|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Blue screen ja HijackThis -logi?
|
|
|
juxxi88
Member
|
8. helmikuuta 2009 @ 10:21 |
Linkki tähän viestiin
|
Minulla on ollut ongelmana jo muutaman kuukauden että kone sammuilee itsestään ja näyttöön tulee blue screen ilmoitus. Jotenkin vaikuttaa että se on tuon option icon mokkulan takia?
Voisiko asialle tehdä jotain, kun koneella työskentelystä ei tule mitään, kun se ei toimi...
Kone tekee sitä ehkä 5 kertaa tunnin aikana välillä ja välillä voi mennä muutama tunti ettei sammu ollenkaan.
Tuossa ois tuo HijackThis -logi.
Jos voisi joku tarkistaa onko siellä jotain muutettavaa ensin ja muitakin apuja otan kyllä mielelläni vastaan.
Jo tehdyt jutu:
- Virukset tarkastettu
- Eheytys, järjestä uudelleen, virheen tarkastus
- Kone formatoitu kahdesti
- Mokkulan ohjain poistettu ja asennettu uudestaan ja päivitetty
Tuossa Logi:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:51, on 8.2.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\SMINST\scheduler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\RelevantKnowledge\rlvknlg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...d=smb&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...d=smb&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: GlobeTrotter Connect.lnk = C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{36B35BD7-9B0A-4D69-92C8-97DB66C94C51}: NameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{81CFD55D-CC4A-4ECE-8A66-E3ED289D4616}: NameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{36B35BD7-9B0A-4D69-92C8-97DB66C94C51}: NameServer = 192.168.0.254
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GtDetectSc - OptionNV - C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RelevantKnowledge - TMRG, Inc. - C:\Program Files\RelevantKnowledge\rlservice.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 8268 bytes
|
|
Hujo
Suspended permanently
|
8. helmikuuta 2009 @ 15:48 |
Linkki tähän viestiin
|
scanbnaa hjt:llä merkkaa paina Fix checked
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
=============
1.Lataa Combofix.exe työpöydällesi yhdestä linkistä:
Combofix1
Combofix2
Älä asenna Palautus consolia
2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Voiko tietsikka koskaan toimia?
|
|
juxxi88
Member
|
8. helmikuuta 2009 @ 17:46 |
Linkki tähän viestiin
|
|
Eli tein skannauksen ja valitsin kaikki 5 noista ja painoin Fix checked.
Onko tuo nyt oikein sitten tehty?
Ei poistunut listalta:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
Poistui listalta:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
|
|
Hujo
Suspended permanently
|
8. helmikuuta 2009 @ 17:52 |
Linkki tähän viestiin
|
Lataa JavaRa ja pura se työpöydällesi.
***Sulje kaikki päällä olevat Internet Explorerin ikkunat ennen jatkamista!***
* Tuplaklikkaa JavaRa.exeä käynnistääksesi ohjelma.
* Valitse English pudotusvalikosta valitaksesi kieleksi englannin ja klikkaa Select.
* Klikkaa Remove Older Versions poistaaksesi vanhat Java-versiot koneeltasi.
* Klikkaa Yes kun pyydetään. Kun JavaRa on valmis, se ilmoittaa, että lokitiedosto on luotu. Klikkaa OK.
* Lokitiedosto avautuu. Lähetä sen sisältö seuraavassa viestissäsi.
4. Asenna uusin Java päivitys seuraavasta linkistä..
Lataa täältä uusi java
Rullaa alas kohteeseen Java Runtime Environment (JRE) 6 Update 12
Paina Download
Laita Platform -kohtaan Windows
Ruksaa I agree to the Java SE Runtime Environment 6 License Agreement ja paina Continue
Paina Windows Offline Installationin alapuolella jre-6u4-windows-i586-p.exe
Tallenna tiedosto vaikka työpöydälle ja asenna se.
5. Käynnistä kone uudelleen asennuksen jälkeen.
6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).
7. General-välilehdellä klikkaa Settings. Vedä liukusäädintä (Disk Space) pienemmälle.
(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).
8. Klikkaa Delete Files -nappia. Varmista että kaikki kaksi valintaa ovat rastitettuja:
* Applications and Applets
* Trace and Log Files
Ja paina OK -nappia
Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA.
9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.
10. Välilehti Update: ota ruksi pois kohdasta Check for Updates automatically
Valitse Never check
11. Klikkaa Apply ja OK jättääksesi Java asetusikkunasi.
Voiko tietsikka koskaan toimia?
|
|
juxxi88
Member
|
8. helmikuuta 2009 @ 18:31 |
Linkki tähän viestiin
|
Tuossa olis ton JavaRa loki:
JavaRa 1.13 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Sun Feb 08 18:30:29 2009
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610000
Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610000
Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610000
Found and removed: SOFTWARE\Classes\JavaPlugin.160
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610000
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610000
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610000
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160000}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0\bin\
------------------------------------
Finished reporting.
|
|
Hujo
Suspended permanently
|
8. helmikuuta 2009 @ 18:34 |
Linkki tähän viestiin
|
|
Combofix loki
Voiko tietsikka koskaan toimia?
|
|
juxxi88
Member
|
8. helmikuuta 2009 @ 18:55 |
Linkki tähän viestiin
|
ComboFix 09-02-07.01 - Hannu 2009-02-08 18:42:00.2 - NTFSx86
Microsoft® Windows Vista? Home Basic 6.0.6001.1.1252.1.1035.18.1919.1262 [GMT 2:00]
Sijainti: c:\users\Hannu.Hannu-PC\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090116-0] *On-access scanning enabled* (Updated)
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-01-08 to 2009-02-08 )))))))))))))))))
.
2009-02-08 18:33 . 2009-02-08 18:33 410,984 --a------ c:\windows\System32\deploytk.dll
2009-02-08 14:09 . 2009-02-08 14:09 <KANSIO> d-------- c:\program files\DC++
2009-02-08 11:34 . 2009-02-08 11:35 199,986,997 --a------ c:\windows\MEMORY.DMP
2009-02-08 10:11 . 2009-02-08 10:11 <KANSIO> d-------- c:\program files\Trend Micro
2009-02-04 08:28 . 2009-02-04 08:28 <KANSIO> d-------- c:\program files\CCleaner
2009-02-03 22:25 . 2009-02-03 22:25 <KANSIO> d-------- c:\users\All Users\Messenger Plus!
2009-02-03 22:25 . 2009-02-03 22:25 <KANSIO> d-------- c:\programdata\Messenger Plus!
