AfterDawn.com Mainosta sivuillamme
User Käyttäjä Salasana  
  Puuttuuko tunnus? Liity jäseneksi nyt!.
Salasana hukassa? Klikkaa tästä. 		 
  Etusivu   Uutiset   Oppaat   Ohjelmat   Sanasto   Laitevertailu   Profiilit   Keskustelu  
 Yksityisviestit     Luo uusi yksityisviesti     Kaikki uudet viestit     Ilman vastauksia olevat viestiketjut     Hae viestejä
maanantai 17.11.2025 / 01:35
Hae keskustelualueilta:        In English   Suomeksi   På svenska
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > firefox sekoaa
Näytä aiheet
 
Keskustelualueet
Keskustelualueet
Firefox sekoaa
  Siirry:
 
Kirjoittaja Viesti
juhko
Newbie
_ 		9. helmikuuta 2009 @ 21:35 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Firefox alkaa toisinaan yht'äkkiä olemaan huolimatta osoiteriville kirjoitettua www-osoitetta. Sen sijaan alkaa rullaamaan kursoria vasemmalta oikealle. Jos samalla menee valitsemaan jotakin ylävalikosta (File, Edit jne.), niin sama rullaus käynnistyy sielläkin. Konetta ei voi sammuttaa muuten kuin virtanäppäimellä. Pöpöjä tarkasteltu usealla ohjelmalla useaan kertaan, mutta ei löydy. Ohessa HijackThis-loki. Löytyisikö sieltä jotakin ylimääräistä.

/JK

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:10:26, on 9.2.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\astsrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Samsung\EmoDio\SMSTray.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\Program Files\DynDNS Updater\DynUpPs.exe
C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\espmain.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\DynDNS Updater\DynTray.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\MSI\DualCoreCenter\DualCoreCenter.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ulvila.fi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ulvila.fi
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\EmoDio\SMSTray.exe
O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MSI Live] C:\Program Files\MSI\MSI Live\SetWallpaper.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: DualCoreCenter.lnk = C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
O4 - Global Startup: DynDNS Updater.lnk = C:\Program Files\DynDNS Updater\DynUpPs.exe
O4 - Global Startup: EPSON SMART PANEL for Scanner.lnk = C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\espmain.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: SATARaid.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,77,65,62,5c,72,65,6c-,61,74,65,64,2e,68,74,6d,00 (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,77,65,62,5c,72,65,6c-,61,74,65,64,2e,68,74,6d,00 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\SYSTEM32\astsrv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe

--
End of file - 11992 bytes
[ + lainaa]
Hujo
Suspended permanently
_ 		9. helmikuuta 2009 @ 23:24 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Aveg8 ja nortonia koneella mikäs on käytöss

============

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi

[ + lainaa]
Voiko tietsikka koskaan toimia?
juhko
Newbie
_ 		10. helmikuuta 2009 @ 18:05 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Alla loki. Saastaa ei löytynty.

/JK

Malwarebytes' Anti-Malware 1.33
Tietokantaversio: 1743
Windows 5.1.2600 Service Pack 3

10.2.2009 17:59:48
mbam-log-2009-02-10 (17-59-48).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|E:\|M:\|Q:\|R:\|)
Tarkistetut kohteet: 160260
Kulunut aika: 1 hour(s), 7 minute(s), 35 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)
[ + lainaa]
Hujo
Suspended permanently
_ 		10. helmikuuta 2009 @ 18:33 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan:

sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä

Jossakin koneissa hakataan F8:sin sijasta F5:tä

" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.

[ + lainaa]
Voiko tietsikka koskaan toimia?
juhko
Newbie
_ 		10. helmikuuta 2009 @ 19:39 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Alla loki ja raportti

/JK

HJT-loki

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:31:30, on 10.2.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\astsrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Samsung\EmoDio\SMSTray.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\DynDNS Updater\DynUpPs.exe
C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\espmain.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\DynDNS Updater\DynTray.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\MSI\DualCoreCenter\DualCoreCenter.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\SpamEater Pro 4\SpamEaterPro.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ulvila.fi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ulvila.fi
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\EmoDio\SMSTray.exe
O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MSI Live] C:\Program Files\MSI\MSI Live\SetWallpaper.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: DualCoreCenter.lnk = C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
O4 - Global Startup: DynDNS Updater.lnk = C:\Program Files\DynDNS Updater\DynUpPs.exe
O4 - Global Startup: EPSON SMART PANEL for Scanner.lnk = C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\espmain.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: SATARaid.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,77,65,62,5c,72,65,6c-,61,74,65,64,2e,68,74,6d,00 (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,77,65,62,5c,72,65,6c-,61,74,65,64,2e,68,74,6d,00 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\SYSTEM32\astsrv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe

--
End of file - 12272 bytes

SDFix-report


SDFix: Version 1.240
Run by Administrator on ti 10.02.2009 at 19:14

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\Documents and Settings\Administrator\Desktop\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :

C:\WINDOWS
:7ADEA7052AF347F3 48
:AstInfo 0
Total size: 48 bytes.
WINDOWS: The process cannot access the file because it is being used by another process.

Checking for remaining Streams

C:\WINDOWS
:AstInfo 0
Total size: 0 bytes.




Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-10 19:25:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DF4D3603-C7B4-A268-158F-FC562EE69141}]
"hadechhpamhmehba"=hex:6f,61,6c,67,6b,64,70,65,6b,63,66,63,66,70,67,63,6e,67,6f,62,6c,..
"jagepgpknkaappeolgio"=hex:64,62,70,63,6e,6f,62,67,6b,62,65,69,69,70,67,68,6d,70,65,6b,6f,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Expression\\Media 1.0\\Media.exe"="C:\\Program Files\\Microsoft Expression\\Media 1.0\\Media.exe:*:Enabled:iView Multimedia"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\WINDOWS\\system32\\muzapp.exe"="C:\\WINDOWS\\system32\\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"="C:\\Program Files\\Orbitdownloader\\orbitdm.exe:*:Enabled:Orbit"
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"="C:\\Program Files\\Orbitdownloader\\orbitnet.exe:*:Enabled:Orbit"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"="C:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe:*:Enabled:Mozilla Thunderbird"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"="C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\\Program Files\\Kjaeruff1\\PVRManager\\PVRManager.exe"="C:\\Program Files\\Kjaeruff1\\PVRManager\\PVRManager.exe:*:Enabled:PVR Manager"
"C:\\Program Files\\kjaerulff1\\PVRManager\\PVRManager.exe"="C:\\Program Files\\kjaerulff1\\PVRManager\\PVRManager.exe:*:Enabled:PVR Manager"
"C:\\Program Files\\kjaerulff1\\PVRManager\\MFServer.exe"="C:\\Program Files\\kjaerulff1\\PVRManager\\MFServer.exe:*:Enabled:MediaShare"
"C:\\Program Files\\BUFFALO\\AirStation\\ecset\\ecset.exe"="C:\\Program Files\\BUFFALO\\AirStation\\ecset\\ecset.exe:*:Enabled:Ethernet Converter Manager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :



Files with Hidden Attributes :

Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\Tools.dll"
Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Sun 16 Mar 2008 216,064 ..SHR --- "C:\WINDOWS\system32\nbDX.dll"
Mon 4 Oct 2004 417,792 A..H. --- "C:\Program Files\Canon\Canon Setup Utility 2.3\Maint.exe"
Tue 11 May 2004 61,440 A..H. --- "C:\Program Files\Canon\Canon Setup Utility 2.3\uinstrsc.dll"
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Fri 26 Sep 2008 72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Tue 2 Oct 2007 16,384 A.SHR --- "C:\Program Files\eRightSoft\SUPER\_Setup.dll"
Sun 18 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sun 4 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll"
Tue 10 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll"
Tue 10 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll"
Tue 10 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll"
Tue 10 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll"
Tue 10 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll"
Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll"
Thu 20 Mar 2008 5,632 ..SHR --- "C:\Program Files\eRightSoft\SUPER\spk\1stRun.exe"
Wed 7 Jan 2009 616,448 A.SH. --- "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\f8rbgkrh.TMP"

Finished!
[ + lainaa]
Hujo
Suspended permanently
_ 		10. helmikuuta 2009 @ 23:26 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
scannaa hjt:llä merkkaa paina Fix checked

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,77,65,62,5c,72,65,6c-,61,74,65,64,2e,68,74,6d,00 (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,77,65,62,5c,72,65,6c-,61,74,65,64,2e,68,74,6d,00 (file missing)

================

Lataa ja suorita Norton-poistotyökalu

===============

1.Lataa Combofix.exe työpöydällesi yhdestä linkistä:
Combofix1
Combofix2

älä asenna palautus consolia
2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
[ + lainaa]
Voiko tietsikka koskaan toimia?
juhko
Newbie
_ 		11. helmikuuta 2009 @ 18:02 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Alla ComboFix-loki

/JK

ComboFix 09-02-10.03 - Administrator 2009-02-11 17:43:02.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1403 [GMT 2:00]
Sijainti: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Network Edition *On-access scanning disabled* (Updated)
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated)
FW: AVG Firewall *enabled*
* Uusi palautuspiste luotu

VAROITUS - PALAUTUSKONSOLIA EI OLE ASENNETTU !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\inst.exe

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-01-11 to 2009-02-11 )))))))))))))))))
.

2009-02-10 19:13 . 2009-02-10 19:13 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-02-10 19:09 . 2009-02-10 19:10 <DIR> d-------- c:\windows\ERUNT
2009-02-09 21:57 . 2009-02-09 21:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-09 21:56 . 2009-02-09 21:56 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-02-09 21:56 . 2009-02-09 21:56 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-02-03 17:53 . 2009-02-03 17:53 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-03 17:53 . 2009-02-03 17:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-03 17:53 . 2009-02-03 17:53 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-02-03 17:53 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-03 17:53 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-02 18:12 . 2009-02-02 18:12 0 --a------ c:\windows\CleaningLab.INI
2009-02-02 18:10 . 2009-02-02 18:11 <DIR> d-------- c:\program files\MAGIX
2009-02-02 18:10 . 2009-02-02 18:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\MAGIX
2009-02-02 18:09 . 2009-02-02 18:11 <DIR> d-------- c:\windows\system32\MAGIX
2009-02-02 18:09 . 2008-04-15 16:14 700,416 --a------ c:\windows\system32\mgxoschk.dll
2009-02-02 18:09 . 2009-02-02 18:11 5,937 --a------ c:\windows\mgxoschk.ini
2009-01-30 01:02 . 2009-01-30 01:02 103,488 --a------ c:\windows\system32\drivers\AnyDVD.sys
2009-01-30 00:57 . 2009-01-30 00:57 23,976 --a------ c:\windows\system32\drivers\ElbyCDIO.sys
2009-01-29 23:54 . 2009-01-29 23:54 89,256 --a------ c:\windows\system32\ElbyCDIO.dll
2009-01-29 20:21 . 2009-01-29 20:21 <DIR> d-------- c:\program files\Common Files\onOne Software Shared
2009-01-29 20:21 . 2005-08-21 15:57 227,840 --a------ c:\windows\system32\Deco_32.dll
2009-01-29 19:03 . 2009-02-11 16:49 <DIR> d-------- c:\documents and settings\Administrator\Application Data\nView_Wallpaper
2009-01-29 18:47 . 2009-01-29 18:47 0 --a------ c:\windows\msicpl.ini
2009-01-28 22:02 . 2009-01-29 20:21 <DIR> d-------- c:\program files\onOne Software
2009-01-28 22:02 . 2009-01-28 22:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\onOne Software
2009-01-28 22:02 . 2009-01-29 20:24 <DIR> d-------- c:\documents and settings\Administrator\Application Data\onOne Software
2009-01-28 22:02 . 2008-11-10 12:08 57,344 --a------ c:\windows\system32\ASTSRV.EXE
2009-01-27 21:42 . 2009-01-27 21:43 <DIR> d-------- c:\program files\Vuescan
2009-01-27 21:20 . 2009-01-28 18:44 <DIR> d-------- C:\VueScan
2009-01-25 17:21 . 2009-01-27 21:22 <DIR> d-------- c:\documents and settings\Administrator\Application Data\LimeWire
2009-01-25 17:20 . 2009-01-25 17:20 <DIR> d-------- c:\program files\LimeWire
2009-01-23 16:04 . 2009-01-23 16:04 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Windows Search
2009-01-22 23:02 . 2009-01-22 23:07 <DIR> d-------- c:\program files\RegCure
2009-01-20 21:05 . 2009-01-30 20:21 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-01-20 20:21 . 2009-01-20 20:20 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-01-20 20:13 . 2009-01-20 20:13 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-18 21:24 . 2009-01-18 21:24 <DIR> d-------- c:\program files\Windows Defender
2009-01-15 19:27 . 2009-01-21 19:30 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-15 19:27 . 2009-01-15 19:27 1,409 --a------ c:\windows\QTFont.for

