Sain koneelle jotain örkkejä, näyttöön tuli kirjautumisvaiheessa sininen ruutu missä teksti "warning your computer.." yms. ajoin seuraavat ohjelmat: Antimalware, sdfix, smitfraud sekä combofix ohjelmat. Netti ei toiminut kun jokin esti sen mutta nyt toimii Ok. Antimalware poisti useita viruksia. Nyt kuitenkin on ongelmana näyttö. Sisäänkirjautumisessa on edelleen sininen tausta(liian kirkas sininen) eikä näytön ajurien asennus onnistu, tai asentaa Nvidian ajurit mutta asetuksissa on MSI valikot, vieläkö jotain kummittelee taustalla. Ps. Antimalware ei löytänyt mitään uudelleentarkistuksessa.
Lähetä noiden käyttämiesi ohjelmien lokit tähän viesti ketjuun. Combofixin loki löytyy C:/Combofix.txt SDfix loki löytyy SDfix kansiosta nimeltä Report.txt Smitfraudin loki löytyy C:\rapport.txt Antimalwaren loki löytyy kun avaat ohjelman ja menet Lokit kohtaan ja etsi se loki missä se löysi niitä mörkkejä.
Tässä lokeja: ComboFix 08-08-21.02 - juki 2008-08-24 10:12:35.1 - NTFSx86 MINIMAL Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.743 [GMT 3:00] Running from: K:\ComboFix.exe . (((((((((((((((((((((((((((((((((((((( Muut poistot )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Omistaja\Cookies\omistaja@metrics.adobe[2].txt C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\Help\chscxdyv.fy C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\nvrsul32.dll D:\Autorun.inf E:\Autorun.inf F:\Autorun.inf H:\Autorun.inf I:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TDSSSERV -------\Service_tdssserv ((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-07-24 to 2008-08-24 ))))))))))))))))) . 2008-08-24 09:34 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-08-24 09:28 . 2008-05-03 05:46 182,347 --a------ C:\WINDOWS\system32\nvapps.nvb 2008-08-24 08:30 . 2008-08-24 08:30 268 --ah----- C:\sqmdata04.sqm 2008-08-24 08:30 . 2008-08-24 08:30 244 --ah----- C:\sqmnoopt04.sqm 2008-08-23 16:48 . 2008-08-23 16:48 268 --ah----- C:\sqmdata03.sqm 2008-08-23 16:48 . 2008-08-23 16:48 244 --ah----- C:\sqmnoopt03.sqm 2008-08-23 16:39 . 2008-08-23 16:39 268 --ah----- C:\sqmdata02.sqm 2008-08-23 16:39 . 2008-08-23 16:39 244 --ah----- C:\sqmnoopt02.sqm 2008-08-23 16:13 . 2008-08-24 09:21 <KANSIO> d-------- C:\Program Files\SpyNoMore 2008-08-23 16:13 . 2008-08-23 16:13 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-23 16:13 . 2008-08-23 16:13 <KANSIO> d-------- C:\Program Files\Common Files\Download Manager 2008-08-23 16:13 . 2008-08-23 16:13 <KANSIO> d-------- C:\Documents and Settings\juki\Application Data\Malwarebytes 2008-08-23 16:13 . 2008-08-23 16:13 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes 2008-08-23 16:13 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-23 16:13 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-23 16:13 . 2008-08-23 16:13 1,152 --a------ C:\WINDOWS\system32\windrv.sys 2008-08-23 15:12 . 2008-08-24 08:53 14,336 --a------ C:\WINDOWS\system32\OLD3.tmp 2008-08-23 14:20 . 2008-08-23 14:20 268 --ah----- C:\sqmdata01.sqm 2008-08-23 14:20 . 2008-08-23 14:20 244 --ah----- C:\sqmnoopt01.sqm 2008-08-23 13:16 . 2008-08-23 15:36 16,896 --a------ C:\WINDOWS\system32\OLD6.tmp 2008-08-22 17:54 . 2008-08-23 15:53 <KANSIO> d-------- C:\SDFix 2008-08-22 16:51 . 2008-08-22 16:51 163,353 --a------ C:\WINDOWS\system32\nvapps.xml 2008-08-22 16:47 . 2008-08-22 16:47 268 --ah----- C:\sqmdata00.sqm 2008-08-22 16:47 . 2008-08-22 16:47 244 --ah----- C:\sqmnoopt00.sqm 2008-08-22 15:17 . 2008-08-24 10:08 5,504 --a------ C:\WINDOWS\system32\tmp.reg 2008-08-22 15:13 . 2008-08-24 10:10 <KANSIO> d-------- C:\SmitfraudFix 2008-08-22 15:01 . 2008-08-22 15:01 <KANSIO> d-------- C:\WINDOWS\erunt 2008-08-22 14:06 . 2008-08-22 14:06 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet 2008-08-22 14:00 . 2008-08-22 14:00 <KANSIO> d-------- C:\Program Files\Bonjour 2008-08-22 13:45 . 2008-08-22 13:45 579,072 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll 2008-08-22 13:45 . 2008-08-22 13:46 334,825 --a------ C:\khadjb.exe 2008-08-22 13:45 . 2008-08-22 13:45 129,024 --a------ C:\oitkxr.exe 2008-08-22 13:45 . 2008-08-22 13:45 98,816 --a------ C:\WINDOWS\system32\das.an 2008-08-22 13:45 . 2008-08-22 13:45 64,000 --a------ C:\WINDOWS\system32\svgm.ck 2008-08-22 13:45 . 2008-08-22 13:45 21,504 --a------ C:\WINDOWS\system32\fmdc.rl 2008-08-13 20:47 . 2008-08-13 20:47 <KANSIO> d-------- C:\Documents and Settings\juki\Application Data\Grisoft 2008-08-13 20:47 . 2007-05-30 15:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-08-13 19:28 . 2008-05-01 17:35 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-13 19:27 . 2008-04-11 22:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-10 10:04 . 