2009-02-03 18:15 . 2009-02-03 18:15 <KANSIO> d-------- c:\program files\Messenger Plus! Live
2009-02-01 14:52 . 2009-02-01 14:52 0 --a------ c:\windows\OpPrintServer.INI
2009-02-01 14:49 . 2009-02-01 14:53 <KANSIO> d-------- c:\program files\Canon
2009-02-01 14:46 . 2009-02-01 14:52 <KANSIO> d-------- c:\users\Hannu.Hannu-PC\viikoloppu
2009-01-31 15:27 . 2009-01-31 15:27 <KANSIO> d-------- c:\users\Hannu.Hannu-PC\AppData\Roaming\PeerNetworking
2009-01-30 22:17 . 2009-01-31 00:07 <KANSIO> d-------- c:\program files\RelevantKnowledge
2009-01-30 22:17 . 2006-06-22 12:44 2,201,224 --a------ c:\windows\System32\flash.ocx
2009-01-30 22:17 . 2002-01-19 17:10 597,834 --a------ c:\windows\System32\AS-IFce1.ocx
2009-01-30 22:17 . 2004-02-05 14:53 389,120 --a------ c:\windows\System32\actskn43.ocx
2009-01-30 22:17 . 2004-04-08 11:27 279,392 --a------ c:\windows\System32\XceedFtp.dll
2009-01-30 22:17 . 2001-07-28 13:50 265,753 --a------ c:\windows\System32\AS-Exp2.ocx
2009-01-30 22:17 . 2004-01-09 04:54 188,416 --a------ c:\windows\System32\actsplash.ocx
2009-01-30 22:17 . 2000-12-06 00:00 109,248 --a------ c:\windows\System32\MSWINSCK.OCX
2009-01-30 22:17 . 2000-07-14 23:00 101,888 --a------ c:\windows\System32\VB6STKIT.DLL
2009-01-30 22:17 . 2003-06-22 19:31 65,536 --a------ c:\windows\System32\vbalProgBar6.ocx
2009-01-28 09:51 . 2009-01-28 09:51 <KANSIO> d-------- c:\program files\Webteh
2009-01-27 19:48 . 2009-01-27 19:48 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-01-25 21:56 . 2009-01-27 09:08 <KANSIO> d-------- c:\users\Hannu.Hannu-PC\AppData\Roaming\uTorrent
2009-01-25 21:56 . 2009-01-25 21:56 <KANSIO> d-------- c:\program files\uTorrent
2009-01-25 12:44 . 2009-02-02 20:29 <KANSIO> d-------- C:\Casino
2009-01-24 16:55 . 2009-01-24 16:55 <KANSIO> d-------- c:\users\Hannu.Hannu-PC\AppData\Roaming\InterVideo
2009-01-24 00:44 . 2009-01-24 00:44 <KANSIO> dr------- c:\windows\System32\config\systemprofile\Music
2009-01-19 14:20 . 2009-01-19 14:20 <KANSIO> d--h----- c:\users\All Users\CanonBJ
2009-01-19 14:20 . 2009-01-19 14:20 <KANSIO> d--h----- c:\programdata\CanonBJ
2009-01-19 14:18 . 2008-04-02 20:00 198,656 --a------ c:\windows\System32\CNMLM83.DLL
2009-01-19 14:03 . 2009-01-19 14:03 <KANSIO> d-------- c:\windows\SQL9_KB954606_ENU
2009-01-19 03:00 . 2009-01-19 03:00 <KANSIO> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-01-19 01:02 . 2009-01-19 01:02 <KANSIO> d-------- c:\users\All Users\WLInstaller
2009-01-19 01:02 . 2009-01-19 01:02 <KANSIO> d-------- c:\programdata\WLInstaller
2009-01-19 01:02 . 2009-01-19 01:27 <KANSIO> d-------- c:\program files\Windows Live
2009-01-19 01:02 . 2009-01-19 01:07 <KANSIO> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2009-01-17 20:06 . 2009-01-17 20:06 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-01-16 20:47 . 2009-01-16 20:47 <KANSIO> d-------- c:\windows\CheckSur
2009-01-16 20:28 . 2008-04-26 10:26 891,448 --a------ c:\windows\System32\drivers\tcpip.sys
2009-01-16 20:28 . 2008-04-12 05:32 784,896 --a------ c:\windows\System32\rpcrt4.dll
2009-01-16 20:28 . 2008-04-05 03:21 72,192 --a------ c:\windows\System32\drivers\pacer.sys
2009-01-16 20:28 . 2008-04-05 05:34 15,360 --a------ c:\windows\System32\pacerprf.dll
2009-01-16 20:26 . 2008-09-18 06:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2009-01-16 20:26 . 2008-09-18 06:56 125,952 --a------ c:\windows\System32\wersvc.dll
2009-01-16 19:54 . 2009-01-16 19:54 <KANSIO> d-------- C:\PerfLogs
2009-01-16 19:25 . 2008-01-19 09:33 8,139,264 --a------ c:\windows\System32\ssBranded.scr
2009-01-16 19:24 . 2008-01-19 09:35 3,072,000 --a------ c:\windows\System32\networkmap.dll
2009-01-16 19:23 . 2008-01-19 08:06 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-01-16 19:22 . 2008-01-19 09:36 357,888 --a------ c:\windows\System32\wbemcomn.dll
2009-01-16 19:22 . 2006-11-02 11:46 151,552 --a------ c:\windows\System32\WpdMtp.dll
2009-01-16 19:21 . 2008-01-19 09:36 704,512 --a------ c:\windows\System32\SmiEngine.dll
2009-01-16 19:21 . 2008-01-19 09:36 139,264 --a------ c:\windows\System32\SmiInstaller.dll
2009-01-16 19:21 . 2008-01-19 09:36 129,536 --a------ c:\windows\System32\sqmapi.dll
2009-01-16 19:20 . 2008-01-19 09:36 218,624 --a------ c:\windows\System32\wdscore.dll
2009-01-16 19:20 . 2008-01-19 09:33 130,560 --a------ c:\windows\System32\PkgMgr.exe
2009-01-16 19:19 . 2008-01-19 09:34 305,152 --a------ c:\windows\System32\msdelta.dll
2009-01-16 19:19 . 2008-01-19 09:34 258,560 --a------ c:\windows\System32\dpx.dll
2009-01-16 19:19 . 2008-01-19 09:34 246,784 --a------ c:\windows\System32\drvstore.dll
2009-01-16 19:19 . 2008-01-19 09:35 35,328 --a------ c:\windows\System32\mspatcha.dll
2009-01-16 18:13 . 2009-01-16 18:13 269,312 --a------ c:\windows\System32\es.dll
2009-01-16 03:57 . 2009-01-16 03:57 361,984 --a------ c:\windows\System32\IPSECSVC.DLL
2009-01-16 03:57 . 2009-01-16 03:57 272,896 --a------ c:\windows\System32\polstore.dll
2009-01-16 03:57 . 2009-01-16 03:57 61,440 --a------ c:\windows\System32\winipsec.dll
2009-01-16 03:57 . 2009-01-16 03:57 28,672 --a------ c:\windows\System32\FwRemoteSvr.dll
2009-01-16 03:56 . 2009-01-16 03:56 1,820 --a------ c:\windows\System32\rasctrnm.h
2009-01-16 03:55 . 2009-01-16 03:55 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2009-01-16 03:55 . 2009-01-16 03:55 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll
2009-01-16 03:55 . 2009-01-16 03:55 94,720 --a------ c:\windows\System32\PortableDeviceClassExtension.dll
2009-01-16 03:41 . 2009-01-16 03:41 296,960 --a------ c:\windows\System32\gdi32.dll
2009-01-16 03:40 . 2009-01-16 03:40 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-01-16 03:38 . 2009-01-16 03:38 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2009-01-16 03:38 . 2009-01-16 03:38 1,695,744 --a------ c:\windows\System32\gameux.dll