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-11 15:31 --------- d-----w c:\documents and settings\Administrator\Application Data\Orbit
2009-02-11 15:06 --------- d-----w c:\program files\SpamEater Pro 4
2009-02-11 15:05 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-10 19:15 --------- d-----w c:\program files\Mozilla Thunderbird
2009-02-09 19:56 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-08 13:35 --------- d-----w c:\program files\Orbitdownloader
2009-02-06 18:42 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-06 18:41 --------- d-----w c:\program files\SpywareBlaster
2009-02-06 16:34 --------- d-----w c:\program files\a-squared Free
2009-01-31 10:11 --------- d-----w c:\documents and settings\Administrator\Application Data\uTorrent
2009-01-29 18:21 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-29 16:42 --------- d-----w c:\program files\MSI
2009-01-27 19:43 --------- d-----w c:\program files\Vuescan
2009-01-24 12:54 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-20 18:12 --------- d-----w c:\program files\Lavasoft
2009-01-18 17:48 --------- d-----w c:\program files\CCleaner
2009-01-15 15:19 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-15 15:07 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8
2009-01-15 15:06 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-15 15:06 12,552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-01-15 15:06 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-15 15:06 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2009-01-09 15:39 --------- d-----w c:\program files\MRecord
2009-01-07 17:22 --------- d-----w c:\program files\BUFFALO
2009-01-07 15:21 --------- d-----w c:\program files\MMTaskbar
2009-01-07 15:18 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2009-01-05 15:42 --------- d-----w c:\program files\DynDNS Updater
2009-01-05 15:42 --------- d-----w c:\documents and settings\All Users\Application Data\DynDNS
2008-12-30 19:17 --------- d-----w c:\program files\kjaerulff1
2008-12-30 18:50 --------- d-----w c:\program files\Kjaeruff1
2008-12-26 16:04 --------- d-----w c:\documents and settings\Administrator\Application Data\SlySoft
2008-12-26 15:25 --------- d-----w c:\program files\PowerISO
2008-12-26 14:31 --------- d-----w c:\program files\DVDFab 5
2008-12-26 14:30 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-12-26 14:30 47,360 ----a-w c:\documents and settings\Administrator\Application Data\pcouffin.sys
2008-12-26 14:30 --------- d-----w c:\documents and settings\Administrator\Application Data\Vso
2008-12-26 14:05 --------- d-----w c:\program files\ImgBurn
2008-12-23 14:19 --------- d-----w c:\program files\Common Files\Adobe
2008-12-18 20:24 --------- d-----w c:\documents and settings\Administrator\Application Data\Digital Support
2008-12-18 20:23 --------- d-----w c:\program files\Digital Support
2008-12-18 19:09 --------- d-----w c:\documents and settings\Administrator\Application Data\Uniblue
2008-12-14 14:02 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-14 14:02 --------- d-----w c:\program files\Java
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2007-11-27 18:15 2,148,360 ----a-w c:\documents and settings\Administrator\TRACE_HIBERNATE_1_1.BIN
2005-09-09 16:55 7,155,864 ----a-w c:\program files\NGhost10.msi
2005-09-09 16:55 37,766,164 ----a-w c:\program files\Data1.cab
2005-09-09 16:55 35 ----a-w c:\program files\SCSSDist.ini
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 12:30 216,064 --sh--r c:\windows\system32\nbDX.dll
2008-08-27 17:14 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082720080828\index.dat
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-01-30 2542528]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-29 509784]
"SMSTray"="c:\program files\Samsung\EmoDio\SMSTray.exe" [2008-09-17 484880]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"MSI Live"="c:\program files\MSI\MSI Live\SetWallpaper.exe" [2005-11-10 212992]
"LiveMonitor"="c:\program files\MSI\Live Update 3\LMonitor.exe" [2008-04-30 498176]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
DualCoreCenter.lnk - c:\program files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2009-01-07 192512]
DynDNS Updater.lnk - c:\program files\DynDNS Updater\DynUpPs.exe [2008-06-23 94208]
EPSON SMART PANEL for Scanner.lnk - c:\program files\EPSON\EPSON SMART PANEL for Scanner\espmain.exe [2007-11-19 180224]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-11-20 692224]
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2008-10-05 1711304]
SATARaid.lnk - c:\program files\Silicon Image\SiISATARaid\SATARaid.exe [2007-11-18 1019961]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "c:\progra~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-15 17:06 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2005-09-25 19:11 94208 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
--a------ 2004-01-14 03:10 409600 c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2005-09-25 19:11 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-11-02 10:38 167936 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2007-04-11 15:32 56080 c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"a2free"=2 (0x2)
"Bonjour Service"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Expression\\Media 1.0\\Media.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Kjaeruff1\\PVRManager\\PVRManager.exe"=
"c:\\Program Files\\kjaerulff1\\PVRManager\\PVRManager.exe"=
"c:\\Program Files\\kjaerulff1\\PVRManager\\MFServer.exe"=
"c:\\Program Files\\BUFFALO\\AirStation\\ecset\\ecset.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-07-15 12552]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-20 64160]
R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2006-12-26 97408]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [2006-12-26 10240]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-07-15 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-07-15 107272]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-15 903960]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-15 298264]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-01-15 1339600]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2008-07-15 29208]
R3 DualCoreCenter;DualCoreCenter;c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [2009-01-07 28160]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S3 AC2003;AC2003;c:\windows\system32\drivers\AC2003.sys [2007-11-18 4224]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2008-07-15 29208]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-06-19 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-06-19 8320]
S3 TFBULK;Topfield USB client driver;c:\windows\system32\drivers\TfBulk.sys [2003-08-26 41996]
.
'Ajoitetut tehtävät'-kansion sisältö

2009-02-10 c:\windows\Tasks\Ad-Aware Update (Daily).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-30 20:21]

2009-02-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2009-02-11 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 20:55]

2009-01-22 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 20:55]
.
- - - - POISTETUT JÄMÄRIVIT - - - -

HKCU-Run-AdobeBridge - (no file)
HKU-Default-RunOnce-nltide3 - rundll32 advpack.dll
MSConfigStartUp-Norton Ghost 10 - c:\program files\Norton Ghost\Agent\GhostTray.exe


.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://www.ulvila.fi
mStart Page = hxxp://www.ulvila.fi
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ftq6vobq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.ulvila.fi
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll

---- FIREFOXIN KÄYTÄNNÖT ----

FF - user.js: network.http.pipelining - false
FF - user.js: browser.search.suggest.enabled - true
FF - user.js: network.http.proxy.pipelining - false
FF - user.js: network.http.pipelining - false
FF - user.js: browser.search.suggest.enabled - true
FF - user.js: network.http.proxy.pipelining - false.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-11 17:44:56
Windows 5.1.2600 Service Pack 3 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------

[HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DF4D3603-C7B4-A268-158F-FC562EE69141}*]
"hadechhpamhmehba"=hex:6f,61,6c,67,6b,64,70,65,6b,63,66,63,66,70,67,63,6e,67,
6f,62,6c,65,6e,65,6e,6f,66,6f,6a,6c,00,00
"jagepgpknkaappeolgio"=hex:64,62,70,63,6e,6f,62,67,6b,62,65,69,69,70,67,68,6d,
70,65,6b,6f,69,64,64,64,61,63,65,6a,62,6f,6d,70,64,66,62,6d,65,6a,70,00,00
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'winlogon.exe'(2000)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Valmistumisajankohta: 2009-02-11 17:46:34
ComboFix-quarantined-files.txt 2009-02-11 15:46:32

Ennen ajoa: 47 553 081 344 bytes free
Ajon jälkeen: 47,564,398,592 bytes free

287 --- E O F --- 2009-02-09 15:20:07
[ + lainaa]
juhko
Newbie
_ 		11. helmikuuta 2009 @ 20:43 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Sama ruljanssi alkoi taas eli vielä ei ole ongelma poistunut.
[ + lainaa]
Hujo
Suspended permanently
_ 		12. helmikuuta 2009 @ 00:45 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
scannaa uusi hjt:n loki

Luo poistolista:
? Avaa HiJackThis
? Klikkaa "Configure" valintaa oikealla alhaalla
? Klikkaa "Misc Tools"
? Klikkaa boxia joka sanoo "Uninstall Manager"
? Klikkaa valintaa "Save list"
? Kopioi ja liitä kyseinen lista muistiosta ketjuusi

[ + lainaa]
Voiko tietsikka koskaan toimia?
juhko
Newbie
_ 		12. helmikuuta 2009 @ 17:13 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Alla Uninstall-loki

/JK

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
7-Zip 4.42
ABITEQ
Ad-Aware
Ad-Aware
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Linguistics CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Photoshop Lightroom 2
Adobe Reader 8.1.3
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advanced WindowsCare Personal
AnyDVD
a-squared Free 3.0
AVG 8.0
BUFFALO Ethernet Converter Manager
Bullzip PDF Printer 6.0.0.695
Canon iP4300
Canon iP4300 -käyttäjän rekisteröinti
Canon PhotoRecord
Canon Setup Utility 2.3
Canon Utilities Easy-PrintToolBox
CCleaner (remove only)
CDDRV_Installer
CD-LabelPrint
CloneDVD2
CloneDVDmobile
Connect
DVD Flick
DVD Shrink 3.2
DVDAuthorGUI (remove only)
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.2.0
DynDNS Updater
Easy CD-DA Extractor 11
Easy-WebPrint
EmoDio
EmoDio
EPSON SMART PANEL for Scanner
EPSON TWAIN 5
FlashMenu
FocalPoint 1.0.2
Garmin City Navigator Europe NT 2008 Update
Garmin POI Loader
Garmin WebUpdater
Genuine Fractals 5.0
GPL Ghostscript Lite 8.61
Hardware sensors monitor 4.4
HD Tune 2.54
HDD Health v3.3 Beta
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
IKEA Home Planner
IMatch 3.6
ImgBurn
Intel(R) PRO Network Adapters and Drivers
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 11
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
KhalInstallWrapper
kuler
Lightroom
Logitech SetPoint
Magic DVD Ripper V4.3.1
MAGIX Audio Cleaning Lab 14 Trial 9.0.2.0 (US)
MAGIX Screenshare 4.3.6.1987 (US)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Baseline Security Analyzer 2.1
Microsoft Bootvis
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Expression Media 1.0 SP1
Microsoft Expression Web
Microsoft Expression Web MUI (English)
Microsoft Expression Web Service Pack 1 (SP1)
Microsoft Expression Web Service Pack 1 (SP1)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.6)
Mozilla Thunderbird (2.0.0.19)
MSVC80_x86
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
MyFreeCodec
Nero 7 Ultra Edition
Nokia Connectivity Cable Driver
Nokia Flashing Cable Driver
Nokia Map Loader
Nokia PC Suite
Nokia PC Suite
Nokia Software Updater
NVIDIA Drivers
Orbit Downloader
PC Connectivity Solution
PC Fixer
PDF Settings CS4
Photo Sorter 1.2.0.68
Photoshop Camera Raw
PoiEdit
PowerISO
PowerQuest PartitionMagic 8.0
PVRManager
QuickTime Alternative 1.81
Realtek AC'97 Audio
RegCure 1.5.1.3
SATARaid
SDP Downloader
SeaTools for Windows
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Visio 2007 (KB947590)
SpamEater Pro 4
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
SpywareBlaster 4.1
Suite Shared Configuration CS4
SUPER © Version 2008.bld.33 (Sep 2, 2008)
SUPERAntiSpyware Free Edition
SyncBack
Topfield Windows Applications
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Access 2007 Help (KB957241)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office InfoPath 2007 Help (KB957243)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Microsoft Script Editor Help (KB957253)
Update for Office 2007 (KB946691)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb959141)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
VideoLAN VLC media player 0.8.6c
ViewSonic Monitor Drivers
Windows Defender
Windows Driver Package - Nokia Modem (03/05/2008 3.7)
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
Windows Driver Package - Nokia Modem (05/22/2008 3.8)
Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Imaging Component
Windows Installer Clean Up
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinISO v5.3
WinRAR archiver
WinZip 11.1
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VueScan
Xilisoft DVD Ripper Ultimate
XviD MPEG-4 Video Codec
[ + lainaa]
Hujo
Suspended permanently
_ 		12. helmikuuta 2009 @ 17:47 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Poista lisää poista sovelutuksesta

a-squared Free 3.0
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition

=================

Nyt tuon alla olevan lainauksen sisällön Kopioit / liität Tyhjään muistioon
käynnistä nappi >apuohjelmat > muistio

Lainaus:
Folder::
c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
c:\program files\SUPERAntiSpyware
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
c:\program files\a-squared Free
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

Tallenna se nimellä CFScript.txt työpöydälle

Sitten raahaa CFScript ComboFix.exeen kuten alla.




Laita tuleva loki tänne.