2008-08-23 17:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-08-10 10:04 . 2008-08-10 10:04 1,409 --a------ C:\WINDOWS\QTFont.for 2008-08-05 20:05 . 2005-05-14 14:56 176,128 --a------ C:\WINDOWS\system32\nvuide.exe 2008-08-03 17:10 . 2008-08-22 16:16 16 --a------ C:\WINDOWS\system32\coh.cache 2008-08-03 16:06 . 2008-08-03 16:08 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-08-03 16:06 . 2008-08-03 16:08 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2008-08-03 16:06 . 2008-08-03 16:08 8,014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-08-03 16:06 . 2008-08-03 16:08 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-24 06:34 --------- d-----w C:\Program Files\Java 2008-08-24 06:31 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-08-24 06:30 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec 2008-08-22 11:00 --------- d-----w C:\Program Files\Common Files\Adobe 2008-08-22 10:46 --------- d-----w C:\Program Files\Common Files\Macrovision Shared 2008-08-22 10:45 --------- d-----w C:\Program Files\Opera 2008-08-21 10:29 --------- d-----w C:\Program Files\RevConnect 2008-08-19 08:49 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\InterVideo 2008-08-19 08:41 --------- d-----w C:\Program Files\Ulead Systems 2008-08-19 08:37 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-14 19:44 --------- d-----w C:\Program Files\Passware 2008-08-04 20:12 --------- d-----w C:\Program Files\NoAdware5.0 2008-08-03 13:45 --------- d-----w C:\Program Files\WinAce 2008-08-03 13:08 --------- d-----w C:\Program Files\Symantec 2008-08-03 13:07 --------- d-----w C:\Program Files\Norton 360 2008-07-21 19:32 --------- d-----w C:\Program Files\NoteWorthy Composer 2008-07-18 15:16 --------- d-----w C:\Program Files\Nokia 2008-07-18 15:16 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Installations 2008-07-18 15:14 --------- d-----w C:\Program Files\Common Files\Nokia 2008-07-03 10:13 --------- d-----w C:\Program Files\Briggs and Stratton 2008-06-30 19:24 --------- d-----w C:\Program Files\ElcomSoft 2008-06-30 19:16 --------- d-----w C:\Program Files\Visual Zip Password Recovery Processor 2008-06-25 18:29 --------- d-----w C:\Program Files\Diagnose-BK 2008-06-25 17:53 --------- d-----w C:\Program Files\elsawin 2008-06-24 12:00 --------- d-----w C:\Documents and Settings\juki\Application Data\GARMIN 2008-06-01 20:37 852,225,588 ----a-w C:\Ulead.DVD.MovieFactory.v6.0.Plus.with.keys.zip 2006-12-15 15:32 5,120 --sha-w C:\Program Files\Thumbs.db 2006-05-30 10:25 8,795,990 ----a-w C:\Program Files\Ocad8Nimetön.bmp 2005-03-20 19:24 88 ----a-w C:\Documents and Settings\Omistaja\PATCHINFO.BIN 2003-11-24 13:33 12,810 ----a-w C:\Program Files\uninstal.log 2001-10-09 11:00 520,192 ----a-w C:\Program Files\wmplayer.exe 2000-07-28 08:51 8,103 ----a-w C:\Program Files\MD-82_EFHK_LFPG.pln 1998-02-10 15:34 128,000 ----a-w C:\Program Files\UNWISE.EXE 2006-03-10 13:52 90 --sh--w C:\WINDOWS\cnerolf.dat 2006-03-31 18:28 8 --sha-r C:\WINDOWS\system32\14E971F081.sys 2006-05-21 14:11 56 --sh--r C:\WINDOWS\system32\E1517534C7.sys 2008-03-28 16:56 23 --sha-w C:\WINDOWS\system32\febaafb_z.dll 2008-05-15 19:58 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\MSHist012008051520080516\index.dat . Infected C:\WINDOWS\system32\user32.dll hex repaired (((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . *Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„ REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:12 15360] "Data Secure"="C:\APPS\DataSecure\PBBckupUI.exe" [2005-04-26 12:51 2257408] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352] "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 11:42 202088] "AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-03-27 17:16 1743808] "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-03-28 11:20 1079296] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 04:23 443968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57 282624] "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 03:36 81920] "ALi5289"="C:\Program Files\ULI5289\ALi5289.exe" [2005-03-10 15:56 405504] "NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 01:12 2658304] "Elisa Avustaja"="C:\Program Files\Elisa\Avustaja\Elisa.exe" [2007-10-22 16:15 189768] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 15:21 2213160] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2008-04-09 19:40 87336] "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2008-02-22 11:19 62760] "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 22:21 57344] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048] "Ulead Quick-Drop"="C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 5 Plus\Ulead DVD MovieFactory 5\Quick-Drop.exe" [2006-07-20 