2009-01-16 03:38 . 2009-01-16 03:38 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2009-01-16 03:38 . 2009-01-16 03:38 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2009-01-16 03:37 . 2009-01-16 03:37 303,616 --a------ c:\windows\System32\wmpeffects.dll
2009-01-16 03:36 . 2009-01-16 03:36 2,032,640 --a------ c:\windows\System32\win32k.sys
2009-01-16 03:35 . 2009-01-16 03:35 1,191,936 --a------ c:\windows\System32\msxml3.dll
2009-01-16 03:35 . 2009-01-16 03:35 2,048 --a------ c:\windows\System32\msxml3r.dll
2009-01-16 03:31 . 2009-01-16 03:31 2,048 --a------ c:\windows\System32\tzres.dll
2009-01-16 03:26 . 2009-01-16 03:26 2,927,104 --a------ c:\windows\explorer.exe
2009-01-16 03:25 . 2008-01-19 09:34 15,872 --a------ c:\windows\System32\hcrstco.dll
2009-01-16 03:25 . 2006-11-02 11:46 8,704 --a------ c:\windows\System32\hccoin.dll
2009-01-16 03:23 . 2009-01-16 03:23 827,392 --a------ c:\windows\System32\wininet.dll
2009-01-16 03:21 . 2009-01-16 03:21 220,160 --a------ c:\windows\System32\drivers\bthport.sys
2009-01-16 03:21 . 2009-01-16 03:21 181,760 --a------ c:\windows\System32\fsquirt.exe
2009-01-16 03:21 . 2009-01-16 03:21 29,184 --a------ c:\windows\System32\drivers\BTHUSB.SYS
2009-01-16 03:21 . 2009-01-16 03:21 19,456 --a------ c:\windows\System32\drivers\bthenum.sys
2009-01-16 03:18 . 2009-01-16 03:18 988,216 --a------ c:\windows\System32\winload.exe
2009-01-16 03:18 . 2009-01-16 03:18 927,288 --a------ c:\windows\System32\winresume.exe
2009-01-16 03:18 . 2009-01-16 03:18 615,992 --a------ c:\windows\System32\ci.dll
2009-01-16 03:18 . 2009-01-16 03:18 378,368 --a------ c:\windows\System32\srcore.dll
2009-01-16 03:18 . 2009-01-16 03:18 318,464 --a------ c:\windows\System32\rstrui.exe
2009-01-16 03:18 . 2009-01-16 03:18 46,592 --a------ c:\windows\System32\setbcdlocale.dll
2009-01-16 03:18 . 2009-01-16 03:18 40,960 --a------ c:\windows\System32\srclient.dll
2009-01-16 03:18 . 2009-01-16 03:18 19,000 --a------ c:\windows\System32\kd1394.dll
2009-01-16 03:18 . 2009-01-16 03:18 14,848 --a------ c:\windows\System32\srdelayed.exe
2009-01-16 03:18 . 2009-01-16 03:18 6,656 --a------ c:\windows\System32\kbd106n.dll
2009-01-16 03:14 . 2009-01-16 03:14 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2009-01-16 03:14 . 2009-01-16 03:14 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2009-01-16 03:14 . 2009-01-16 03:14 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2009-01-16 03:12 . 2009-01-16 03:12 443,392 --a------ c:\windows\System32\win32spl.dll
2009-01-16 03:12 . 2009-01-16 03:12 37,888 --a------ c:\windows\System32\printcom.dll
2009-01-16 03:10 . 2009-01-16 03:10 113,664 --a------ c:\windows\System32\drivers\rmcast.sys
2009-01-16 03:10 . 2009-01-16 03:10 14,848 --a------ c:\windows\System32\wshrm.dll
2009-01-16 03:09 . 2009-01-16 03:09 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-16 03:08 . 2009-01-16 03:08 2,868,736 --a------ c:\windows\System32\mf.dll
2009-01-16 03:08 . 2009-01-16 03:08 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2009-01-16 03:08 . 2009-01-16 03:08 98,816 --a------ c:\windows\System32\mfps.dll
2009-01-16 03:08 . 2009-01-16 03:08 94,720 --a------ c:\windows\System32\logagent.exe
2009-01-16 03:08 . 2009-01-16 03:08 53,248 --a------ c:\windows\System32\rrinstaller.exe
2009-01-16 03:08 . 2009-01-16 03:08 24,576 --a------ c:\windows\System32\mfpmp.exe
2009-01-16 03:08 . 2009-01-16 03:08 2,048 --a------ c:\windows\System32\mferror.dll
2009-01-16 03:06 . 2009-01-16 03:06 1,645,568 --a------ c:\windows\System32\connect.dll
2009-01-16 03:06 . 2009-01-16 03:06 738,304 --a------ c:\windows\System32\inetcomm.dll
2009-01-16 03:06 . 2009-01-16 03:06 84,480 --a------ c:\windows\System32\INETRES.dll
2009-01-16 03:05 . 2009-01-16 03:05 1,314,816 --a------ c:\windows\System32\quartz.dll
2009-01-16 03:04 . 2009-01-16 03:04 <KANSIO> d-------- c:\program files\MSXML 4.0
2009-01-16 03:04 . 2009-01-16 03:04 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe
2009-01-16 03:04 . 2009-01-16 03:04 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe
2009-01-16 03:03 . 2009-01-16 03:03 1,334,272 --a------ c:\windows\System32\msxml6.dll
2009-01-16 03:03 . 2009-01-16 03:03 2,048 --a------ c:\windows\System32\msxml6r.dll
2009-01-15 23:29 . 2009-01-15 23:29 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2009-01-15 23:29 . 2009-01-15 23:29 1,524,736 --a------ c:\windows\System32\wucltux.dll
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-08 16:33 --------- d-----w c:\program files\Java
2009-02-02 18:31 --------- d-----w c:\program files\Microsoft.NET
2009-02-02 18:31 --------- d-----w c:\program files\Microsoft Small Business
2009-02-01 12:55 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-27 21:15 --------- d-----w c:\program files\Microsoft SQL Server
2009-01-16 19:35 --------- d-----w c:\program files\Hp
2009-01-16 18:05 174 --sha-w c:\program files\desktop.ini
2009-01-16 17:55 --------- d-----w c:\program files\Windows Sidebar
2009-01-16 17:55 --------- d-----w c:\program files\Windows Photo Gallery
2009-01-16 17:55 --------- d-----w c:\program files\Windows Mail
2009-01-16 17:55 --------- d-----w c:\program files\Windows Collaboration
2009-01-16 17:55 --------- d-----w c:\program files\Windows Calendar
2009-01-16 17:54 --------- d-----w c:\program files\Windows Defender
2009-01-16 01:38 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2009-01-16 01:38 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-01-16 01:38 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2009-01-16 01:38 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2009-01-16 01:38 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2009-01-16 01:38 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2009-01-15 17:16 --------- d-----w c:\programdata\Symantec
2009-01-15 17:16 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-15 16:59 --------- d-----w c:\programdata\Microsoft Help
2009-01-15 16:33 --------- d-----w c:\program files\Common Files\InstallShield
.
