ Ajoitetut tehtävät sijaitsee C:\WINDOWS\Tasks
[07.06.2008 20:32][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[15.11.2008 23:51][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job
[15.11.2008 23:48][--ah-----] C:\WINDOWS\tasks\SA.DAT
[16.09.2002 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listaa hakemistoja sijainnissa C:\Program Files
[08.07.2008|15:54] C:\Program Files\Adobe
[07.10.2008|17:36] C:\Program Files\Alwil Software
[05.02.2008|11:26] C:\Program Files\AMD
[07.06.2008|20:32] C:\Program Files\Apple Software Update
[05.02.2008|11:30] C:\Program Files\ASUS
[05.02.2008|11:41] C:\Program Files\ATI Multimedia
[07.10.2008|17:34] C:\Program Files\avast
[03.03.2008|23:37] C:\Program Files\BAANA TIETOTURVA
[01.08.2008|12:57] C:\Program Files\BitTorrent
[22.02.2008|16:06] C:\Program Files\Canon
[05.02.2008|15:23] C:\Program Files\CCleaner
[02.08.2008|14:56] C:\Program Files\Common Files
[05.02.2008|15:38] C:\Program Files\CONEXANT
[18.05.2008|18:22] C:\Program Files\DC++
[27.10.2008|21:22] C:\Program Files\DNA
[23.07.2008|16:28] C:\Program Files\D-Tools
[16.11.2008|00:08] C:\Program Files\Dz++
[04.10.2008|15:45] C:\Program Files\Google
[23.03.2008|23:25] C:\Program Files\Grisoft
[16.05.2008|17:36] C:\Program Files\InstallShield Installation Information
[14.10.2008|23:22] C:\Program Files\Internet Explorer
[09.10.2008|21:02] C:\Program Files\Java
[02.08.2008|14:57] C:\Program Files\Lavasoft
[09.11.2008|15:00] C:\Program Files\Malwarebytes' Anti-Malware
[04.11.2008|21:34] C:\Program Files\mediaplayer classic
[17.08.2008|22:23] C:\Program Files\Messenger
[21.05.2008|17:08] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[10.02.2008|14:34] C:\Program Files\microsoft frontpage
[10.02.2008|14:34] C:\Program Files\Microsoft Office
[21.10.2008|13:44] C:\Program Files\Microsoft Silverlight
[10.02.2008|14:36] C:\Program Files\Microsoft Visual Studio
[16.05.2008|22:04] C:\Program Files\Movie Maker
[16.05.2008|17:16] C:\Program Files\mozilla
[16.11.2008|00:12] C:\Program Files\Mozilla Firefox
[05.02.2008|15:52] C:\Program Files\MSBuild
[05.02.2008|14:05] C:\Program Files\MSI
[05.02.2008|11:04] C:\Program Files\MSN
[05.02.2008|11:04] C:\Program Files\MSN Gaming Zone
[05.02.2008|16:22] C:\Program Files\MSXML 6.0
[31.07.2008|22:00] C:\Program Files\NCH Software
[31.07.2008|22:01] C:\Program Files\NCH Swift Sound
[16.05.2008|21:59] C:\Program Files\NetMeeting
[21.03.2008|20:21] C:\Program Files\Netscape
[07.06.2008|20:12] C:\Program Files\Norton AntiVirus
[05.02.2008|11:33] C:\Program Files\NVIDIA Corporation
[16.05.2008|21:59] C:\Program Files\Outlook Express
[07.06.2008|20:33] C:\Program Files\QuickTime
[05.02.2008|15:49] C:\Program Files\Reference Assemblies
[14.11.2008|19:09] C:\Program Files\Sunbelt Software
[21.03.2008|20:29] C:\Program Files\Trend Micro
[05.02.2008|11:39] C:\Program Files\Uninstall Information
[01.08.2008|10:29] C:\Program Files\uTorrent
[05.02.2008|17:38] C:\Program Files\Webteh
[22.03.2008|09:59] C:\Program Files\Windows Defender
[05.02.2008|14:49] C:\Program Files\Windows Live
[05.02.2008|11:40] C:\Program Files\Windows Media Components
[05.02.2008|15:47] C:\Program Files\Windows Media Connect 2
[16.05.2008|21:59] C:\Program Files\Windows Media Player
[16.05.2008|21:59] C:\Program Files\Windows NT
[05.02.2008|11:04] C:\Program Files\WindowsUpdate
[09.06.2008|21:19] C:\Program Files\WinRAR
[05.02.2008|11:06] C:\Program Files\xerox
[05.02.2008|18:11] C:\Program Files\XP Codec Pack
[0|tiedosto(a)] C:\Program Files\tavua
[65|kansio(ta)] C:\Program Files\tavua vapaana
--------------------\\ Listaa hakemistoja sijainnissa C:\Program Files\Common Files