03:04 118784] "SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 18:06 45056] "CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 09:18 49152] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-08-14 22:23 6731312] "UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-07-23 13:55 341232] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46 13529088] "SNM"="C:\Program Files\SpyNoMore\SNM.exe" [2008-08-23 16:14 1064400] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 05:46 86016] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE] "CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE] "nwiz"="nwiz.exe" [2008-05-03 05:46 1630208 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 19:12 15360] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 19:29 39264] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.MJPG"= Pvmjpg30.dll "VIDC.PIM1"= pclepim1.dll "VIDC.MJPX"= PICVideo MJPEG Codec "msacm.ac3filter"= ac3filter.acm "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm "msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm "msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm "vidc.uldx"= C:\PROGRA~1\ULEADS~1\ULEADD~3\ULEADD~1\DivX_UL.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\dpnsvr.exe"= "C:\\Program Files\\Elisa\\Avustaja\\Elisa.exe"= "C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= R0 JAHCI;JAHCI;C:\WINDOWS\system32\DRIVERS\JAHCI.sys [2005-05-12 16:12] R0 m5289;m5289;C:\WINDOWS\system32\DRIVERS\m5289.sys [2005-07-04 15:21] R0 Pnp680;SiI 680 ATA Controller;C:\WINDOWS\system32\DRIVERS\pnp680.sys [2007-11-13 23:48] R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2005-05-03 18:31] R1 TSKNF602.SYS;TSKNF602.SYS;C:\WINDOWS\system32\Drivers\TSKNF602.SYS [2006-01-07 22:41] R1 TSKNF700.SYS;TSKNF700.SYS;C:\WINDOWS\system32\Drivers\TSKNF700.SYS [2006-10-24 16:29] R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2008-05-07 16:51] R2 LcSvrAdm;ELSA Administration Service;d:\elsa\bin\LcSvrAdm.exe [2004-02-17 10:52] R2 LcSvrDba;ELSA DBA Server;d:\elsa\bin\LcSvrDba.exe [2004-02-17 10:35] R2 LcSvrHis;ELSA Historie Server;d:\elsa\bin\LcSvrHis.exe [2004-02-17 10:48] R2 LcSvrKds;ELSA KD-Nummern Server;d:\elsa\bin\LcSvrKdS.exe [2004-02-17 10:35] R2 LcSvrPAS;ELSA PASS Server;d:\elsa\bin\LcSvrPas.exe [2004-02-17 10:36] R3 ctgame;Game Port;C:\WINDOWS\system32\DRIVERS\ctgame.sys [2002-12-30 10:53] R3 LcSvrAuf;ELSA Auftragsverwaltungs Service;d:\elsa\bin\LcSvrAuf.exe [2004-02-17 10:42] R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 21:36] S1 28cce2b;28cce2b;C:\WINDOWS\system32\drivers\28cce2b.sys [] S2 Automattinen LiveUpdate-ajastustoiminto;Automattinen LiveUpdate-ajastustoiminto;C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-08-31 12:49] S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-03 00:10] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3065c6f6-be83-11db-8ae0-00138f4e7632}] \Shell\AutoRun\command - E:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{363b26af-0afb-11dc-8b40-00138f4e7632}] \Shell\AutoRun\command - E:\InstallTomTomHOME.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e07f05f-3aef-11dd-852b-00138f4e7632}] \Shell\AutoRun\command - Navicore.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e07f061-3aef-11dd-852b-00138f4e7632}] \Shell\AutoRun\command - Navicore.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e07f066-3aef-11dd-852b-00138f4e7632}] \Shell\AutoRun\command - Navicore.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e07f068-3aef-11dd-852b-00138f4e7632}] \Shell\AutoRun\command - Navicore.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad08b64e-0af8-11dc-8b3f-00138f4e7632}] \Shell\AutoRun\command - K:\InstallTomTomHOME.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e17d5c65-a32c-11dc-aea4-00138f4e7632}] \Shell\AutoRun\command - InstallTomTomHOME.exe *Newly Created Service* - COMHOST . - - - - ORPHANS REMOVED - - - - HKCU-Run-NVIDIA nTune - C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe HKCU-Run-nmapi32.exe - C:\WINDOWS\system32\system.exe HKCU-Run-RemoteCenter - (no file) HKLM-RunOnce-SymLnch - C:\Documents and Settings\juki\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070903\Support\SymLnch\SymLnch.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\juki\Application Data\Mozilla\Firefox\Profiles\sjknrume.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://elisa.net/|http://www.google.fi/firefox?client=firefox-a&rls=org.mozilla:fifficial|http://www.google.fi/firefox?client=firefox-a&rls=org.mozilla:fifficial . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-24 10:27:35 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\system32\OLD6.tmp:exe.exe 25088 bytes executable scan completed successfully hidden files: 1 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet008\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}] "ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl" . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\WINDOWS\system32\CTSVCCDA.EXE C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe D:\elsa\bin\VSGate.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\WINDOWS\system32\rundll32.exe C:\saab\Toolbar\EPSIBar.exe C:\WINDOWS\system32\GRVSA.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe . ************************************************************************** . Completion time: 2008-08-24 10:58:46 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-24 07:58:33 Pre-Run: 61,784,555,520 tavua vapaana Post-Run: 61,179,547,648 tavua vapaana 287 --- E O F --- 2008-08-13 16:44:16 SDFix: Version 1.218 Run by juki on la 23.08.2008 at 14:34 Microsoft Windows XP [versio 5.1.2600] Running From: C:\SDFix Checking Services : Infected user32.dll Found! user32.dll File Locations: "C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll" 577536 02.03.2005 21:20 "C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll" 578560 08.03.2007 18:50 "C:\WINDOWS\$NtServicePackUninstall$\user32.dll" 578048 08.03.2007 18:38 "C:\WINDOWS\$NtUninstallKB890859$\user32.dll" 577536 14.09.2004 17:12 "C:\WINDOWS\$NtUninstallKB925902$\user32.dll" 577536 02.03.2005 21:18 "C:\WINDOWS\ServicePackFiles\i386\user32.dll" 579072 14.04.2008 19:11 "C:\WINDOWS\system32\user32.DLL" 579072 22.08.2008 13:45 "C:\WINDOWS\system32\dllcache\user32.dll" 579072 22.08.2008 13:45 [C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll] 409647243875A2F91BAE81CBEF248CB6 [C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll] 90F1D04938BAE133E2F4D8F7F0FA4FA0 [C:\WINDOWS\$NtServicePackUninstall$\user32.dll] C198EAC972598BE7E61364F7DB3B663D [C:\WINDOWS\$NtUninstallKB890859$\user32.dll] 44C02BC54D56ED3A685302E91396720A [C:\WINDOWS\$NtUninstallKB925902$\user32.dll] AEEFA9D983C986E7A8D6D80CA165B93F [C:\WINDOWS\ServicePackFiles\i386\user32.dll] 9D0A78E87972B880C254241262108232 [C:\WINDOWS\system32\user32.DLL] 180246B7F42E8E954B76CA9DEFB582CD [C:\WINDOWS\system32\dllcache\user32.dll] 180246B7F42E8E954B76CA9DEFB582CD [C:\WINDOWS\System32\zngpzcv] 9D0A78E87972B880C254241262108232 Note: SDFix does not repair this file! Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-23 15:34:24 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:36,cf,b9,b0,34,3c,2f,fe,31,f9,54,d1,b6,ee,6d,f3,1a,11,16,04,43,.. "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000001 "khjeh"=hex:1f,97,9d,a5,60,bd,92,44,89,81,24,18,3f,a0,d5,f5,d0,87,d8,4c,69,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:36,cf,b9,b0,34,3c,2f,fe,31,f9,54,d1,b6,ee,6d,f3,1a,11,16,04,43,.. "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000001 "khjeh"=hex:9f,14,dc,e1,06,c6,8e,20,b3,55,54,fb,d2,21,f4,f5,e8,a5,08,ee,1b,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:36,cf,b9,b0,34,3c,2f,fe,31,f9,54,d1,b6,ee,6d,f3,1a,11,16,04,43,.. "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000001 "khjeh"=hex:9f,14,dc,e1,06,c6,8e,20,b3,55,54,fb,d2,21,f4,f5,e8,a5,08,ee,1b,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:36,cf,b9,b0,34,3c,2f,fe,31,f9,54,d1,b6,ee,6d,f3,1a,11,16,04,43,.. "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000001 "khjeh"=hex:9f,14,dc,e1,06,c6,8e,20,b3,55,54,fb,d2,21,f4,f5,e8,a5,08,ee,1b,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:36,cf,b9,b0,34,3c,2f,fe,31,f9,54,d1,b6,ee,6d,f3,1a,11,16,04,43,.. "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000001 "khjeh"=hex:9f,14,dc,e1,06,c6,8e,20,b3,55,54,fb,d2,21,f4,f5,e8,a5,08,ee,1b,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\28cce2b] "ImagePath"="\SystemRoot\System32\drivers\28cce2b.sys" "Type"=dword:00000001 "Start"=dword:00000001 "ErrorControl"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:36,cf,b9,b0,34,3c,2f,fe,31,f9,54,d1,b6,ee,6d,f3,1a,11,16,04,43,.. "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000001 "khjeh"=hex:9f,14,dc,e1,06,c6,8e,20,b3,55,54,fb,d2,21,f4,f5,e8,a5,08,ee,1b,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\tdssserv] "start"=dword:00000001 "type"=dword:00000001 "imagepath"=str(2):"\systemroot\system32\drivers\tdssserv.