((((((((((((((((((((((((((((( SnapShot@2009-02-08_17.57.19.95 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-08 15:53:21 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-02-08 16:46:29 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-02-08 15:53:21 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-02-08 16:46:29 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-02-08 15:53:55 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-08 16:47:06 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-08 16:47:06 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-02-08 15:55:02 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-02-08 16:48:18 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-02-08 16:48:18 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-02-08 15:54:53 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-08 16:41:30 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-08 15:54:53 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-08 16:41:30 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-08 15:54:53 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-08 16:41:30 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-07-13 02:48:32 135,168 ----a-w c:\windows\System32\java.exe
+ 2009-02-08 16:33:18 144,792 ----a-w c:\windows\System32\java.exe
- 2007-07-13 02:48:32 135,168 ----a-w c:\windows\System32\javaw.exe
+ 2009-02-08 16:33:18 144,792 ----a-w c:\windows\System32\javaw.exe
- 2007-07-13 02:48:33 139,264 ----a-w c:\windows\System32\javaws.exe
+ 2009-02-08 16:33:18 148,888 ----a-w c:\windows\System32\javaws.exe
- 2009-02-08 15:42:33 122,462 ----a-w c:\windows\System32\perfc009.dat
+ 2009-02-08 16:42:58 120,326 ----a-w c:\windows\System32\perfc009.dat
- 2009-02-08 15:42:33 102,968 ----a-w c:\windows\System32\perfc00B.dat
+ 2009-02-08 16:42:58 102,968 ----a-w c:\windows\System32\perfc00B.dat
- 2009-02-08 15:42:33 642,214 ----a-w c:\windows\System32\perfh009.dat
+ 2009-02-08 16:42:58 640,078 ----a-w c:\windows\System32\perfh009.dat
- 2009-02-08 15:42:33 490,838 ----a-w c:\windows\System32\perfh00B.dat
+ 2009-02-08 16:42:58 490,838 ----a-w c:\windows\System32\perfh00B.dat
- 2009-02-08 15:55:26 7,788 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1762127266-1118977448-3924809113-1006_UserData.bin
+ 2009-02-08 16:48:38 8,154 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1762127266-1118977448-3924809113-1006_UserData.bin
- 2009-02-08 15:55:26 72,882 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-08 16:48:38 72,898 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-02-08 15:38:38 42,222 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-02-08 16:37:40 42,480 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot nollattu tähän hetkeen --
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-05-08 331552]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-02 163840]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-08 148888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-09 44168]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2009-01-15 192512]
GlobeTrotter Connect.lnk - c:\program files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe [2008-01-10 864256]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7ABF2801-B746-48B6-88CF-4971CA1D9F2A}"= UDP:3078:xbox1
"{902D0E6D-722A-44A6-8F9C-FCF38E13BF08}"= TCP:3078:xbox2
"{F8918402-7B01-4DD8-AD3A-216D3EA64E7C}"= TCP:88:xbox3
"{BEAADA9A-AD04-42CE-B318-DF531E284EE6}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3FE760DF-A205-441D-B3E4-B013CAAF2513}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{3DEAA194-3E0F-4271-B290-B9D879869C4A}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{C05F8F78-3F03-4FF4-9902-B135D299256F}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{FD00EFDC-2C9C-42BD-9C5E-41D36D71097C}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{766021DC-2467-4ED0-BE71-69327EF18B2C}"= UDP:c:\windows\Temp\~os10D.tmp\ossproxy.exe:ossproxy.exe
"TCP Query User{C79B7F91-1A5D-4585-BBA3-F612F48CB5F2}c:\\program files\\zillasoft.ws\\zilla ftp\\ftphelper.exe"= UDP:c:\program files\zillasoft.ws\zilla ftp\ftphelper.exe:Zilla FTP
"UDP Query User{5FE9146D-0772-4DDD-890D-0B0246C813E1}c:\\program files\\zillasoft.ws\\zilla ftp\\ftphelper.exe"= TCP:c:\program files\zillasoft.ws\zilla ftp\ftphelper.exe:Zilla FTP
"{03D73677-F13E-4FD8-B267-AAEBB948BB75}"= UDP:c:\program files\RelevantKnowledge\rlvknlg.exe:rlvknlg.exe
"{DA27F278-7499-4256-BE82-5592C6210B07}"= TCP:c:\program files\RelevantKnowledge\rlvknlg.exe:rlvknlg.exe
"TCP Query User{D437C2D3-89A2-4C58-B0FC-5CFCDC452EA5}c:\\program files\\dc++\\dcplusplus.exe"= UDP:c:\program files\dc++\dcplusplus.exe:DC++
"UDP Query User{D8CA8BEF-72CE-4AF5-ADCF-8BA6105AAC12}c:\\program files\\dc++\\dcplusplus.exe"= TCP:c:\program files\dc++\dcplusplus.exe:DC++
"{11D2E1D2-5F1A-4F88-8CB1-9F46D406DC52}"= UDP:c:\program files\RelevantKnowledge\rlvknlg.exe:rlvknlg.exe
"{7A13EAB8-066D-4DA5-882A-311D638DABA6}"= TCP:c:\program files\RelevantKnowledge\rlvknlg.exe:rlvknlg.exe
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-01-15 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-01-15 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-01-15 51792]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2007-07-13 179712]
R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\System32\drivers\Gt51Ip.sys [2007-11-13 106112]
R3 GT72UBUS;GT 72 U BUS;c:\windows\System32\drivers\gt72ubus.sys [2007-10-09 59264]
R3 GTPTSER;GT PT SER;c:\windows\System32\drivers\gtptser.sys [2007-03-30 8064]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a3fc249-acaa-11dc-8088-806e6f6e6963}]
\shell\AutoRun\command - D:\intro.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f46ac859-e32c-11dd-9ec2-001e370b0d98}]
\shell\AutoRun\command - F:\setup.exe AUTORUN=1
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {990BA001-D69F-9DB2-56CE-88E0399B30FB} /qb
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://www.hp.com
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=none&bd=smb&pf=laptop
TCP: {36B35BD7-9B0A-4D69-92C8-97DB66C94C51} = 192.168.0.254
TCP: {81CFD55D-CC4A-4ECE-8A66-E3ED289D4616} = 192.168.0.254
FF - ProfilePath - c:\users\Hannu.Hannu-PC\AppData\Roaming\Mozilla\Firefox\Profiles\yb0gzdnq.default\
FF - prefs.js: browser.startup.homepage - www.ksml.fi
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-08 18:48:08
Windows 6.0.6001 Service Pack 1 NTFS
tarkistaa piilotettuja prosesseja ...
tarkistaa piilotettuja käynnistysarvoja ...
tarkistaa piilotettuja tiedostoja ...
tarkistus on valmis
piilotetut tiedostot: 0
**************************************************************************
.
--------------------- Prosesseihin ladatut DLLt ---------------------
- - - - - - - > 'lsass.exe'(612)
c:\program files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
- - - - - - - > 'Explorer.exe'(5216)
c:\program files\Hewlett-Packard\IAM\bin\ItClient.dll
.
------------------------ Muut prosessit ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\System32\AEADISRV.EXE
c:\windows\System32\agrsmsvc.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Option\GlobeTrotter Connect\GtDetectSc.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\PDF Complete\pdfsvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Hewlett-Packard\IAM\Bin\asghost.exe
c:\windows\System32\conime.exe
c:\windows\SMINST\Scheduler.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Valmistumisajankohta: 2009-02-08 18:52:16 - kone käynnistettiin uudelleen
ComboFix-quarantined-files.txt 2009-02-08 16:52:04
ComboFix2.txt 2009-02-08 15:59:07
Ennen ajoa: 26 167 459 840 tavua vapaana
Ajon jälkeen: 26,027,823,104 tavua vapaana
343 --- E O F --- 2009-02-06 06:53:01
|
|
Hujo
Suspended permanently
|
8. helmikuuta 2009 @ 19:00 |
Linkki tähän viestiin
|
Luo poistolista:
? Avaa HiJackThis
? Klikkaa "Configure" valintaa oikealla alhaalla
? Klikkaa "Misc Tools"
? Klikkaa boxia joka sanoo "Uninstall Manager"
? Klikkaa valintaa "Save list"
? Kopioi ja liitä kyseinen lista muistiosta ketjuusi
Voiko tietsikka koskaan toimia?
|
|
juxxi88
Member
|
8. helmikuuta 2009 @ 19:04 |
Linkki tähän viestiin
|
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Agere Systems HDA Modem
Application Installer 4.00.B14
ATI Uninstaller
avast! Antivirus
BSPlayer
Canon Camera Window for ZoomBrowser EX
Canon DV TWAIN Driver 6.3.0
Canon Internet Library for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
ccc-Branding
CCleaner (remove only)
Credential Manager for HP ProtectTools
DC++ 0.7091
ESU for Microsoft Vista
GlobeTrotter Connect
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent
HijackThis 2.0.2
HP Active Support Library
HP Active Support Library 32 bit components
HP Backup & Recovery Manager -asennusohjelma
HP BIOS Configuration for ProtectTools
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Help and Support
HP Notebook Accessories Product Tour
HP ProtectTools Security Manager
HP Quick Launch Buttons 6.20 F2
HP Update
HP User Guides 0064
HP Wireless Assistant
InterVideo DVD Check
InterVideo WinDVD
Java(TM) 6 Update 12
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Finnish Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.6)
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB954430)
Outlook 2007 Business Contact Manager SP1
Outlook 2007 Business Contact Manager SP1
PDF Complete
RelevantKnowledge
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3 USB Driver Installer
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Sonic Activation Module
SoundMAX
Synaptics Pointing Device Driver
Windows Live installer
Windows Live Messenger
Windows Liven kirjautumisavustaja
Windows Liven sähköposti
Vista Default Settings
|
|
Hujo
Suspended permanently
|
8. helmikuuta 2009 @ 19:23 |
Linkki tähän viestiin
|
Nyt tuon alla olevan lainauksen sisällön Kopioit / liität Tyhjään muistioon
käynnistä nappi >apuohjelmat > muistio
Lainaus:
Folder::
c:\programdata\Symantec
c:\program files\Common Files\Symantec Shared
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
Tallenna se nimellä CFScript.txt työpöydälle
Sitten raahaa CFScript ComboFix.exeen kuten alla.