Sammutat ja käynnistät koneen

[ + lainaa]
Voiko tietsikka koskaan toimia?
juhko
Newbie
_ 		12. helmikuuta 2009 @ 19:59 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Alla loki

/JK

ComboFix 09-02-12.01 - Administrator 2009-02-12 19:49:48.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1304 [GMT 2:00]
Sijainti: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Käytetyt komentorivivalitsimet :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Network Edition *On-access scanning disabled* (Updated)
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated)
FW: AVG Firewall *enabled*
* Uusi palautuspiste luotu

VAROITUS - PALAUTUSKONSOLIA EI OLE ASENNETTU !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-01-12 to 2009-02-12 )))))))))))))))))
.

2009-02-11 20:08 . 2009-02-12 17:27 1,374 --a------ c:\windows\imsins.BAK
2009-02-10 19:13 . 2009-02-10 19:13 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-02-10 19:09 . 2009-02-10 19:10 <DIR> d-------- c:\windows\ERUNT
2009-02-09 21:57 . 2009-02-09 21:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-09 21:56 . 2009-02-12 19:43 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-02-09 21:56 . 2009-02-12 19:43 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-02-03 17:53 . 2009-02-03 17:53 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-03 17:53 . 2009-02-03 17:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-03 17:53 . 2009-02-03 17:53 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-02-03 17:53 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-03 17:53 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-02 18:12 . 2009-02-02 18:12 0 --a------ c:\windows\CleaningLab.INI
2009-02-02 18:10 . 2009-02-02 18:11 <DIR> d-------- c:\program files\MAGIX
2009-02-02 18:10 . 2009-02-02 18:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\MAGIX
2009-02-02 18:09 . 2009-02-02 18:11 <DIR> d-------- c:\windows\system32\MAGIX
2009-02-02 18:09 . 2008-04-15 16:14 700,416 --a------ c:\windows\system32\mgxoschk.dll
2009-02-02 18:09 . 2009-02-02 18:11 5,937 --a------ c:\windows\mgxoschk.ini
2009-01-30 01:02 . 2009-01-30 01:02 103,488 --a------ c:\windows\system32\drivers\AnyDVD.sys
2009-01-30 00:57 . 2009-01-30 00:57 23,976 --a------ c:\windows\system32\drivers\ElbyCDIO.sys
2009-01-29 23:54 . 2009-01-29 23:54 89,256 --a------ c:\windows\system32\ElbyCDIO.dll
2009-01-29 20:21 . 2009-01-29 20:21 <DIR> d-------- c:\program files\Common Files\onOne Software Shared
2009-01-29 20:21 . 2005-08-21 15:57 227,840 --a------ c:\windows\system32\Deco_32.dll
2009-01-29 19:03 . 2009-02-12 19:13 <DIR> d-------- c:\documents and settings\Administrator\Application Data\nView_Wallpaper
2009-01-29 18:47 . 2009-01-29 18:47 0 --a------ c:\windows\msicpl.ini
2009-01-28 22:02 . 2009-01-29 20:21 <DIR> d-------- c:\program files\onOne Software
2009-01-28 22:02 . 2009-01-28 22:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\onOne Software
2009-01-28 22:02 . 2009-01-29 20:24 <DIR> d-------- c:\documents and settings\Administrator\Application Data\onOne Software
2009-01-28 22:02 . 2008-11-10 12:08 57,344 --a------ c:\windows\system32\ASTSRV.EXE
2009-01-27 21:42 . 2009-01-27 21:43 <DIR> d-------- c:\program files\Vuescan
2009-01-27 21:20 . 2009-01-28 18:44 <DIR> d-------- C:\VueScan
2009-01-25 17:21 . 2009-01-27 21:22 <DIR> d-------- c:\documents and settings\Administrator\Application Data\LimeWire
2009-01-23 16:04 . 2009-01-23 16:04 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Windows Search
2009-01-22 23:02 . 2009-01-22 23:07 <DIR> d-------- c:\program files\RegCure
2009-01-20 21:05 . 2009-01-30 20:21 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-01-20 20:21 . 2009-01-20 20:20 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-01-20 20:13 . 2009-01-20 20:13 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-18 21:24 . 2009-01-18 21:24 <DIR> d-------- c:\program files\Windows Defender
2009-01-15 19:27 . 2009-01-21 19:30 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-15 19:27 . 2009-01-15 19:27 1,409 --a------ c:\windows\QTFont.for