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\28cce2b] "ImagePath"="\SystemRoot\System32\drivers\28cce2b.sys" "Type"=dword:00000001 "Start"=dword:00000001 "ErrorControl"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:00c7ee6f "s2"=dword:fffd2367 "h0"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:36,cf,b9,b0,34,3c,2f,fe,31,f9,54,d1,b6,ee,6d,f3,1a,11,16,04,43,.. "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000001 "khjeh"=hex:9f,14,dc,e1,06,c6,8e,20,b3,55,54,fb,d2,21,f4,f5,e8,a5,08,ee,1b,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv] "start"=dword:00000001 "type"=dword:00000001 "imagepath"=str(2):"\systemroot\system32\drivers\tdssserv.sys" [HKEY_LOCAL_MACHINE\SYSTEM\controlset009\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties] "DeviceType"=dword:00000002 "DeviceCharacteristics"=dword:00000100 [HKEY_LOCAL_MACHINE\SYSTEM\controlset009\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties] "DeviceType"=dword:00000007 "DeviceCharacteristics"=dword:00000100 [HKEY_LOCAL_MACHINE\SYSTEM\controlset009\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties] "DeviceType"=dword:00000004 "DeviceCharacteristics"=dword:00000100 [HKEY_LOCAL_MACHINE\SYSTEM\controlset009\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties] "DeviceType"=dword:00000004 "DeviceCharacteristics"=dword:00000100 [HKEY_LOCAL_MACHINE\SYSTEM\controlset009\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties] "DeviceType"=dword:00000004 "DeviceCharacteristics"=dword:00000100 [HKEY_LOCAL_MACHINE\SYSTEM\controlset009\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties] "DeviceType"=dword:00000007 "DeviceCharacteristics"=dword:00000100 [HKEY_LOCAL_MACHINE\SYSTEM\controlset009\Services\28cce2b] "ImagePath"="\SystemRoot\System32\drivers\28cce2b.sys" "Type"=dword:00000001 "Start"=dword:00000001 "ErrorControl"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\controlset009\Services\MRxDAV\EncryptedDirectories] @="" [HKEY_LOCAL_MACHINE\SYSTEM\controlset009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:36,cf,b9,b0,34,3c,2f,fe,31,f9,54,d1,b6,ee,6d,f3,1a,11,16,04,43,.. "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\" [HKEY_LOCAL_MACHINE\SYSTEM\controlset009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001] "a0"=hex:20,01,00,00,01,1c,02,41,f7,95,5d,06,a1,89,09,c7,5f,4c,4d,f3,47,.. "ujdew"=hex:05,20,8a,31,fc,5a,26,55,bb,97,45,00,6e,73,fe,9b,00,45,87,d8,3b,.. [HKEY_LOCAL_MACHINE\SYSTEM\controlset009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40] "ujdew"=hex:7b,0c,47,c5,4b,1c,a7,1a,d7,66,44,96,dc,b6,04,35,32,85,2c,72,8e,.. [HKEY_LOCAL_MACHINE\SYSTEM\controlset009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41] "ujdew"=hex:f4,b0,f7,c6,c7,f8,ee,02,15,c0,7d,3c,64,eb,dd,95,09,b3,c5,ff,f6,.. [HKEY_LOCAL_MACHINE\SYSTEM\controlset009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000001 "khjeh"=hex:9f,14,dc,e1,06,c6,8e,20,b3,55,54,fb,d2,21,f4,f5,e8,a5,08,ee,1b,.. [HKEY_LOCAL_MACHINE\SYSTEM\controlset009\Services\tdssserv] "start"=dword:00000001 "type"=dword:00000001 "imagepath"=str(2):"\systemroot\system32\drivers\tdssserv.sys" scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" "DeviceNotSelectedTimeout"="15" "GDIProcessHandleQuota"=dword:00002710 "Spooler"="yes" "swapdisk"="" "TransmissionRetryTimeout"="90" "USERProcessHandleQuota"=dword:00002710 "DisableSR"=dword:00000000 "qhpInit_Dlls"="nvrsul32" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E40F5096-4409-395C-2A89-DD1073EBAFED}] "iapodgajhifnkcimpa"=hex:69,61,67,61,65,69,66,6b,63,6b,62,6d,6e,62,65,69,6c,67,00,00 "habpjhablnkcmlip"=hex:69,61,67,61,65,69,66,6b,63,6b,62,6d,6e,62,65,69,6c,67,00,00 "ialclgiioileafmkdh"=hex:64,61,61,61,6c,67,69,64,00,e0 scanning hidden files ... C:\WINDOWS\system32\OLD6.tmp:exe.exe 25088 bytes executable scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 1 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*isabled:Microsoft DirectPlay8 Server" "C:\\Program Files\\Elisa\\Avustaja\\Elisa.exe"="C:\\Program Files\\Elisa\\Avustaja\\Elisa.exe:*:Enabled:Elisa Avustaja" "C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"="C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"="C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files : Files with Hidden Attributes : Thu 17 May 2007 211 A.SHR --- "C:\BOOT.BAK" Sun 11 May 2008 168 ..SH. --- "C:\WINDOWS\SCAB61C4B.tmp" Mon 13 Mar 2006 25 A..H. --- "C:\WINDOWS\sysmf4.dll" Sun 24 Dec 2006 0 A.SH. --- "C:\Documents and Settings\Cache\Indiv01.tmp" Sat 25 Jun 2005 7,171 A..H. --- "C:\found.001\dir0000.chk\BIT23.tmp" Sat 25 Jun 2005 7,171 A..H. --- "C:\found.001\dir0000.chk\BIT28.tmp" Sat 25 Jun 2005 7,171 A..H. --- "C:\found.001\dir0000.chk\BIT35.tmp" Sun 15 Jun 2008 6,104,632 A..H. --- "C:\Program Files\Picasa2\setup.exe" Fri 31 Mar 2006 8 A.SHR --- "C:\WINDOWS\system32\14E971F081.sys" Sun 21 May 2006 56 ..SHR --- "C:\WINDOWS\system32\E1517534C7.sys" Fri 28 Mar 2008 23 A.SH. --- "C:\WINDOWS\system32\febaafb_z.dll" Mon 16 Jun 2008 1,108 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys" Thu 12 Jul 2007 