Laita tuleva loki tänne.
Sammutat ja käynnistät koneen
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 8. helmikuuta 2009 @ 19:23
|
|
juxxi88
Member
|
8. helmikuuta 2009 @ 19:50 |
Linkki tähän viestiin
|
Ohjelmassa luki että ohjelma käynnistää koneen uudestaan se ehti olla siinä vähän aikaa sitten tuli taas blue screen, kone käynnisty kuitenkin uudestaan ja loki tuli. Eli tossa se:
ComboFix 09-02-07.01 - Hannu 2009-02-08 19:34:51.3 - NTFSx86
Microsoft® Windows Vista? Home Basic 6.0.6001.1.1252.1.1035.18.1919.1202 [GMT 2:00]
Sijainti: c:\users\Hannu.Hannu-PC\Desktop\ComboFix.exe
Käytetyt komentorivivalitsimet :: c:\users\Hannu.Hannu-PC\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090116-0] *On-access scanning enabled* (Updated)
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
c:\programdata\Symantec
c:\programdata\Symantec\Definitions\SymcData\nco1.0defs\latest-hub-webauth.sql\LHW.sql.bin
c:\programdata\Symantec\LiveUpdate\Settings.LiveUpdate
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-01-08 to 2009-02-08 )))))))))))))))))
.
2009-02-08 18:33 . 2009-02-08 18:33 410,984 --a------ c:\windows\System32\deploytk.dll
2009-02-08 14:09 . 2009-02-08 14:09 <KANSIO> d-------- c:\program files\DC++
2009-02-08 11:34 . 2009-02-08 19:40 232,593,545 --a------ c:\windows\MEMORY.DMP
2009-02-08 10:11 . 2009-02-08 10:11 <KANSIO> d-------- c:\program files\Trend Micro
2009-02-04 08:28 . 2009-02-04 08:28 <KANSIO> d-------- c:\program files\CCleaner
2009-02-03 22:25 . 2009-02-03 22:25 <KANSIO> d-------- c:\users\All Users\Messenger Plus!
2009-02-03 22:25 . 2009-02-03 22:25 <KANSIO> d-------- c:\programdata\Messenger Plus!
2009-02-03 18:15 . 2009-02-03 18:15 <KANSIO> d-------- c:\program files\Messenger Plus! Live
2009-02-01 14:52 . 2009-02-01 14:52 0 --a------ c:\windows\OpPrintServer.INI
2009-02-01 14:49 . 2009-02-01 14:53 <KANSIO> d-------- c:\program files\Canon
2009-02-01 14:46 . 2009-02-01 14:52 <KANSIO> d-------- c:\users\Hannu.Hannu-PC\viikoloppu
2009-01-31 15:27 . 2009-01-31 15:27 <KANSIO> d-------- c:\users\Hannu.Hannu-PC\AppData\Roaming\PeerNetworking
2009-01-30 22:17 . 2009-01-31 00:07 <KANSIO> d-------- c:\program files\RelevantKnowledge
2009-01-30 22:17 . 2006-06-22 12:44 2,201,224 --a------ c:\windows\System32\flash.ocx
2009-01-30 22:17 . 2002-01-19 17:10 597,834 --a------ c:\windows\System32\AS-IFce1.ocx
2009-01-30 22:17 . 2004-02-05 14:53 389,120 --a------ c:\windows\System32\actskn43.ocx
2009-01-30 22:17 . 2004-04-08 11:27 279,392 --a------ c:\windows\System32\XceedFtp.dll
2009-01-30 22:17 . 2001-07-28 13:50 265,753 --a------ c:\windows\System32\AS-Exp2.ocx
2009-01-30 22:17 . 2004-01-09 04:54 188,416 --a------ c:\windows\System32\actsplash.ocx
2009-01-30 22:17 . 2000-12-06 00:00 109,248 --a------ c:\windows\System32\MSWINSCK.OCX
2009-01-30 22:17 . 2000-07-14 23:00 101,888 --a------ c:\windows\System32\VB6STKIT.DLL
2009-01-30 22:17 . 2003-06-22 19:31 65,536 --a------ c:\windows\System32\vbalProgBar6.ocx
2009-01-28 09:51 . 2009-01-28 09:51 <KANSIO> d-------- c:\program files\Webteh
2009-01-27 19:48 . 2009-01-27 19:48 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-01-25 21:56 . 2009-01-27 09:08 <KANSIO> d-------- c:\users\Hannu.Hannu-PC\AppData\Roaming\uTorrent
2009-01-25 21:56 . 2009-01-25 21:56 <KANSIO> d-------- c:\program files\uTorrent
2009-01-25 12:44 . 2009-02-02 20:29 <KANSIO> d-------- C:\Casino
2009-01-24 16:55 . 2009-01-24 16:55 <KANSIO> d-------- c:\users\Hannu.Hannu-PC\AppData\Roaming\InterVideo
2009-01-24 00:44 . 2009-01-24 00:44 <KANSIO> dr------- c:\windows\System32\config\systemprofile\Music
2009-01-19 14:20 . 2009-01-19 14:20 <KANSIO> d--h----- c:\users\All Users\CanonBJ
2009-01-19 14:20 . 2009-01-19 14:20 <KANSIO> d--h----- c:\programdata\CanonBJ
2009-01-19 14:18 . 2008-04-02 20:00 198,656 --a------ c:\windows\System32\CNMLM83.DLL
2009-01-19 14:03 . 2009-01-19 14:03 <KANSIO> d-------- c:\windows\SQL9_KB954606_ENU
2009-01-19 03:00 . 2009-01-19 03:00 <KANSIO> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-01-19 01:02 . 2009-01-19 01:02 <KANSIO> d-------- c:\users\All Users\WLInstaller
2009-01-19 01:02 . 2009-01-19 01:02 <KANSIO> d-------- c:\programdata\WLInstaller
2009-01-19 01:02 . 2009-01-19 01:27 <KANSIO> d-------- c:\program files\Windows Live
2009-01-19 01:02 . 2009-01-19 01:07 <KANSIO> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2009-01-17 20:06 . 2009-01-17 20:06 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-01-16 20:47 . 2009-01-16 20:47 <KANSIO> d-------- c:\windows\CheckSur
2009-01-16 20:28 . 2008-04-26 10:26 891,448 --a------ c:\windows\System32\drivers\tcpip.sys
2009-01-16 20:28 . 2008-04-12 05:32 784,896 --a------ c:\windows\System32\rpcrt4.dll
2009-01-16 20:28 . 2008-04-05 03:21 72,192 --a------ c:\windows\System32\drivers\pacer.sys
2009-01-16 20:28 . 2008-04-05 05:34 15,360 --a------ c:\windows\System32\pacerprf.dll
2009-01-16 20:26 . 2008-09-18 06:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2009-01-16 20:26 . 2008-09-18 06:56 125,952 --a------ c:\windows\System32\wersvc.dll
2009-01-16 19:54 . 2009-01-16 19:54 <KANSIO> d-------- C:\PerfLogs
2009-01-16 19:25 . 2008-01-19 09:33 8,139,264 --a------ c:\windows\System32\ssBranded.scr
2009-01-16 19:24 . 2008-01-19 09:35 3,072,000 --a------ c:\windows\System32\networkmap.dll
2009-01-16 19:23 . 2008-01-19 08:06 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-01-16 19:22 . 2008-01-19 09:36 357,888 --a------ c:\windows\System32\wbemcomn.dll
2009-01-16 19:22 . 2006-11-02 11:46 151,552 --a------ c:\windows\System32\WpdMtp.dll
2009-01-16 19:21 . 2008-01-19 09:36 704,512 --a------ c:\windows\System32\SmiEngine.dll
2009-01-16 19:21 . 2008-01-19 09:36 139,264 --a------ c:\windows\System32\SmiInstaller.dll
2009-01-16 19:21 . 2008-01-19 09:36 129,536 --a------ c:\windows\System32\sqmapi.dll
2009-01-16 19:20 . 2008-01-19 09:36 218,624 --a------ c:\windows\System32\wdscore.dll
2009-01-16 19:20 . 2008-01-19 09:33 130,560 --a------ c:\windows\System32\PkgMgr.exe
2009-01-16 19:19 . 2008-01-19 09:34 305,152 --a------ c:\windows\System32\msdelta.dll
2009-01-16 19:19 . 2008-01-19 09:34 258,560 --a------ c:\windows\System32\dpx.dll
2009-01-16 19:19 . 2008-01-19 09:34 246,784 --a------ c:\windows\System32\drvstore.dll
2009-01-16 19:19 . 2008-01-19 09:35 35,328 --a------ c:\windows\System32\mspatcha.dll
2009-01-16 18:13 . 2009-01-16 18:13 269,312 --a------ c:\windows\System32\es.dll
2009-01-16 03:57 . 2009-01-16 03:57 361,984 --a------ c:\windows\System32\IPSECSVC.DLL
2009-01-16 03:57 . 2009-01-16 03:57 272,896 --a------ c:\windows\System32\polstore.dll
2009-01-16 03:57 . 2009-01-16 03:57 61,440 --a------ c:\windows\System32\winipsec.dll
