HjT-logi katsaus

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:05:36, on 14.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Elisa\Avustaja\Elisa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Perheturva\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Elisa Avustaja Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program Files\Elisa\Avustaja\IEFixItNowPlugin.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Elisa Avustaja] "C:\Program Files\Elisa\Avustaja\Elisa.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: OP_CACHE.ATR (User 'SYSTEM')
O4 - S-1-5-18 Startup: OP_CACHE.IDX (User 'SYSTEM')
O4 - .DEFAULT Startup: OP_CACHE.ATR (User 'Default user')
O4 - .DEFAULT Startup: OP_CACHE.IDX (User 'Default user')
O4 - .DEFAULT User Startup: OP_CACHE.ATR (User 'Default user')
O4 - .DEFAULT User Startup: OP_CACHE.IDX (User 'Default user')
O4 - Startup: OP_CACHE.ATR
O4 - Startup: OP_CACHE.IDX
O4 - Global Startup: OP_CACHE.ATR
O4 - Global Startup: OP_CACHE.IDX
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1199727961078
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiteAdvisor-palvelu (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11565 bytes

 

1. Käynnistä Spybot-S&D Edistyneessä tilassa
2. Jos se ei ole Edistyneessä tilassa, mene Tila-valikkoon ja valitse Edistynyt tila
3. Klikkaa vasemmalla Työkalut
4. Klikkaa listassa Pysyvä suojaus
5. Ota rasti pois kohdasta "Pysyvä TeaTimer" ja paina OK.
6. Käynnistä kone uudelleen.

====
Poista lisää poista sovelutuksesta

ZoneAlarmSB
The_Pirate_Bay Toolbar

Poista kansiot vikasiedossa

C:\Program Files\The_Pirate_Bay
C:\Program Files\ZoneAlarmSB

===============

Ohje AVG:n Anti-Spyware 7.5:n käyttöön
Huom! Tässä ohjeessa sammutetaan tuo reaaliaikasuojaus (Shield). Näin vältetään tilanteet joissa suojaus estäisi esim HijackThis:n työkalun toimintaa.

Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta

Lataa AVG:n Anti-Spyware 7.5:n
ja tallenna ohjelma työpöydällesi.
o Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
o Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
o Käynnistä AVG:n Anti-Spyware.
o Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.

o Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.

o Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
o Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".

o Sitten "Reports" valikon alta:
o Laita täppi kohtaan "Automatically generate report after every scan"
o Ota täppi pois kohdasta"Only if threats were found"

o Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
o "Resident shield is", muuta tila active:sta inactive:ksi
o Sulje ohjelma, ÄLÄ skannaa vielä.

Käynnistä koneesi vikasietotilaan,
sammuta ja käynnistä
käynnistyksen yhteydessä naputtele F8
valitse nuoli näppäimellä vikasietotila
paina enter ja enter

Toisissa koneissa paukutetaan F8:sin sijasta F5:tä

HUOM! Älä käytä muita ohjelmia AVG:n skannauksen aikana, tämä saattaa häiritä skannausta.
o Kun vikasietotilassa, käynnistä AVG:n Anti-Spyware.
o Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
o Ewido aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.

Kun skannaus on valmis:
TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
o Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
o Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"

o Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
o Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
o Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestikejuusi.

===========

Escan
Ohjeet tuolla sivulla.
http://koti.mbnet.fi/pattaya1/escanmwav.htm
lataa tuosta
http://www.spywareinfo.dk/download/mwav.exe
päivitä tuosta
http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
laita täpit merkkauksien mukaan
http://koti.mbnet.fi/pattaya1/eScan6.jpg

scannaa

jos ala luukkuun tulee jotain niin kopioi se näin:
Käytä komentoa Ctrl+A.
Kopioi rivit komennolla Ctrl+C.
Liitä rivit komennolla Ctrl+V.

Laita virus log tänne.