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-12 17:48 --------- d-----w c:\program files\SpamEater Pro 4
2009-02-12 17:43 --------- d-----w c:\program files\Orbitdownloader
2009-02-12 17:43 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-12 17:42 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-12 17:42 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-12 17:41 --------- d-----w c:\program files\Java
2009-02-12 17:38 --------- d-----w c:\program files\a-squared Free
2009-02-12 17:29 --------- d-----w c:\program files\Mozilla Thunderbird
2009-02-12 17:14 --------- d-----w c:\documents and settings\Administrator\Application Data\Orbit
2009-02-12 15:28 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-11 16:07 --------- d-----w c:\program files\MSI
2009-02-11 15:05 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-06 18:42 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-06 18:41 --------- d-----w c:\program files\SpywareBlaster
2009-01-31 10:11 --------- d-----w c:\documents and settings\Administrator\Application Data\uTorrent
2009-01-29 18:21 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-27 19:43 --------- d-----w c:\program files\Vuescan
2009-01-20 18:12 --------- d-----w c:\program files\Lavasoft
2009-01-18 17:48 --------- d-----w c:\program files\CCleaner
2009-01-15 15:07 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8
2009-01-15 15:06 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-15 15:06 12,552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-01-15 15:06 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-15 15:06 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2009-01-09 15:39 --------- d-----w c:\program files\MRecord
2009-01-07 17:22 --------- d-----w c:\program files\BUFFALO
2009-01-07 15:21 --------- d-----w c:\program files\MMTaskbar
2009-01-07 15:18 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2009-01-05 15:42 --------- d-----w c:\program files\DynDNS Updater
2009-01-05 15:42 --------- d-----w c:\documents and settings\All Users\Application Data\DynDNS
2008-12-30 19:17 --------- d-----w c:\program files\kjaerulff1
2008-12-30 18:50 --------- d-----w c:\program files\Kjaeruff1
2008-12-26 16:04 --------- d-----w c:\documents and settings\Administrator\Application Data\SlySoft
2008-12-26 15:25 --------- d-----w c:\program files\PowerISO
2008-12-26 14:31 --------- d-----w c:\program files\DVDFab 5
2008-12-26 14:30 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-12-26 14:30 47,360 ----a-w c:\documents and settings\Administrator\Application Data\pcouffin.sys
2008-12-26 14:30 --------- d-----w c:\documents and settings\Administrator\Application Data\Vso
2008-12-26 14:05 --------- d-----w c:\program files\ImgBurn
2008-12-23 14:19 --------- d-----w c:\program files\Common Files\Adobe
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-18 20:24 --------- d-----w c:\documents and settings\Administrator\Application Data\Digital Support
2008-12-18 20:23 --------- d-----w c:\program files\Digital Support
2008-12-18 19:09 --------- d-----w c:\documents and settings\Administrator\Application Data\Uniblue
2008-12-14 14:02 410,984 ----a-w c:\windows\system32\deploytk.dll
2007-11-27 18:15 2,148,360 ----a-w c:\documents and settings\Administrator\TRACE_HIBERNATE_1_1.BIN
2005-09-09 16:55 7,155,864 ----a-w c:\program files\NGhost10.msi
2005-09-09 16:55 37,766,164 ----a-w c:\program files\Data1.cab
2005-09-09 16:55 35 ----a-w c:\program files\SCSSDist.ini
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 12:30 216,064 --sh--r c:\windows\system32\nbDX.dll
2008-08-27 17:14 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082720080828\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-02-11_17.45.17,37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-16 20:38:34 124,928 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll
+ 2008-10-16 20:38:34 347,136 -c----w c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll
+ 2008-10-16 20:38:34 214,528 -c----w c:\windows\ie7updates\KB961260-IE7\dxtrans.dll
+ 2008-10-16 20:38:35 133,120 -c----w c:\windows\ie7updates\KB961260-IE7\extmgr.dll
+ 2008-10-16 20:38:35 63,488 -c----w c:\windows\ie7updates\KB961260-IE7\icardie.dll
+ 2008-10-16 13:11:09 70,656 -c----w c:\windows\ie7updates\KB961260-IE7\ie4uinit.exe
+ 2008-10-16 20:38:35 153,088 -c----w c:\windows\ie7updates\KB961260-IE7\ieakeng.dll
+ 2008-10-16 20:38:35 230,400 -c----w c:\windows\ie7updates\KB961260-IE7\ieaksie.dll
+ 2008-10-15 07:04:53 161,792 -c----w c:\windows\ie7updates\KB961260-IE7\ieakui.dll
+ 2008-10-16 20:38:35 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll
+ 2008-10-16 20:38:35 384,512 -c----w c:\windows\ie7updates\KB961260-IE7\iedkcs32.dll
+ 2008-10-16 20:38:37 6,066,176 -c----w c:\windows\ie7updates\KB961260-IE7\ieframe.dll
+ 2008-10-16 20:38:37 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\iernonce.dll
+ 2008-10-16 20:38:37 267,776 -c----w c:\windows\ie7updates\KB961260-IE7\iertutil.dll
+ 2008-10-16 13:11:09 13,824 -c----w c:\windows\ie7updates\KB961260-IE7\ieudinit.exe
+ 2008-10-15 07:06:26 633,632 -c----w c:\windows\ie7updates\KB961260-IE7\iexplore.exe
+ 2008-10-16 20:38:37 27,648 -c----w c:\windows\ie7updates\KB961260-IE7\jsproxy.dll
+ 2008-10-16 20:38:37 459,264 -c----w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll
+ 2008-10-16 20:38:37 52,224 -c----w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll
+ 2008-12-13 06:40:02 3,593,216 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll
+ 2008-10-16 20:38:38 477,696 -c----w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll
+ 2008-10-16 20:38:38 193,024 -c----w c:\windows\ie7updates\KB961260-IE7\msrating.dll
+ 2008-10-16 20:38:39 671,232 -c----w c:\windows\ie7updates\KB961260-IE7\mstime.dll
+ 2008-10-16 20:38:39 102,912 -c----w c:\windows\ie7updates\KB961260-IE7\occache.dll
+ 2008-10-16 20:38:39 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\updspapi.dll
+ 2008-10-16 20:38:39 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll
+ 2008-10-16 20:38:39 1,160,192 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll
+ 2008-10-16 20:38:39 233,472 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll
+ 2008-10-16 20:38:40 826,368 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll
- 2009-01-15 15:19:19 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-02-12 15:28:24 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2009-01-15 15:19:21 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-02-12 15:28:26 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-01-15 15:19:20 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-02-12 15:28:25 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2009-01-15 15:19:20 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-02-12 15:28:25 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-01-15 15:19:21 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-02-12 15:28:26 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-01-15 15:19:21 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-02-12 15:28:26 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-01-15 15:19:21 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-02-12 15:28:26 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-01-15 15:19:20 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-02-12 15:28:26 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-01-15 15:19:20 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-02-12 15:28:26 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-01-15 15:19:21 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-02-12 15:28:26 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-01-15 15:19:21 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-02-12 15:28:26 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-01-15 15:19:20 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-02-12 15:28:25 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-10-16 20:38:34 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-12-20 23:15:11 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2009-02-12 17:12:57 16,384 ----atw c:\windows\system32\config\systemprofile\Local Settings\Temp\Perflib_Perfdata_3c0.dat
- 2008-10-16 20:38:34 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll
+ 2008-12-20 23:15:11 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll
- 2008-10-16 20:38:34 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-12-20 23:15:12 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-10-16 20:38:34 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-12-20 23:15:13 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
- 2008-10-16 20:38:35 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-12-20 23:15:13 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll
- 2008-10-16 20:38:35 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
+ 2008-12-20 23:15:13 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
- 2008-10-16 13:11:09 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-12-19 09:10:15 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-10-16 20:38:35 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-12-20 23:15:14 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
- 2008-10-16 20:38:35 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-12-20 23:15:14 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
- 2008-10-15 07:04:53 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
+ 2008-12-19 05:23:56 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