2009-01-16 03:57 . 2009-01-16 03:57 28,672 --a------ c:\windows\System32\FwRemoteSvr.dll
2009-01-16 03:56 . 2009-01-16 03:56 1,820 --a------ c:\windows\System32\rasctrnm.h
2009-01-16 03:55 . 2009-01-16 03:55 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2009-01-16 03:55 . 2009-01-16 03:55 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll
2009-01-16 03:55 . 2009-01-16 03:55 94,720 --a------ c:\windows\System32\PortableDeviceClassExtension.dll
2009-01-16 03:41 . 2009-01-16 03:41 296,960 --a------ c:\windows\System32\gdi32.dll
2009-01-16 03:40 . 2009-01-16 03:40 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-01-16 03:38 . 2009-01-16 03:38 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2009-01-16 03:38 . 2009-01-16 03:38 1,695,744 --a------ c:\windows\System32\gameux.dll
2009-01-16 03:38 . 2009-01-16 03:38 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2009-01-16 03:38 . 2009-01-16 03:38 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2009-01-16 03:37 . 2009-01-16 03:37 303,616 --a------ c:\windows\System32\wmpeffects.dll
2009-01-16 03:36 . 2009-01-16 03:36 2,032,640 --a------ c:\windows\System32\win32k.sys
2009-01-16 03:35 . 2009-01-16 03:35 1,191,936 --a------ c:\windows\System32\msxml3.dll
2009-01-16 03:35 . 2009-01-16 03:35 2,048 --a------ c:\windows\System32\msxml3r.dll
2009-01-16 03:31 . 2009-01-16 03:31 2,048 --a------ c:\windows\System32\tzres.dll
2009-01-16 03:26 . 2009-01-16 03:26 2,927,104 --a------ c:\windows\explorer.exe
2009-01-16 03:25 . 2008-01-19 09:34 15,872 --a------ c:\windows\System32\hcrstco.dll
2009-01-16 03:25 . 2006-11-02 11:46 8,704 --a------ c:\windows\System32\hccoin.dll
2009-01-16 03:23 . 2009-01-16 03:23 827,392 --a------ c:\windows\System32\wininet.dll
2009-01-16 03:21 . 2009-01-16 03:21 220,160 --a------ c:\windows\System32\drivers\bthport.sys
2009-01-16 03:21 . 2009-01-16 03:21 181,760 --a------ c:\windows\System32\fsquirt.exe
2009-01-16 03:21 . 2009-01-16 03:21 29,184 --a------ c:\windows\System32\drivers\BTHUSB.SYS
2009-01-16 03:21 . 2009-01-16 03:21 19,456 --a------ c:\windows\System32\drivers\bthenum.sys
2009-01-16 03:18 . 2009-01-16 03:18 988,216 --a------ c:\windows\System32\winload.exe
2009-01-16 03:18 . 2009-01-16 03:18 927,288 --a------ c:\windows\System32\winresume.exe
2009-01-16 03:18 . 2009-01-16 03:18 615,992 --a------ c:\windows\System32\ci.dll
2009-01-16 03:18 . 2009-01-16 03:18 378,368 --a------ c:\windows\System32\srcore.dll
2009-01-16 03:18 . 2009-01-16 03:18 318,464 --a------ c:\windows\System32\rstrui.exe
2009-01-16 03:18 . 2009-01-16 03:18 46,592 --a------ c:\windows\System32\setbcdlocale.dll
2009-01-16 03:18 . 2009-01-16 03:18 40,960 --a------ c:\windows\System32\srclient.dll
2009-01-16 03:18 . 2009-01-16 03:18 19,000 --a------ c:\windows\System32\kd1394.dll
2009-01-16 03:18 . 2009-01-16 03:18 14,848 --a------ c:\windows\System32\srdelayed.exe
2009-01-16 03:18 . 2009-01-16 03:18 6,656 --a------ c:\windows\System32\kbd106n.dll
2009-01-16 03:14 . 2009-01-16 03:14 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2009-01-16 03:14 . 2009-01-16 03:14 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2009-01-16 03:14 . 2009-01-16 03:14 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2009-01-16 03:12 . 2009-01-16 03:12 443,392 --a------ c:\windows\System32\win32spl.dll
2009-01-16 03:12 . 2009-01-16 03:12 37,888 --a------ c:\windows\System32\printcom.dll
2009-01-16 03:10 . 2009-01-16 03:10 113,664 --a------ c:\windows\System32\drivers\rmcast.sys
2009-01-16 03:10 . 2009-01-16 03:10 14,848 --a------ c:\windows\System32\wshrm.dll
2009-01-16 03:09 . 2009-01-16 03:09 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-16 03:08 . 2009-01-16 03:08 2,868,736 --a------ c:\windows\System32\mf.dll
2009-01-16 03:08 . 2009-01-16 03:08 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2009-01-16 03:08 . 2009-01-16 03:08 98,816 --a------ c:\windows\System32\mfps.dll
2009-01-16 03:08 . 2009-01-16 03:08 94,720 --a------ c:\windows\System32\logagent.exe
2009-01-16 03:08 . 2009-01-16 03:08 53,248 --a------ c:\windows\System32\rrinstaller.exe
2009-01-16 03:08 . 2009-01-16 03:08 24,576 --a------ c:\windows\System32\mfpmp.exe
2009-01-16 03:08 . 2009-01-16 03:08 2,048 --a------ c:\windows\System32\mferror.dll
2009-01-16 03:06 . 2009-01-16 03:06 1,645,568 --a------ c:\windows\System32\connect.dll
2009-01-16 03:06 . 2009-01-16 03:06 738,304 --a------ c:\windows\System32\inetcomm.dll
2009-01-16 03:06 . 2009-01-16 03:06 84,480 --a------ c:\windows\System32\INETRES.dll
2009-01-16 03:05 . 2009-01-16 03:05 1,314,816 --a------ c:\windows\System32\quartz.dll
2009-01-16 03:04 . 2009-01-16 03:04 <KANSIO> d-------- c:\program files\MSXML 4.0
2009-01-16 03:04 . 2009-01-16 03:04 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe
2009-01-16 03:04 . 2009-01-16 03:04 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe
2009-01-16 03:03 . 2009-01-16 03:03 1,334,272 --a------ c:\windows\System32\msxml6.dll
2009-01-16 03:03 . 2009-01-16 03:03 2,048 --a------ c:\windows\System32\msxml6r.dll
2009-01-15 23:29 . 2009-01-15 23:29 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2009-01-15 23:29 . 2009-01-15 23:29 1,524,736 --a------ c:\windows\System32\wucltux.dll
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-08 16:33 --------- d-----w c:\program files\Java
2009-02-02 18:31 --------- d-----w c:\program files\Microsoft.NET
2009-02-02 18:31 --------- d-----w c:\program files\Microsoft Small Business
2009-02-01 12:55 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-27 21:15 --------- d-----w c:\program files\Microsoft SQL Server
2009-01-16 19:35 --------- d-----w c:\program files\Hp
2009-01-16 18:05 174 --sha-w c:\program files\desktop.ini
2009-01-16 17:55 --------- d-----w c:\program files\Windows Sidebar
2009-01-16 17:55 --------- d-----w c:\program files\Windows Photo Gallery
2009-01-16 17:55 --------- d-----w c:\program files\Windows Mail
2009-01-16 17:55 --------- d-----w c:\program files\Windows Collaboration
2009-01-16 17:55 --------- d-----w c:\program files\Windows Calendar
2009-01-16 17:54 --------- d-----w c:\program files\Windows Defender
2009-01-16 01:38 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2009-01-16 01:38 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-01-16 01:38 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2009-01-16 01:38 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2009-01-16 01:38 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2009-01-16 01:38 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2009-01-15 16:59 --------- d-----w c:\programdata\Microsoft Help
2009-01-15 16:33 --------- d-----w c:\program files\Common Files\InstallShield
.