=============

Lataa tuolta http://www.ccleaner.com/download/builds.aspx
CCleaner v2.03.532- Standard Build, ÄLÄ aseenna Yahoo toolbaria!

laita asetukset näin:
Valinnat --> Lisäasetukset --> Ota ruksi pois kohdasta Poista vain yli 48 tuntia vanhat tilapäistiedostot.

aja Puhdistaja > tutki nappi > aja ccleaner nappi oikea alakulma
aja Virheet > etsi rekisteri virheitä nappi > Korjaa rekisteri virheet. nappi

 

File C:\Documents and Settings\Atte\Application Data\SecuROM\UserData\???????????p????????? infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
¨
File C:\Documents and Settings\Atte\Application Data\SecuROM\UserData\???????????p????????? infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

 

Otas scannaten uusi hjt:n loki

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:50:59, on 15.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Elisa\Avustaja\Elisa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Perheturva\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Elisa Avustaja Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program Files\Elisa\Avustaja\IEFixItNowPlugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Elisa Avustaja] "C:\Program Files\Elisa\Avustaja\Elisa.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: OP_CACHE.ATR (User 'Default user')
O4 - .DEFAULT User Startup: OP_CACHE.IDX (User 'Default user')
O4 - Startup: OP_CACHE.ATR
O4 - Startup: OP_CACHE.IDX
O4 - Global Startup: OP_CACHE.ATR
O4 - Global Startup: OP_CACHE.IDX
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1199727961078
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiteAdvisor-palvelu (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10799 bytes

 

Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan:

sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä

Jossakin koneissa hakataan F8:sin sijasta F5:tä

" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.

=========

1.Lataa combofix.exe työpöydällesi linkistä:

combofix

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

===============

Lataa RustBFix by ejvindh http://www.uploads.ejvindh.net/rustbfix.exe
ja tallenna se työpöydällesi.

Tuplaklikkaa tiedostoa rustbfix.exe. Jos löytyy Rustock.b-infektio, sinua pyydetään pian käynnistämään kone uudelleen. Uudelleenkäynnistyminen saattaa kestää hetken ja joudut ehkä käynnistämään koneen vielä toisenkin kerran. Kaikki tämä tapahtuu automaattisesti. Uudelleenkäynnistyksen jälkeen kaksi lokitiedostoa avautuu (%root%\avenger.txt & %root%\rustbfix\pelog.txt).

Kopioi ja liitä nämä kaksi lokitiedostoa seuraavaan vastaukseesi uuden HijackThis lokin kera.

 

************************* Rustock.b-fix v. 1.01 -- By ejvindh *************************
la 16.02.2008 11:36:20,64

No Rustock.b-rootkits found

******************************* End of Logfile ********************************



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37:12, on 16.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Elisa\Avustaja\Elisa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Perheturva\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Elisa Avustaja Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program Files\Elisa\Avustaja\IEFixItNowPlugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Elisa Avustaja] "C:\Program Files\Elisa\Avustaja\Elisa.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: OP_CACHE.ATR (User 'Default user')
O4 - .DEFAULT User Startup: OP_CACHE.IDX (User 'Default user')
O4 - Startup: OP_CACHE.ATR
O4 - Startup: OP_CACHE.IDX
O4 - Global Startup: OP_CACHE.ATR
O4 - Global Startup: OP_CACHE.IDX
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1199727961078
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiteAdvisor-palvelu (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11135 bytes


SDFix: Version 1.142

Run by Atte on la 16.02.2008 at 11:00

Microsoft Windows XP [versio 5.1.2600]

Running From: C:\DOCUME~1\Atte\TYPYT~1\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found






Removing Temp Files...