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\Cache\Indiv01.tmp" Thu 14 Apr 2005 76,056 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe" Thu 14 Apr 2005 5,632 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll" Tue 28 Sep 1999 794,112 A..H. --- "C:\Program Files\eGames\Nebula Fighter Special Edition\WCSUP.DLL" Fri 17 Sep 1999 334,848 A..H. --- "C:\Program Files\eGames\Oxide Special Edition\WCDEMO.EXE" Wed 28 May 2008 28,035 ...H. --- "C:\Program Files\Ipswitch\WS_FTP Professional\wsftpgui.exe-CommandBars" Thu 9 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv03.tmp" Thu 1 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\02a4f2fd7d9c575c80786d5284ddaf44\BIT4.tmp" Fri 11 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\39d992caaf2653d2541623883d4da968\BIT2.tmp" Wed 11 Jul 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa5e263db3d19c7c32aedc2969cc4743\BIT36D.tmp" Wed 20 Apr 2005 832 ...HR --- "C:\WINDOWS\system32\drivers\etc\Hosts.bak" Wed 14 Aug 2002 65,088 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\3COM 3c556 Packet\3C556.COM" Wed 14 Aug 2002 12,732 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\3COM 3c509 Packet\3C5X9PD.COM" Wed 14 Aug 2002 26,424 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\3COM 3c59x Packet\3C59XPD.COM" Wed 14 Aug 2002 28,062 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\ACCTON EN1207F Packet\EN5251PD.COM" Wed 14 Aug 2002 10,710 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\ACCTON EN1207C Packet\PCIPD.COM" Wed 14 Aug 2002 10,083 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\ACCTON EN1207D Packet\ACCPKT.COM" Wed 14 Aug 2002 10,257 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\ACCTON EN1207TX Packet\PCIPD.COM" Wed 14 Aug 2002 29,499 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\ACCTON EN1203 Packet\PCIPD.COM" Wed 14 Aug 2002 12,660 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\ACCTON EN1204 Packet\VLNWPD.COM" Wed 14 Aug 2002 11,031 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\ACCTON EN1207 Packet\PCIPD.COM" Wed 14 Aug 2002 17,952 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\ACCTON EN1200 Packet\EC32PD.COM" Wed 14 Aug 2002 9,424 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\ACCTON EN1208 Packet\1208PD.COM" Wed 14 Aug 2002 7,825 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\ACCTON EN1650 Packet\NWPD.COM" Wed 14 Aug 2002 13,673 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\ACCTON EN1640 Packet\NWPD.COM" Wed 14 Aug 2002 14,438 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\ACCTON EN1658 Packet\NWPD.COM" Wed 14 Aug 2002 7,825 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\ACCTON EN166X Packet\NWPD.COM" Wed 14 Aug 2002 7,825 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\ACCTON EN1651 Packet\NWPD.COM" Wed 14 Aug 2002 7,825 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\ACCTON EN1652 Packet\NWPD.COM" Wed 14 Aug 2002 7,243 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\ACCTON EN1653 Packet\NE2PD.COM" Wed 14 Aug 2002 24,767 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\ACCTON EN2216 Packet\PCMPD.COM" Wed 14 Aug 2002 7,463 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\ACCTON EN1625 Packet\NEPD.COM" Wed 14 Aug 2002 7,825 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\ACCTON EN1656 Packet\NWPD.COM" Wed 14 Aug 2002 10,286 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\ACCTON EN2228 Packet\PCMPD.COM" Wed 14 Aug 2002 25,460 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\ACCTON EN2218 Packet\PCMPD.COM" Wed 14 Aug 2002 28,866 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\ACCTON EN2320 Packet\EN5251PD.COM" Wed 14 Aug 2002 14,438 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\ACCTON EN1657 Packet\NWPD.COM" Wed 14 Aug 2002 8,544 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\CATC USB Ethernet\Elndis.sys" Wed 14 Aug 2002 33,149 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\CATC USB Ethernet\Usbd.sys" Wed 14 Aug 2002 47,826 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\ASPI1394.SYS" Wed 14 Aug 2002 35,340 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\ASPI2DOS.SYS" Wed 14 Aug 2002 14,378 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\ASPI4DOS.SYS" Wed 14 Aug 2002 37,984 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\ASPI8DOS.SYS" Wed 14 Aug 2002 44,828 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\ASPI8U2.SYS" Wed 14 Aug 2002 29,628 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\ASPICD.SYS" Wed 14 Aug 2002 49,750 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\ASPIEHCI.SYS" Wed 14 Aug 2002 49,242 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\ASPIOHCI.SYS" Wed 