[24.02.2008|14:23] C:\Program Files\Common Files\Adobe
[16.05.2008|17:36] C:\Program Files\Common Files\ATI
[23.07.2008|20:20] C:\Program Files\Common Files\Autodata Limited Shared
[22.02.2008|16:05] C:\Program Files\Common Files\Canon
[05.02.2008|11:38] C:\Program Files\Common Files\CyberLink
[10.02.2008|14:36] C:\Program Files\Common Files\Designer
[05.02.2008|11:30] C:\Program Files\Common Files\InstallShield
[11.06.2008|15:22] C:\Program Files\Common Files\Java
[16.05.2008|17:47] C:\Program Files\Common Files\Microsoft Shared
[05.02.2008|11:05] C:\Program Files\Common Files\MSSoap
[14.11.2008|15:20] C:\Program Files\Common Files\Nero
[05.02.2008|11:00] C:\Program Files\Common Files\ODBC
[16.05.2008|19:10] C:\Program Files\Common Files\Panda Software
[05.02.2008|11:05] C:\Program Files\Common Files\Services
[05.02.2008|11:00] C:\Program Files\Common Files\SpeechEngines
[07.06.2008|20:12] C:\Program Files\Common Files\Symantec Shared
[16.05.2008|21:59] C:\Program Files\Common Files\System
[05.02.2008|14:49] C:\Program Files\Common Files\WindowsLiveInstaller
[02.08.2008|14:56] C:\Program Files\Common Files\Wise Installation Wizard
[0|tiedosto(a)] C:\Program Files\Common Files\tavua
[21|kansio(ta)] C:\Program Files\Common Files\tavua vapaana
--------------------\\ Process
( 45 Processes )
... OK !
--------------------\\ Etsii S_Lopilla
Lopin kansioita ei löytynyt !
--------------------\\ Etsii Lopin tiedostoja ja kansioita
Lopin kansioita ei löytynyt !
--------------------\\ Etsii rekisterikohteita
..... OK !
--------------------\\ Tarkistaa Hosts-tiedostoa
Hosts-tiedosto PUHDAS
--------------------\\ Tarkistaa Catchmella onko piilotettuja tiedostoja
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 00:28:18
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 10
--------------------\\ Tarkistaa muita infektioita
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\Omistaja\Application Data\uTorrent\Autodata v3.18 2CD's + Crack.torrent
[F:2][D:0]-> C:\DOCUME~1\Omistaja\Cookies
[F:4][D:2]-> C:\DOCUME~1\Omistaja\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - pe 14.11.2008|19:14 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - su 16.11.2008| 0:30 - Option : [3]
--------------------\\ Tarkistus valmistui 0:30:08
Ja tässä tää HJT-logi:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:35:19, on 16.11.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe
C:\PROGRA~1\MSI\BTOESB~1\BTSTAC~1.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_8BB2992914609B0A.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.nelonen.fi
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/...ex/qtplugin.cab
O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} (IfolorUploader Control) - http://fika-web.ifolor.net/OrderingGener...loader_fika.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5CE72DD0-4695-4D18-A4D3-3367ACD37578} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onl.../fshc/fscax.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1202207984875
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1202208096359
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://fi.photobox.com/clients/uploader_v2.2.0.6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E48DA8A-7B31-4CDA-AB28-1EC3D2FF6092}: NameServer = 213.139.190.3 212.50.131.153
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
--
End of file - 9138 bytes
|
AfterDawn Addict
|
16. marraskuuta 2008 @ 14:08 |
Linkki tähän viestiin
|
Poista kansio:
C:\Lop SD
-----------------------------------------------
Lataa Atribunen ATF Cleaner
Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman. Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.
Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Jos käytät Operaa selaimenasi Klikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
----------------------------------------------
Skannaa koneesi Kaspersky Online Skannerilla
* Lue läpi vaatimukset ja yksityisyyssäännökset ja klikkaa Accept.
* Skannerin ja virustietokannan lataus alkaa. Sinulta kysytään sallitko Kasperskyltä tulevan ohjelman asentamisen. Klikkaa Aja/Run.
* Kun lataus on valmis, klikkaa Settings.
* Varmistu, että seuraavat kohdat on valittu. Jos ne eivät ole, valitse ne ja klikkaa Save: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases
* Klikkaa Oma Tietokone, My Computer Scan-kohdan alapuolelta.
* Kun tarkistus on valmis, tulokset näytetään. Klikkaa View Scan Report.
* Näet listan saastuneista kohteista. Klikkaa Save Report As....
* Tallenna tiedosto työpöydällesi. Muuta Tiedostotyyppi/Files of type muotoon Tekstitiedosto/Text file(.txt) ennen kuin klikkaat Save.
* Kopioi ja liitä tiedoston sisältö seuraavaan vastaukseesi uuden HijackThis-lokin kera
--------------------------------------------------
Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
Tyhjennä roskakori ja käynnistä koneesi uudelleen.
Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* Kaperskyn raportti
*
(:)
|
|
salaba
Suspended due to non-functional email address
|
16. marraskuuta 2008 @ 22:36 |
Linkki tähän viestiin
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:34:15, on 16.11.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe
C:\PROGRA~1\MSI\BTOESB~1\BTSTAC~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_8BB2992914609B0A.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.nelonen.fi
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/...ex/qtplugin.cab
O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} (IfolorUploader Control) - http://fika-web.ifolor.net/OrderingGener...loader_fika.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5CE72DD0-4695-4D18-A4D3-3367ACD37578} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onl.../fshc/fscax.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1202207984875
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1202208096359
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://fi.photobox.com/clients/uploader_v2.2.0.6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E48DA8A-7B31-4CDA-AB28-1EC3D2FF6092}: NameServer = 213.139.190.3 212.50.131.153
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
--
End of file - 8596 bytes
JA Kaspersky log file
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, November 16, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, November 16, 2008 13:43:47
Records in database: 1387799
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\
Scan statistics:
Files scanned: 48729
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 00:45:06
No malware has been detected. The scan area is clean.
The selected area was scanned.
|
AfterDawn Addict
|
17. marraskuuta 2008 @ 10:45 |
Linkki tähän viestiin
|
Puhdasta on !!!
Nämä Tietokoneen Suojaus ohjeet ovat vain oman kokemuseni mukaan.
Yksi virustutka ja yksi palomuuri.
Javan päivitys:
* http://java.sun.com/javase/downloads/index.jsp
Rullaa alas kohteeseen Java Runtime Environment (JRE) 6 Update 10
* Lataa HOSTS: Täältä Työpöydällesi.
* Pura: hosts.zip C:\WINDOWS\system32\drivers\etc kansioon.
Lopuksi Voit varmistaa, että siellä on HOSTS niminen tiedosto ilman tiedostopäätettä. Koko n.700 kt.
Suoja activoituu seuraavan käynnistyksen yhteydessä.(ei kuormita muistia)
* Asenna SpywareBlaster!
SpywareBlaster estää haittaohjelmien asentumista koneelle.
Lataa: TÄÄLTÄ
Opas: TÄÄLTÄ
* Järjestelmän palautus!
Tyhjennä ja luo uusi järjestelmän palautuspiste säännöllisesti!
Näin vältyt siltä, että palautuspisteisiin ei jää örkkejä.
Kuinka putsaan järjestelmän palautuksen ja luon uuden palautus pisteen? Ohjeet löytyy täältä!
* Pidä ohjelmat päivitettyinä!
Muista pitää kaikki ohjelmat ajantasalla, myös Windows. Vieraile Windowsin päivityskeskuksessa säännöllisesti ja asenna kaikki päivitykset. Windowsin päivityskeskus.
Pusy puhtaana !!!
.
(:)
|
|
Mainos
|
|
|
|
salaba
Suspended due to non-functional email address
|
17. marraskuuta 2008 @ 15:14 |
Linkki tähän viestiin
|
|
KIIIITOSKIA KAIKESTA!!
Kone toimii aivan eriin malliin ku aikaisemmin...;)
|