ADS Check:



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 11:08:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:ac,e3,f1,ca,c0,14,f9,f9,79,24,5b,17,bf,47,53,bc,4e,36,d6,81,0b,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000001
"hdf12"=hex:6c,00,d0,54,e6,70,76,4c,bd,3a,16,3c,6d,e4,fd,68,cc,5f,52,fe,fe,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:ac,e3,f1,ca,c0,14,f9,f9,79,24,5b,17,bf,47,53,bc,4e,36,d6,81,0b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000001
"hdf12"=hex:6c,00,d0,54,e6,70,76,4c,bd,3a,16,3c,6d,e4,fd,68,cc,5f,52,fe,fe,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x90\x2022\x20ac|\xff\xff\xff\xff"\x2022\x20ac|\xfe\xbb\xd3w\2]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:EnabledNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:EnabledC++"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Elisa\\Avustaja\\Elisa.exe"="C:\\Program Files\\Elisa\\Avustaja\\Elisa.exe:*:Enabled:Elisa Avustaja"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\\Program Files\\Sierra\\FEARCombat\\FEARMP.exe"="C:\\Program Files\\Sierra\\FEARCombat\\FEARMP.exe:*:Enabled:FEAR Combat"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"="C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe:*:Enabled:ET"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files:
---------------


Files with Hidden Attributes:

Sat 9 Feb 2008 24 A.SH. --- "C:\WINDOWS\S5AB6BC3A.tmp"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Mon 7 Jan 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 7 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 5 Jul 2005 241,664 A..H. --- "C:\Sovellukset\Ajuri\Audio\EXERUN\EXERUN.exe"
Wed 20 Jul 2005 122,880 A..H. --- "C:\Sovellukset\Ajuri\Audio\EXERUN\Fxdrv.dll"
Sat 3 Jul 2004 13,440 A..H. --- "C:\Sovellukset\Ajuri\Audio\EXERUN\Fxdrv.sys"
Mon 27 Sep 2004 62,976 A..H. --- "C:\Sovellukset\Ajuri\Chipset\exerun\DSETUP.dll"
Sat 23 Jul 2005 241,664 A..H. --- "C:\Sovellukset\Ajuri\Chipset\exerun\EXERUN.exe"
Wed 20 Jul 2005 122,880 A..H. --- "C:\Sovellukset\Ajuri\Chipset\exerun\Fxdrv.dll"
Sat 3 Jul 2004 13,440 A..H. --- "C:\Sovellukset\Ajuri\Chipset\exerun\Fxdrv.sys"
Tue 5 Jul 2005 241,664 A..H. --- "C:\Sovellukset\Ajuri\Lan\EXERUN\EXERUN.exe"
Wed 20 Jul 2005 122,880 A..H. --- "C:\Sovellukset\Ajuri\Lan\EXERUN\Fxdrv.dll"
Sat 3 Jul 2004 13,440 A..H. --- "C:\Sovellukset\Ajuri\Lan\EXERUN\Fxdrv.sys"
Tue 5 Jul 2005 241,664 A..H. --- "C:\Sovellukset\Ajuri\usb20\EXERUN\EXERUN.exe"
Wed 20 Jul 2005 122,880 A..H. --- "C:\Sovellukset\Ajuri\usb20\EXERUN\Fxdrv.dll"
Sat 3 Jul 2004 13,440 A..H. --- "C:\Sovellukset\Ajuri\usb20\EXERUN\Fxdrv.sys"
Tue 5 Jul 2005 241,664 A..H. --- "C:\Sovellukset\Ajuri\VGA\EXERUN\EXERUN.exe"
Wed 20 Jul 2005 122,880 A..H. --- "C:\Sovellukset\Ajuri\VGA\EXERUN\Fxdrv.dll"
Sat 3 Jul 2004 13,440 A..H. --- "C:\Sovellukset\Ajuri\VGA\EXERUN\Fxdrv.sys"
Sat 12 Jan 2008 857 ...HR --- "C:\Documents and Settings\Atte\Application Data\SecuROM\UserData\securom_v7_01.bak"

Finished!