- 2008-10-16 20:38:35 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-12-20 23:15:15 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-10-16 20:38:35 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-12-20 23:15:16 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-16 20:38:37 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
+ 2008-12-20 23:15:21 6,066,688 -c----w c:\windows\system32\dllcache\ieframe.dll
- 2008-10-16 20:38:37 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
+ 2008-12-20 23:15:21 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
- 2008-10-16 20:38:37 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
+ 2008-12-20 23:15:22 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
- 2008-10-16 13:11:09 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-12-19 09:10:15 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
- 2008-10-15 07:06:26 633,632 -c--a-w c:\windows\system32\dllcache\iexplore.exe
+ 2008-12-19 05:25:25 634,024 -c--a-w c:\windows\system32\dllcache\iexplore.exe
- 2008-10-16 20:38:37 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-12-20 23:15:23 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
- 2008-10-16 20:38:37 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-12-20 23:15:23 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
- 2008-10-16 20:38:37 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-12-20 23:15:24 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-12-13 06:40:02 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll
+ 2009-01-16 19:35:14 3,594,752 -c--a-w c:\windows\system32\dllcache\mshtml.dll
- 2008-10-16 20:38:38 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-12-20 23:15:30 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
- 2008-10-16 20:38:38 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-12-20 23:15:31 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll
- 2008-10-16 20:38:39 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-12-20 23:15:32 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
- 2008-10-16 20:38:39 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll
+ 2008-12-20 23:15:38 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll
- 2008-10-16 20:38:39 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-12-20 23:15:38 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
- 2008-10-16 20:38:39 105,984 -c--a-w c:\windows\system32\dllcache\url.dll
+ 2008-12-20 23:15:39 105,984 -c--a-w c:\windows\system32\dllcache\url.dll
- 2008-10-16 20:38:39 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-12-20 23:15:40 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll
- 2008-10-16 20:38:39 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll
+ 2008-12-20 23:15:40 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll
- 2008-10-16 20:38:40 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-12-20 23:15:41 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll
- 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-12-20 23:15:12 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-12-20 23:15:13 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2008-10-16 20:38:35 133,120 ----a-w c:\windows\system32\extmgr.dll
+ 2008-12-20 23:15:13 133,120 ----a-w c:\windows\system32\extmgr.dll
- 2008-10-16 20:38:35 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-12-20 23:15:13 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-10-16 13:11:09 70,656 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-12-19 09:10:15 70,656 ----a-w c:\windows\system32\ie4uinit.exe
- 2008-10-16 20:38:35 153,088 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-12-20 23:15:14 153,088 ----a-w c:\windows\system32\ieakeng.dll
- 2008-10-16 20:38:35 230,400 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-12-20 23:15:14 230,400 ----a-w c:\windows\system32\ieaksie.dll
- 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\ieakui.dll
+ 2008-12-19 05:23:56 161,792 ----a-w c:\windows\system32\ieakui.dll
- 2008-10-16 20:38:35 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-12-20 23:15:15 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-10-16 20:38:35 384,512 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-12-20 23:15:16 384,512 ----a-w c:\windows\system32\iedkcs32.dll
- 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-12-20 23:15:21 6,066,688 ----a-w c:\windows\system32\ieframe.dll
- 2008-10-16 20:38:37 44,544 ----a-w c:\windows\system32\iernonce.dll
+ 2008-12-20 23:15:21 44,544 ----a-w c:\windows\system32\iernonce.dll
- 2008-10-16 20:38:37 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-12-20 23:15:22 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-12-19 09:10:15 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2008-10-16 20:38:37 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-12-20 23:15:23 27,648 ----a-w c:\windows\system32\jsproxy.dll
- 2008-10-16 20:38:37 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-12-20 23:15:23 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-10-16 20:38:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-12-20 23:15:24 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2009-01-16 19:35:14 3,594,752 ----a-w c:\windows\system32\mshtml.dll
- 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-12-20 23:15:30 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2008-10-16 20:38:38 193,024 ----a-w c:\windows\system32\msrating.dll
+ 2008-12-20 23:15:31 193,024 ----a-w c:\windows\system32\msrating.dll
- 2008-10-16 20:38:39 671,232 ----a-w c:\windows\system32\mstime.dll
+ 2008-12-20 23:15:32 671,232 ----a-w c:\windows\system32\mstime.dll
- 2008-10-16 20:38:39 102,912 ----a-w c:\windows\system32\occache.dll
+ 2008-12-20 23:15:38 102,912 ----a-w c:\windows\system32\occache.dll
- 2008-10-26 08:40:02 78,304 ----a-w c:\windows\system32\perfc009.dat
+ 2009-02-11 18:09:01 71,250 ----a-w c:\windows\system32\perfc009.dat
- 2008-10-26 08:40:02 462,228 ----a-w c:\windows\system32\perfh009.dat
+ 2009-02-11 18:09:01 441,184 ----a-w c:\windows\system32\perfh009.dat
- 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-12-20 23:15:38 44,544 ----a-w c:\windows\system32\pngfilt.dll
- 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-07-09 07:38:24 17,272 ------w c:\windows\system32\spmsg.dll
- 2008-10-16 20:38:39 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-12-20 23:15:39 105,984 ----a-w c:\windows\system32\url.dll
- 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\urlmon.dll
+ 2008-12-20 23:15:40 1,160,192 ----a-w c:\windows\system32\urlmon.dll
- 2008-10-16 20:38:39 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-12-20 23:15:40 233,472 ----a-w c:\windows\system32\webcheck.dll
.
-- Snapshot nollattu tähän hetkeen --
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-29 509784]
"SMSTray"="c:\program files\Samsung\EmoDio\SMSTray.exe" [2008-09-17 484880]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600]
"nwiz"="nwiz.exe" [2007-06-28 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
DynDNS Updater.lnk - c:\program files\DynDNS Updater\DynUpPs.exe [2008-06-23 94208]
EPSON SMART PANEL for Scanner.lnk - c:\program files\EPSON\EPSON SMART PANEL for Scanner\espmain.exe [2007-11-19 180224]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-11-20 692224]
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2008-10-05 1711304]
SATARaid.lnk - c:\program files\Silicon Image\SiISATARaid\SATARaid.exe [2007-11-18 1019961]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "c:\progra~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-15 17:06 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2009-01-30 18:02 2542528 c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2005-09-25 19:11 94208 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
--a------ 2004-01-14 03:10 409600 c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2005-09-25 19:11 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-11-02 10:38 167936 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2007-04-11 15:32 56080 c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-06-28 18:43 1626112 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"a2free"=2 (0x2)
"Bonjour Service"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Expression\\Media 1.0\\Media.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Kjaeruff1\\PVRManager\\PVRManager.exe"=
"c:\\Program Files\\kjaerulff1\\PVRManager\\PVRManager.exe"=
"c:\\Program Files\\kjaerulff1\\PVRManager\\MFServer.exe"=
"c:\\Program Files\\BUFFALO\\AirStation\\ecset\\ecset.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-07-15 12552]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-20 64160]
R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2006-12-26 97408]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [2006-12-26 10240]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-07-15 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-07-15 107272]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-15 903960]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-15 298264]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-01-15 1339600]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2008-07-15 29208]
S3 AC2003;AC2003;c:\windows\system32\drivers\AC2003.sys [2007-11-18 4224]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2008-07-15 29208]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-06-19 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-06-19 8320]
S3 TFBULK;Topfield USB client driver;c:\windows\system32\drivers\TfBulk.sys [2003-08-26 41996]
.
'Ajoitetut tehtävät'-kansion sisältö