((((((((((((((((((((((((((((( SnapShot_2009-02-08_18.50.27.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-08 16:46:29 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-02-08 17:40:32 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-02-08 16:46:29 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-02-08 17:40:32 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-02-08 16:47:06 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-08 17:41:07 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-08 17:41:07 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-02-08 16:48:18 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-02-08 17:42:11 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2009-02-08 16:42:58 120,326 ----a-w c:\windows\System32\perfc009.dat
+ 2009-02-08 17:37:57 120,810 ----a-w c:\windows\System32\perfc009.dat
- 2009-02-08 16:42:58 102,968 ----a-w c:\windows\System32\perfc00B.dat
+ 2009-02-08 17:37:57 102,968 ----a-w c:\windows\System32\perfc00B.dat
- 2009-02-08 16:42:58 640,078 ----a-w c:\windows\System32\perfh009.dat
+ 2009-02-08 17:37:57 640,562 ----a-w c:\windows\System32\perfh009.dat
- 2009-02-08 16:42:58 490,838 ----a-w c:\windows\System32\perfh00B.dat
+ 2009-02-08 17:37:57 490,838 ----a-w c:\windows\System32\perfh00B.dat
- 2009-02-08 16:48:38 8,154 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1762127266-1118977448-3924809113-1006_UserData.bin
+ 2009-02-08 17:42:39 8,178 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1762127266-1118977448-3924809113-1006_UserData.bin
- 2009-02-08 16:48:38 72,898 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-08 17:42:39 72,914 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-02-08 16:37:40 42,480 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-02-08 17:32:52 42,916 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-05-08 331552]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-02 163840]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-08 148888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-09 44168]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2009-01-15 192512]
GlobeTrotter Connect.lnk - c:\program files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe [2008-01-10 864256]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7ABF2801-B746-48B6-88CF-4971CA1D9F2A}"= UDP:3078:xbox1
"{902D0E6D-722A-44A6-8F9C-FCF38E13BF08}"= TCP:3078:xbox2
"{F8918402-7B01-4DD8-AD3A-216D3EA64E7C}"= TCP:88:xbox3
"{BEAADA9A-AD04-42CE-B318-DF531E284EE6}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3FE760DF-A205-441D-B3E4-B013CAAF2513}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{3DEAA194-3E0F-4271-B290-B9D879869C4A}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{C05F8F78-3F03-4FF4-9902-B135D299256F}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{FD00EFDC-2C9C-42BD-9C5E-41D36D71097C}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{766021DC-2467-4ED0-BE71-69327EF18B2C}"= UDP:c:\windows\Temp\~os10D.tmp\ossproxy.exe:ossproxy.exe
"TCP Query User{C79B7F91-1A5D-4585-BBA3-F612F48CB5F2}c:\\program files\\zillasoft.ws\\zilla ftp\\ftphelper.exe"= UDP:c:\program files\zillasoft.ws\zilla ftp\ftphelper.exe:Zilla FTP
"UDP Query User{5FE9146D-0772-4DDD-890D-0B0246C813E1}c:\\program files\\zillasoft.ws\\zilla ftp\\ftphelper.exe"= TCP:c:\program files\zillasoft.ws\zilla ftp\ftphelper.exe:Zilla FTP
"{03D73677-F13E-4FD8-B267-AAEBB948BB75}"= UDP:c:\program files\RelevantKnowledge\rlvknlg.exe:rlvknlg.exe
"{DA27F278-7499-4256-BE82-5592C6210B07}"= TCP:c:\program files\RelevantKnowledge\rlvknlg.exe:rlvknlg.exe
"TCP Query User{D437C2D3-89A2-4C58-B0FC-5CFCDC452EA5}c:\\program files\\dc++\\dcplusplus.exe"= UDP:c:\program files\dc++\dcplusplus.exe:DC++
"UDP Query User{D8CA8BEF-72CE-4AF5-ADCF-8BA6105AAC12}c:\\program files\\dc++\\dcplusplus.exe"= TCP:c:\program files\dc++\dcplusplus.exe:DC++
"{11D2E1D2-5F1A-4F88-8CB1-9F46D406DC52}"= UDP:c:\program files\RelevantKnowledge\rlvknlg.exe:rlvknlg.exe
"{7A13EAB8-066D-4DA5-882A-311D638DABA6}"= TCP:c:\program files\RelevantKnowledge\rlvknlg.exe:rlvknlg.exe
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-01-15 111184]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2009-01-16 21504]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2009-01-16 21504]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-01-15 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-01-15 51792]
R2 BcmSqlStartupSvc;Business Contact Managerin SQL Server -käynnistyspalvelu;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R2 GtDetectSc;GtDetectSc;c:\program files\Option\GlobeTrotter Connect\GtDetectSc.exe [2007-12-18 196704]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2007-07-13 540448]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2007-07-13 179712]
R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\System32\drivers\Gt51Ip.sys [2007-11-13 106112]
R3 GT72UBUS;GT 72 U BUS;c:\windows\System32\drivers\gt72ubus.sys [2007-10-09 59264]
R3 GTPTSER;GT PT SER;c:\windows\System32\drivers\gtptser.sys [2007-03-30 8064]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a3fc249-acaa-11dc-8088-806e6f6e6963}]
\shell\AutoRun\command - D:\intro.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f46ac859-e32c-11dd-9ec2-001e370b0d98}]
\shell\AutoRun\command - F:\setup.exe AUTORUN=1
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {990BA001-D69F-9DB2-56CE-88E0399B30FB} /qb
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://www.hp.com
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=none&bd=smb&pf=laptop
TCP: {36B35BD7-9B0A-4D69-92C8-97DB66C94C51} = 192.168.0.254
TCP: {81CFD55D-CC4A-4ECE-8A66-E3ED289D4616} = 192.168.0.254
FF - ProfilePath - c:\users\Hannu.Hannu-PC\AppData\Roaming\Mozilla\Firefox\Profiles\yb0gzdnq.default\
FF - prefs.js: browser.startup.homepage - www.ksml.fi
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-08 19:42:17
Windows 6.0.6001 Service Pack 1 NTFS
tarkistaa piilotettuja prosesseja ...
tarkistaa piilotettuja käynnistysarvoja ...
tarkistaa piilotettuja tiedostoja ...
tarkistus on valmis
piilotetut tiedostot: 0
**************************************************************************
.