ComboFix 08-02-16.2 - Atte 2008-02-16 11:20:45.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.121 [GMT 2:00]
Running from: C:\Documents and Settings\Atte\Työpöytä\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Atte\Omat tiedostot\Downloads\valmiit\leffat\ycyjc@Hollywood Orgies Jenna Jameson\_desktop.ini

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-01-16 to 2008-02-16 )))))))))))))))))
.

2008-02-16 10:58 . 2008-02-16 10:58 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-02-15 15:59 . 2008-02-15 15:59 0 --a------ C:\23990098.$$$
2008-02-15 14:11 . 2008-02-15 14:33 <KANSIO> d-------- C:\Kaspersky
2008-02-15 11:58 . 2008-02-15 11:58 <KANSIO> d-------- C:\Documents and Settings\Atte\Application Data\Grisoft
2008-02-15 11:58 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-15 11:57 . 2008-02-15 11:57 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-14 14:23 . 2008-02-16 11:23 2,007,072 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-14 14:23 . 2008-02-16 10:54 24,068 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-14 14:20 . 2008-02-14 14:20 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-02-14 14:19 . 2007-11-14 16:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-02-14 14:19 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-02-14 14:18 . 2008-02-14 14:18 <KANSIO> d-------- C:\Program Files\Zone Labs
2008-02-14 13:05 . 2008-02-14 13:05 <KANSIO> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-14 13:05 . 2008-02-14 13:07 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-09 23:41 . 2008-02-10 00:01 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-02-09 23:36 . 2008-02-10 00:01 <KANSIO> d-------- C:\Program Files\SlySoft
2008-02-09 23:36 . 2008-02-09 23:41 24 --ahs---- C:\WINDOWS\S5AB6BC3A.tmp
2008-02-09 20:37 . 2008-02-09 20:37 <KANSIO> d-------- C:\Documents and Settings\Atte\Application Data\vlc
2008-02-09 20:34 . 2008-02-09 20:34 <KANSIO> d-------- C:\Program Files\VideoLAN
2008-02-06 15:41 . 2008-02-06 15:41 <KANSIO> d-------- C:\Documents and Settings\Atte\Application Data\Uniblue
2008-02-06 15:40 . 2008-02-06 15:40 <KANSIO> d-------- C:\Program Files\Uniblue
2008-02-03 20:24 . 2008-02-03 20:24 <KANSIO> d--hs---- C:\WINDOWS\ftpcache
2008-02-03 18:14 . 2008-02-03 18:14 <KANSIO> d-------- C:\Documents and Settings\Atte\Application Data\dvdcss
2008-02-01 20:24 . 2008-02-01 20:25 <KANSIO> d-------- C:\Program Files\QuickTime
2008-02-01 20:24 . 2008-02-01 20:24 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-01 20:23 . 2008-02-01 20:23 <KANSIO> d-------- C:\Program Files\Apple Software Update
2008-02-01 20:23 . 2008-02-01 20:23 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-02-01 14:35 . 2008-02-01 14:35 <KANSIO> d-------- C:\Program Files\Microsoft Silverlight
2008-01-27 20:18 . 2008-01-27 20:18 <KANSIO> d-------- C:\Program Files\Common Files\DirectX
2008-01-27 20:17 . 2008-01-27 20:17 <KANSIO> d-------- C:\Program Files\directx