2009-02-11 c:\windows\Tasks\Ad-Aware Update (Daily).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-30 20:21]

2009-02-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2009-02-12 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 20:55]

2009-01-22 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 20:55]
.
- - - - POISTETUT JÄMÄRIVIT - - - -

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_05\bin\jusched.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe


.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://www.ulvila.fi
mStart Page = hxxp://www.ulvila.fi
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ftq6vobq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.ulvila.fi
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll

---- FIREFOXIN KÄYTÄNNÖT ----

FF - user.js: network.http.pipelining - false
FF - user.js: browser.search.suggest.enabled - true
FF - user.js: network.http.proxy.pipelining - false
FF - user.js: network.http.pipelining - false
FF - user.js: browser.search.suggest.enabled - true
FF - user.js: network.http.proxy.pipelining - false.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-12 19:52:02
Windows 5.1.2600 Service Pack 3 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------

[HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DF4D3603-C7B4-A268-158F-FC562EE69141}*]
"hadechhpamhmehba"=hex:6f,61,6c,67,6b,64,70,65,6b,63,66,63,66,70,67,63,6e,67,
6f,62,6c,65,6e,65,6e,6f,66,6f,6a,6c,00,00
"jagepgpknkaappeolgio"=hex:64,62,70,63,6e,6f,62,67,6b,62,65,69,69,70,67,68,6d,
70,65,6b,6f,69,64,64,64,61,63,65,6a,62,6f,6d,70,64,66,62,6d,65,6a,70,00,00
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'winlogon.exe'(184)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Valmistumisajankohta: 2009-02-12 19:53:44
ComboFix-quarantined-files.txt 2009-02-12 17:53:42
ComboFix2.txt 2009-02-11 15:46:35

Ennen ajoa: 47 522 033 664 bytes free
Ajon jälkeen: 47,507,849,216 bytes free

454 --- E O F --- 2009-02-12 15:28:29
[ + lainaa]
Hujo
Suspended permanently
_ 		12. helmikuuta 2009 @ 20:15 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Nyt tuon alla olevan lainauksen sisällön Kopioit / liität Tyhjään muistioon
käynnistä nappi >apuohjelmat > muistio

Lainaus:
Folder::
c:\program files\SUPERAntiSpyware
c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
c:\program files\Spybot - Search & Destroy
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
c:\program files\a-squared Free
c:\program files\Common Files\Symantec Shared

Tallenna se nimellä CFScript.txt työpöydälle

Sitten raahaa CFScript ComboFix.exeen kuten alla.




combofix työstää tulee sininen taulu paina numeroa 1 ja enter

Laita tuleva loki tänne.

Sammutat ja käynnistät koneen

=================

Lataa JavaRa ja pura se työpöydällesi.

***Sulje kaikki päällä olevat Internet Explorerin ikkunat ennen jatkamista!***

* Tuplaklikkaa JavaRa.exeä käynnistääksesi ohjelma.
* Valitse English pudotusvalikosta valitaksesi kieleksi englannin ja klikkaa Select.
* Klikkaa Remove Older Versions poistaaksesi vanhat Java-versiot koneeltasi.
* Klikkaa Yes kun pyydetään. Kun JavaRa on valmis, se ilmoittaa, että lokitiedosto on luotu. Klikkaa OK.
* Lokitiedosto avautuu. Lähetä sen sisältö seuraavassa viestissäsi.
4. Asenna uusin Java päivitys seuraavasta linkistä..

Lataa täältä uusi java

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6 Update 12
Paina Download
Laita Platform -kohtaan Windows
Ruksaa I agree to the Java SE Runtime Environment 6 License Agreement ja paina Continue
Paina Windows Offline Installationin alapuolella jre-6u4-windows-i586-p.exe

Tallenna tiedosto vaikka työpöydälle ja asenna se.

5. Käynnistä kone uudelleen asennuksen jälkeen.
6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).
7. General-välilehdellä klikkaa Settings. Vedä liukusäädintä (Disk Space) pienemmälle.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Klikkaa Delete Files -nappia. Varmista että kaikki kaksi valintaa ovat rastitettuja:
* Applications and Applets
* Trace and Log Files

Ja paina OK -nappia
Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA.

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.
10. Välilehti Update: ota ruksi pois kohdasta Check for Updates automatically
Valitse Never check
11. Klikkaa Apply ja OK jättääksesi Java asetusikkunasi.

[ + lainaa]
Voiko tietsikka koskaan toimia?

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 12. helmikuuta 2009 @ 20:18
juhko
Newbie
_ 		12. helmikuuta 2009 @ 20:30 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Javapoisto-loki

JavaRa 1.13 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Thu Feb 12 20:29:06 2009

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\JavaPlugin.150_06

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

------------------------------------

Finished reporting.
[ + lainaa]
Hujo
Suspended permanently
_ 		12. helmikuuta 2009 @ 20:33 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Mikäs on sen koneen toiminta
[ + lainaa]
Voiko tietsikka koskaan toimia?
juhko
Newbie
_ 		12. helmikuuta 2009 @ 21:06 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Näyttäisi pysyvän irti scrollauksesta.

Kiitoksia neuvoista

/JK
[ + lainaa]
Mainos
_ 		__
 
_
Hujo
Suspended permanently
_ 		12. helmikuuta 2009 @ 21:46 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
kirjoita suorita luukkuun

ComboFix /u

klikkaa ok
[ + lainaa]
Voiko tietsikka koskaan toimia?
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > firefox sekoaa
 

Apua ongelmiin: AfterDawnin keskustelualueet | AfterDawnin Vastaukset
Uutiset: IT-alan uutiset | Uutisia puhelimista
Musiikkia: MP3Lizard.com
Tuotearviot: Laitevertailu | Vertaa puhelimia | Vertaa kännykkäliittymiä
Pelit: Pelitiedostot, pelidemot ja trailerit
Ohjelmat: download.fi | AfterDawnin ohjelma-alueet
International: AfterDawn in English | Software downloads | Free, legal MP3s | AfterDawn på svenska
RSS -syötteet: AfterDawnin uutiset | Uusimmat ohjelmapäivitykset | Keskustelualueiden viestit
Tietoja: Tietoa AfterDawn Oy:stä | Mainosta sivuillamme | Sivuston käyttöehdot ja tietoja yksityisyydensuojasta
Ota yhteyttä: Lähetä palautetta | Ota yhteyttä mainosmyyntiimme
 
  © 1999-2025 AfterDawn Oy