--------------------- Prosesseihin ladatut DLLt ---------------------
- - - - - - - > 'lsass.exe'(636)
c:\program files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
- - - - - - - > 'Explorer.exe'(3788)
c:\program files\Hewlett-Packard\IAM\bin\ItClient.dll
.
------------------------ Muut prosessit ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Hewlett-Packard\IAM\Bin\asghost.exe
c:\windows\System32\AEADISRV.EXE
c:\windows\System32\agrsmsvc.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\System32\conime.exe
c:\windows\SMINST\Scheduler.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Valmistumisajankohta: 2009-02-08 19:46:01 - kone käynnistettiin uudelleen [Hannu]
ComboFix-quarantined-files.txt 2009-02-08 17:45:51
ComboFix2.txt 2009-02-08 16:52:18
ComboFix3.txt 2009-02-08 15:59:07
Ennen ajoa: 27 525 042 176 tavua vapaana
Ajon jälkeen: 27,360,899,072 tavua vapaana
333 --- E O F --- 2009-02-06 06:53:01
|
|
Hujo
Suspended permanently
|
8. helmikuuta 2009 @ 19:58 |
Linkki tähän viestiin
|
Kirjoita suorita luukkuun
ComboFix /u
Klikkaa OK
==============
sammuta ja käynnistä
===========
Lataa Malwarebytes' Anti-Malware työpöydällesi.
1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi
Voiko tietsikka koskaan toimia?
|
|
juxxi88
Member
|
8. helmikuuta 2009 @ 21:04 |
Linkki tähän viestiin
|
|
Nyt malware tekee täyttä tarkistusta.
Tein tuon ennen sitä:
Kirjoita suorita luukkuun
ComboFix /u
Klikkaa OK
Tarvitsetko tuosta lokia? vai vaan tuosta malwaresta kun se on valmis?
|
|
Hujo
Suspended permanently
|
8. helmikuuta 2009 @ 21:11 |
Linkki tähän viestiin
|
|
ComboFix /u <-- tuolla poistetaan koneelta Combofix
laita se Malwarebytes' Anti-Malware loki kun on valmis
ja jos jotian löytyy niin tuo
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
Voiko tietsikka koskaan toimia?
|
|
juxxi88
Member
|
8. helmikuuta 2009 @ 22:11 |
Linkki tähän viestiin
|
Malwarebytes' Anti-Malware 1.33
Tietokantaversio: 1738
Windows 6.0.6001 Service Pack 1
8.2.2009 22:10:38
mbam-log-2009-02-08 (22-10-38).txt
Tarkistustyyppi: Täysi tarkistus (C:\|E:\|)
Tarkistetut kohteet: 135388
Kulunut aika: 50 minute(s), 15 second(s)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 1
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 2
Saastuneita tiedostoja: 10
Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)
Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriarvoja:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cognizancets (Trojan.Agent) -> Quarantined and deleted successfully.
Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)
Saastuneita hakemistoja:
C:\Program Files\RelevantKnowledge (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (Spyware.Marketscore) -> Quarantined and deleted successfully.
Saastuneita tiedostoja:
C:\Program Files\RelevantKnowledge\rlls.dll (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rloci.bin (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlservice.exe (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlvknlg.exe (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Public\Desktop\Antivirus.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
|
|
Hujo
Suspended permanently
|
8. helmikuuta 2009 @ 22:23 |
Linkki tähän viestiin
|
Katos että tuo ei ole päällä
Avaa Windows Defender.
Klikkaa Tools ja General Settings.
Selaa alas ja ota rasti pois Turn on real-time protection (recommended)-kohdasta.
Tämän jälkeen klikkaa Save ja sulje Windows Defender.
Äläkkä laita päälle
=================
scannaa uusi hjt:n loki
Mikäs on koneen toiminta
Voiko tietsikka koskaan toimia?
|
|
juxxi88
Member
|
8. helmikuuta 2009 @ 22:33 |
Linkki tähän viestiin
|
Tuossa ois toi.
Alkaako siinä olemaan kaikki ettei kone enää sammuilis itsestään?
Välillä ollut hidas tää kone aikasemmi, mut nyt en vielä ainakaan ole huomannut mitään ja blue screenia ei ole tullut vielä ainakaan. :)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:02:25, on 8.2.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\system32\conime.exe
C:\WINDOWS\SMINST\scheduler.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\Explorer.exe
C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...d=smb&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: GlobeTrotter Connect.lnk = C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{36B35BD7-9B0A-4D69-92C8-97DB66C94C51}: NameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{81CFD55D-CC4A-4ECE-8A66-E3ED289D4616}: NameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{36B35BD7-9B0A-4D69-92C8-97DB66C94C51}: NameServer = 192.168.0.254
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GtDetectSc - OptionNV - C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 6970 bytes
|
|
Hujo
Suspended permanently
|
8. helmikuuta 2009 @ 22:43 |
Linkki tähän viestiin
|
Eiköhän tuo aika pulkassa ole
================
Lataa OTMoveIt
OTMoveIt ja tallenna se työpöydällesi.
Tuplaklikkaa OTMoveIt.exe.
Klikkaa CleanUp!.
Valitse Yes kun kysytään "Begin cleanup Process?".
Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.
HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.
==============
Puhdistaja
Valitse vasemmalta pystyrivistä Puhdistaja.
Paina alhaalta Tutki.
Nyt CCleaneri tutkii, mitä voidaan poistaa (tempit, cookiessit jne.).
Kun tutkiminen on valmis, paina Aja CCleaner.
Nyt CCleaneri poistaa löydetyt tempit, cookiessit jne.
Rekisterin virheiden korjaus
Valitse vasemmalta pystyrivistä Rekisteri.
Paina alhaalta Etsi rekisterin virheitä.
Kun etsintä on valmis ja olet varma, että haluat korjata ne rivit jotka ovat merkattuja, niin paina Korjaa valitut rekisterin virheet.
Sinulta kysytään "haluatko varmuuskopioida muutokset rekisteriin", paina Kyllä. Tallenna varmuuskopio vaikka "Omat tiedostot" -kansioon.
Klikkaa uudesta aukeavasta ikkunasta Korjaa kaikki valitut virheet.
Saat vielä varmistus kysymyksen, paina Ok.
Kun virheet on korjattu, paina Sulje.
Nyt voit sulkea CCleanerin painamalla oikealta ylhäältä punaista rastia.
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 8. helmikuuta 2009 @ 22:45
|
|
juxxi88
Member
|
8. helmikuuta 2009 @ 22:53 |
Linkki tähän viestiin
|
|
nyt on kaikki nuo tehty. :) Kiitoksia paljon avusta. toivottavasti kone nyt toimii ettei sammuile itsestään :)
|
|
Hujo
Suspended permanently
|
8. helmikuuta 2009 @ 22:59 |
Linkki tähän viestiin
|
|
Jos kone samuu itestään niin oliskos lämmöt korkeella
Voiko tietsikka koskaan toimia?
|
|
juxxi88
Member
|
11. helmikuuta 2009 @ 14:10 |
Linkki tähän viestiin
|
|
Hei taas!
Koneessa taas vika.. sammuilee taas itsestään, kun asensin pari ohjelamaa koneelle. laitanko lokia taas tulemaan tänne keskusteluun?
Kone toimi hyvin pari päivää mutta taas sammuilee
|
|
Hujo
Suspended permanently
|
11. helmikuuta 2009 @ 17:07 |
Linkki tähän viestiin
|
|
Malwarebytes' Anti-Malware Päivitä ja aja täysi scannaus.
Voiko tietsikka koskaan toimia?
|
|
Mainos
|
|
|
|
juxxi88
Member
|
11. helmikuuta 2009 @ 20:22 |
Linkki tähän viestiin
|
|
tein päivityksen ja skannauksen mitään ei löytynyt.. nyt kone ei ole sammuillut 2-3 tuntiin.
|
|