2008-01-27 20:17 . 2008-01-27 20:17 21,840 --a------ C:\WINDOWS\system32\SIntfNT.dll
2008-01-27 20:17 . 2008-01-27 20:17 17,212 --a------ C:\WINDOWS\system32\SIntf32.dll
2008-01-27 20:17 . 2008-01-27 20:17 12,067 --a------ C:\WINDOWS\system32\SIntf16.dll
2008-01-27 20:10 . 2008-01-27 20:10 <KANSIO> d-------- C:\Program Files\Warthog
2008-01-27 16:06 . 2008-01-27 16:06 <KANSIO> d-------- C:\Program Files\uTorrent
2008-01-27 16:05 . 2008-02-14 15:12 <KANSIO> d-------- C:\Documents and Settings\Atte\Application Data\uTorrent
2008-01-26 21:51 . 2008-01-26 21:51 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-01-26 21:48 . 2008-01-26 21:48 <KANSIO> d-------- C:\Program Files\Lavalys
2008-01-26 21:08 . 2008-01-26 21:08 <KANSIO> d-------- C:\Program Files\Blender Foundation
2008-01-26 19:53 . 2008-01-26 19:53 <KANSIO> d-------- C:\Documents and Settings\Atte\Application Data\DAEMON Tools Pro
2008-01-26 18:50 . 1997-04-08 20:08 299,520 --a------ C:\WINDOWS\uninst.exe
2008-01-26 15:22 . 2008-01-26 15:22 <KANSIO> d-------- C:\Program Files\Alcohol Soft
2008-01-26 15:12 . 2008-01-26 15:12 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-01-26 13:03 . 2003-03-18 23:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-01-26 13:03 . 2007-12-04 15:04 837,496 --a--c--- C:\WINDOWS\system32\aswBoot.exe
2008-01-26 13:03 . 2004-01-09 12:13 380,928 --a--c--- C:\WINDOWS\system32\actskin4.ocx
2008-01-26 13:03 . 2007-12-04 14:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-26 13:03 . 2007-12-04 16:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-26 13:03 . 2007-12-04 16:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-26 13:03 . 2007-12-04 16:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-26 13:03 . 2007-12-04 16:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-26 13:03 . 2007-12-04 16:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-26 13:02 . 2008-01-26 13:02 <KANSIO> d-------- C:\Program Files\Alwil Software
2008-01-26 13:00 . 2008-01-26 13:00 <KANSIO> d-------- C:\Program Files\Lavasoft
2008-01-26 13:00 . 2008-01-26 13:00 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-26 13:00 . 2008-01-26 18:59 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-26 12:54 . 2008-01-26 13:50 624 -rahs---- C:\WINDOWS\system32\drivers\OP_CACHE.ATR
2008-01-26 12:54 . 2008-01-26 13:50 312 -rahs---- C:\WINDOWS\system32\drivers\OP_CACHE.IDX
2008-01-26 12:53 . 2008-01-26 13:11 144 -rahs---- C:\OP_CACHE.ATR
2008-01-26 12:53 . 2008-01-26 13:11 72 -rahs---- C:\OP_CACHE.IDX
2008-01-26 12:50 . 2008-01-26 13:48 18,432 -rahs---- C:\WINDOWS\system32\OP_CACHE.ATR
2008-01-26 12:50 . 2008-01-26 13:48 9,216 -rahs---- C:\WINDOWS\system32\OP_CACHE.IDX
2008-01-26 12:50 . 2008-01-26 13:48 480 -rahs---- C:\WINDOWS\OP_CACHE.ATR
2008-01-26 12:50 . 2008-01-26 12:55 240 -rahs---- C:\WINDOWS\OP_CACHE.IDX
2008-01-26 11:43 . 2008-01-26 11:45 <KANSIO> d-------- C:\Program Files\Winamp
2008-01-26 11:43 . 2008-01-26 11:45 <KANSIO> d-------- C:\Documents and Settings\Atte\Application Data\Winamp