14 Aug 2002 50,606 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\ASPIUHCI.SYS" Wed 14 Aug 2002 161,792 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\BOOTSRV.SYS" Wed 14 Aug 2002 174,080 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\bootsrv16.sys" Wed 14 Aug 2002 21,971 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\BTCDROM.SYS" Wed 14 Aug 2002 30,955 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\BTDOSM.SYS" Wed 14 Aug 2002 202,517 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\CMDS.EXE" Wed 14 Aug 2002 374,038 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\CMDS16.EXE" Wed 14 Aug 2002 22,158 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\COUNTRY.SYS" Wed 14 Aug 2002 1,608 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\DEVICE.COM" Wed 14 Aug 2002 15,345 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\DISPLAY.SYS" Wed 14 Aug 2002 7,840 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\DLSHELP.SYS" Wed 14 Aug 2002 56,821 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\E.EXE" Wed 14 Aug 2002 64,425 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\FLASHPT.SYS" Wed 14 Aug 2002 32,396 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\GUEST.EXE" Wed 14 Aug 2002 14,160 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\HIMEM.SYS" Wed 14 Aug 2002 10,898 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\KEYB.COM" Wed 14 Aug 2002 53,556 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\KEYBOARD.SYS" Wed 14 Aug 2002 15,777 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\MODE.COM" Wed 14 Aug 2002 37,681 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\MOUSE.COM" Wed 14 Aug 2002 354,304 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\msbootsrv16.sys" Wed 14 Aug 2002 21,180 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\MSCDEX.EXE" Wed 14 Aug 2002 354,263 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\Net.exe" Wed 14 Aug 2002 8,513 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\NETBIND.COM" Wed 14 Aug 2002 41,302 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\OAKCDROM.SYS" Wed 14 Aug 2002 129,240 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\OHCI.EXE" Wed 14 Aug 2002 28,439 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\Paralink.com" Wed 14 Aug 2002 13,770 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\PROTMAN.EXE" Wed 14 Aug 2002 130,980 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\UHCI.EXE" Wed 14 Aug 2002 11,854 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\DEC EtherWorks ISA (DE305) Packet\DE305.COM" Wed 14 Aug 2002 52,715 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\DEC EtherWORKS DE450 Packet\DE450.COM" Wed 14 Aug 2002 62,391 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\DEC EtherWORKS DE500 Packet\DE500.COM" Wed 14 Aug 2002 17,043 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\DLink DE400 Packet\De400pd.com" Wed 14 Aug 2002 17,791 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\DLink DT620 Packet\Dt620pd.com" Wed 14 Aug 2002 11,491 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\DLink DMF560-TX Packet\Lmpd.com" Wed 14 Aug 2002 11,786 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\IBM Crystal LAN Packet\Epktisa.com" Wed 14 Aug 2002 18,300 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\Kingston EtheRx KNE110TX Packet\Ktc110p.com" Wed 14 Aug 2002 48,224 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\Laneed LD 10-100AL Packet\L100al.com" Wed 14 Aug 2002 9,190 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\Laneed LD-PCI2TL Packet\Ldpcil.com" Wed 14 Aug 2002 13,360 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\Laneed LD-CDF Packet\Ldcdt.com" Wed 14 Aug 2002 12,567 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\Melco LPC2-T\Lpchkat2.com" Wed 14 Aug 2002 44,640 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\Planex FNW9x00T - ENW8300T Packet\fetpkt.com" Wed 14 Aug 2002 44,640 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\Planex FW-100TX Fast Ethernet Packet\FETPKT.COM" Wed 14 Aug 2002 56,896 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\Planex FW-100TX Fast Ethernet Packet\Rtspkt.com" Wed 14 Aug 2002 9,692 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\PXE Packet Driver\Undipd.com" Wed 14 Aug 2002 9,537 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\SN 2000p Packet\PNPPD.COM" Wed 14 Aug 2002 32,484 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\WaveLAN Packet\Wvlan42.com" Wed 14 Aug 2002 48,641 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\Xircom Ethernet II PS\Xpsndis.exe" Wed 14 Aug 2002 52,225 