2008-01-25 18:05 . 2008-01-26 11:12 <KANSIO> d-------- C:\Documents and Settings\Atte\Application Data\skypePM
2008-01-25 18:05 . 2008-01-25 18:05 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-01-25 17:50 . 2008-01-26 13:15 <KANSIO> d-------- C:\Documents and Settings\Atte\Application Data\Skype
2008-01-25 17:49 . 2008-01-25 17:49 <KANSIO> d-------- C:\Program Files\Skype
2008-01-25 17:49 . 2008-01-26 13:32 <KANSIO> d-------- C:\Program Files\Common Files\Skype
2008-01-25 17:49 . 2008-01-25 17:49 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-01-25 12:13 . 2007-12-24 13:49 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-01-25 12:13 . 2007-12-07 18:28 6,144 --a------ C:\WINDOWS\system32\ff_acm.acm
2008-01-25 12:13 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-01-25 09:25 . 2008-01-25 09:25 <KANSIO> d--h----- C:\WINDOWS\PIF
2008-01-25 07:16 . 2008-01-25 07:16 <KANSIO> d-------- C:\Program Files\MSXML 6.0
2008-01-24 22:03 . 2008-01-24 22:03 <KANSIO> d-------- C:\Uusi kansio
2008-01-20 12:43 . 2008-01-20 12:43 <KANSIO> d-------- C:\Program Files\Conduit
2008-01-20 11:51 . 2008-02-14 23:07 <KANSIO> d-------- C:\Program Files\DC++
2008-01-20 11:28 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-01-20 11:23 . 2008-01-20 11:27 <KANSIO> d--h----- C:\WINDOWS\msdownld.tmp
2008-01-19 20:48 . 2008-01-26 12:49 <KANSIO> d-------- C:\Program Files\EMCO Malware Destroyer
2008-01-19 20:15 . 2008-01-26 10:48 <KANSIO> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-19 20:14 . 2008-01-19 20:14 <KANSIO> d-------- C:\Program Files\Common Files\PC Tools
2008-01-19 20:14 . 2008-01-19 20:14 185,824 --a------ C:\WINDOWS\system32\0e46.sys
2008-01-19 20:13 . 2008-01-19 20:13 2,021,790 --a------ C:\WINDOWS\system32\1575.mht
2008-01-19 20:10 . 2008-01-19 20:10 <KANSIO> d-------- C:\Documents and Settings\NetworkService\Työpöytä
2008-01-19 20:10 . 2008-01-19 20:10 <KANSIO> d-------- C:\Documents and Settings\NetworkService\Application Data\SiteAdvisor
2008-01-19 20:08 . 2008-01-26 13:51 <KANSIO> d-------- C:\Program Files\PhishGuard
2008-01-19 20:08 . 2008-01-26 13:47 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\PhishGuard
2008-01-19 20:07 . 2008-01-19 20:07 <KANSIO> d-------- C:\Program Files\SiteAdvisor
2008-01-19 20:07 . 2008-01-19 20:07 <KANSIO> d-------- C:\Documents and Settings\LocalService\Työpöytä
2008-01-19 20:07 . 2008-01-19 20:07 <KANSIO> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-01-19 20:06 . 2008-01-26 13:10 <KANSIO> d-------- C:\Documents and Settings\Atte\Application Data\SiteAdvisor
2008-01-19 20:06 . 2008-01-26 13:05 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-01-19 20:03 . 2008-01-19 20:03 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-19 00:15 . 2008-01-26 12:50 <KANSIO> d-------- C:\Program Files\Paint.NET
2008-01-18 21:33 . 2008-01-18 21:33 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-01-18 21:32 . 2008-01-26 13:11 <KANSIO> d-------- C:\Documents and Settings\Atte\Application Data\WinPatrol

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-16 09:12 --------- d-----w C:\Program Files\lg_fwupdate
2008-02-15 20:54 1,370,624 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-02-15 20:54 1,184,256 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-02-15 10:02 209,920 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-02-15 09:32 863,744 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-02-15 09:32 1,351,680 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-02-14 21:36 2,628,096 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-02-14 21:36 1,372,160 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-02-14 15:13 1,330,688 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-02-14 15:13 1,294,336 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-14 15:12 --------- d-----w C:\Documents and Settings\Atte\Application Data\BitTorrent
2008-02-14 12:33 244,736 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-02-12 12:30 --------- d-----w C:\Documents and Settings\Atte\Application Data\OpenOffice.org2
2008-02-09 18:37 --------- d-----w C:\Documents and Settings\Atte\Application Data\vlc
2008-02-09 18:34 --------- d-----w C:\Program Files\VideoLAN
2008-02-07 21:16 --------- d-----w C:\Program Files\EvilLyrics
2008-02-05 16:45 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-04 15:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-26 16:58 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-01-26 16:58 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2008-01-26 16:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-26 11:37 --------- d-----w C:\Program Files\Oca History Tool
2008-01-26 11:05 --------- d-----w C:\Documents and Settings\Atte\Application Data\AdobeUM
2008-01-26 11:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-01-26 11:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-26 10:54 1,944 --sha-r C:\WINDOWS\Fonts\OP_CACHE.IDX
2008-01-26 10:50 --------- d-----w C:\Program Files\WinRAR
2008-01-26 10:50 --------- d-----w C:\Program Files\Windows NT
2008-01-26 10:50 --------- d-----w C:\Program Files\Windows Media Player
2008-01-26 10:50 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-01-26 10:50 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-01-26 10:49 --------- d-----w C:\Program Files\Google
2008-01-26 10:49 --------- d-----w C:\Program Files\GameSpy Arcade
2008-01-26 10:49 --------- d-----w C:\Program Files\DNA
2008-01-26 10:49 --------- d-----w C:\Program Files\Darkeden
2008-01-26 10:49 --------- d-----w C:\Program Files\BitTorrent
2008-01-26 10:49 --------- d-----w C:\Program Files\BitComet
2008-01-26 10:49 --------- d-----w C:\Program Files\AvRack
2008-01-26 10:35 --------- d-----w C:\Documents and Settings\Atte\Application Data\Lavasoft
2008-01-25 10:13 --------- d-----w C:\Program Files\ffdshow
2008-01-24 21:27 --------- d-----w C:\Program Files\Online TV Player 4
2008-01-19 17:22 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-01-19 16:17 --------- d-----w C:\Program Files\Nokia
2008-01-18 22:31 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-01-14 19:36 --------- d-----w C:\Program Files\Sierra
2008-01-13 19:58 --------- d-----w C:\Program Files\Penumbra
2008-01-13 13:29 --------- d-----w C:\Documents and Settings\Atte\Application Data\DNA
2008-01-12 20:27 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
2008-01-12 10:18 --------- d--h--r C:\Documents and Settings\Atte\Application Data\SecuROM
2008-01-11 18:54 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-11 18:52 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-01-11 18:21 --------- d-----w C:\Program Files\IObit
2008-01-11 15:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-01-11 15:18 --------- d-----w C:\Documents and Settings\Atte\Application Data\Nokia
2008-01-11 15:17 --------- d-----w C:\Program Files\DIFX
2008-01-11 15:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-01-11 14:49 --------- d-----w C:\Documents and Settings\Atte\Application Data\Simply Super Software
2008-01-11 14:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-01-11 11:31 --------- d-----w C:\Program Files\Windows Defender
2008-01-11 11:30 --------- d-----w C:\Program Files\Microsoft Baseline Security Analyzer 2
2008-01-11 10:40 --------- d-----w C:\Documents and Settings\Atte\Application Data\CyberLink
2008-01-11 10:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-01-11 10:35 --------- d-----w C:\Program Files\CyberLink
2008-01-10 22:53 --------- d-----w C:\Program Files\Microsoft Games
2008-01-09 14:18 --------- d-----w C:\Documents and Settings\Atte\Application Data\PC Suite
2008-01-08 19:47 --------- d-----w C:\Program Files\CCleaner
2008-01-08 17:40 --------- d-----w C:\Program Files\Infogrames
2008-01-08 17:22 --------- d-----w C:\Program Files\Common Files\Ahead
2008-01-08 17:04 --------- d-----w C:\Documents and Settings\Atte\Application Data\Ahead
2008-01-08 16:57 --------- d-----w C:\Program Files\Windows Live
2008-01-08 16:47 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-08 16:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-08 15:59 --------- d-----w C:\Program Files\Elisa
2008-01-08 15:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Emotum
2008-01-08 15:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Elisa
2008-01-08 14:59 --------- d-----w C:\Program Files\Reference Assemblies
2008-01-08 14:59 --------- d-----w C:\Program Files\MSBuild
2008-01-08 12:15 --------- d-----w C:\Program Files\Java
2008-01-08 12:09 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-07 19:08 --------- d-----w C:\Program Files\Battlefront
2008-01-07 19:06 --------- d-----w C:\Program Files\OpenOffice.org 2.0
2008-01-07 19:04 --------- d-----w C:\Program Files\Common Files\Java
2008-01-07 18:53 --------- d-----w C:\Program Files\GIMP-2.0
2008-01-07 18:52 --------- d-----w C:\Program Files\Common Files\GTK
2008-01-07 18:43 --------- d-----w C:\Program Files\WinZip
2008-01-07 17:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-01-07 17:36 --------- d-----w C:\Program Files\Nero
2008-01-07 17:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-01-07 17:11 --------- d-----w C:\Documents and Settings\Atte\Application Data\ATI
2008-01-07 17:09 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-07 17:09 --------- d-----w C:\Program Files\ATI Technologies
2008-01-07 17:06 --------- d-----w C:\Program Files\S3
2007-12-28 02:09 --------- d-----w C:\Program Files\Realtek AC97
2007-12-28 02:09 --------- d-----w C:\Program Files\Microsoft Works
2007-12-28 02:08 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\CyberLink
2007-12-18 09:51 179,584 -c--a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-07 02:14 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
2007-12-17 11:12 56360 --a------ C:\Program Files\Windows Live\Perheturva\fssbho.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 05:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-07 21:11 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 14:42 212992]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 12:39 90112 C:\WINDOWS\SOUNDMAN.EXE]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 15:55 1628208]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 15:55 1057328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Elisa Avustaja"="C:\Program Files\Elisa\Avustaja\Elisa.exe" [2007-10-22 15:15 189768]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2008-01-11 00:47 249856]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-12-04 23:03 36640]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 05:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