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\Xircom Ethernet 10-100 + Modem\Cbendis.exe" Wed 14 Aug 2002 48,491 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\Xircom RE10BT\Ce3ndis.exe" Wed 14 Aug 2002 48,223 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\Xircom CBE10-100BTX Packet\Cbepd.com" Wed 14 Aug 2002 49,015 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\Xircom Ethernet II PS Packet\Xpspd.com" Wed 14 Aug 2002 50,175 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe" Wed 14 Aug 2002 50,795 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\Xircom CBE10-100BTX\Cbendis.exe" Wed 14 Aug 2002 50,405 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\Xircom RE10 - RE100 Packet\Ce3pd.com" Wed 14 Aug 2002 33,860 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\Xircom PE3-10Bx\Pe3ndis.exe" Sun 7 Sep 2003 0 ...H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp" Wed 14 Aug 2002 53,786 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\pcdos\command.com" Wed 14 Aug 2002 44,240 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\pcdos\IBMBIO.COM" Wed 14 Aug 2002 42,550 ...H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\template\common\pcdos\IBMDOS.COM" Finished! SmitFraudFix v2.339 Scan done at 10:08:50,29, su 24.08.2008 Run from C:\SmitfraudFix OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\juki »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\juki\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\juki\Suosikit »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, following keys are not inevitably infected!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, following keys are not inevitably infected!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, following keys are not inevitably infected!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix !!!Attention, following keys are not inevitably infected!!! AntiXPVSTFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="c:\\windows\\system32\\userinit.exe" "System"="" »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{47EBE050-386D-45A9-8F37-B81E59057B3D}: DhcpNameServer=193.229.0.40 193.229.0.42 HKLM\SYSTEM\CS2\Services\Tcpip\..\{47EBE050-386D-45A9-8F37-B81E59057B3D}: DhcpNameServer=193.229.0.40 193.229.0.42 HKLM\SYSTEM\CS3\Services\Tcpip\..\{47EBE050-386D-45A9-8F37-B81E59057B3D}: DhcpNameServer=193.229.0.40 193.229.0.42 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=193.229.0.40 193.229.0.42 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=193.229.0.40 193.229.0.42 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=193.229.0.40 193.229.0.42 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End Malwarebytes' Anti-Malware 1.25 Tietokantaversio: 1078 Windows 5.1.2600 Service Pack 3 16:38:53 23.8.2008 mbam-log-08-23-2008 (16-38-53).txt Tarkistustyyppi: Pikatarkistus Tarkistetut kohteet: 74980 Kulunut aika: 12 minute(s), 11 second(s) Saastuneita muistiprosesseja: 0 Saastuneita muistimoduuleja: 0 Saastuneita rekisteriavaimia: 1 Saastuneita rekisteriarvoja: 0 Saastuneita rekisterikohteita: 0 Saastuneita hakemistoja: 1 Saastuneita tiedostoja: 6 Saastuneita muistiprosesseja: (Haitallisia kohteita ei löydetty) Saastuneita muistimoduuleja: (Haitallisia kohteita ei löydetty) Saastuneita rekisteriavaimia: HKEY_LOCAL_MACHINE\SOFTWARE\Live_TV (Adware.Agent) -> Quarantined and deleted successfully. Saastuneita rekisteriarvoja: (Haitallisia kohteita ei löydetty) Saastuneita rekisterikohteita: (Haitallisia kohteita ei löydetty) Saastuneita hakemistoja: C:\Program Files\Live_TV (Adware.Agent) -> Quarantined and deleted successfully. Saastuneita tiedostoja: C:\WINDOWS\system32\hgGvvVlK.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tdssserf.dll (Trojan.Virantix) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\28cce2b.sys (Rootkit.Agent) -> Delete on reboot. C:\accq.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Program Files\Live_TV\INSTALL.LOG (Adware.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\phcpp4j0ee51.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Olen nyt kahden päivän aikana ajanut erilaisia tarkistusohjelmia lävitse nyt kaikki tuntuu toimivan Ok, mutta kirjautumisvaiheessa loginruudun väri on jotenkin liian kirkkaan sininen. Tarkistusohjelma eivät löytäneet uusia tartuntoja. Virus oli kopioinut neljälle kiintolevylle jonkin kansion sekä autorun.exe tiedoston. Nämä on poistettu. Tuota HJT lokia en ole ehtinyt tutkia olisiko siinä vielä jotain. Jännä juttu on tuo win Xp:n hidas käynnistyminen, suoritinteho ei ole kuin 25% luokkaa mutta kiintolevy raksuttaa tiheästi ja käynnistyminen tuntuu kestävän noin 3 min. Taustalla on norton 360, mikä kyllä syö tehoja koneesta.