C:\Documents and Settings\Atte\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
OP_CACHE.ATR [2008-01-26 12:52:29 24]
OP_CACHE.IDX [2008-01-26 12:52:29 12]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
OP_CACHE.ATR [2008-01-26 13:47:05 48]
OP_CACHE.IDX [2008-01-26 13:47:05 24]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 13:53]
R2 fsssvc;Windows Live OneCare – perheturva;"C:\Program Files\Windows Live\Perheturva\fsssvc.exe" [2007-12-17 11:13]
S3 0e46;0e46;C:\WINDOWS\system32\0e46.sys [2008-01-19 20:14]
S3 FXDRV;FXDRV;D:\Fxdrv.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-02-01 18:23:45 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-16 09:09:04 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-02-15 20:32:36 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 11:24:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-16 11:24:56
ComboFix-quarantined-files.txt 2008-02-16 09:24:51
.
2008-02-13 14:17:58 --- E O F ---

 

Mitä ne nämä on

O4 - S-1-5-18 Startup: OP_CACHE.ATR (User 'SYSTEM')
O4 - S-1-5-18 Startup: OP_CACHE.IDX (User 'SYSTEM')
O4 - .DEFAULT Startup: OP_CACHE.ATR (User 'Default user')
O4 - .DEFAULT Startup: OP_CACHE.IDX (User 'Default user')
O4 - .DEFAULT User Startup: OP_CACHE.ATR (User 'Default user')
O4 - .DEFAULT User Startup: OP_CACHE.IDX (User 'Default user')
O4 - Startup: OP_CACHE.ATR
O4 - Startup: OP_CACHE.IDX
O4 - Global Startup: OP_CACHE.ATR
O4 - Global Startup: OP_CACHE.IDX

 

en osaa sanoa noista mitä ne on. pitäskö niille tehdä jotain?

 

fixsaa pois