"Olet voinut joutua ohjelmistoväärennyksen uhriksi", tämä herja näkyy ja häiritsee työpöydällä ja popuppina. Joskus tuntuu, että kone kaatuu tämän takia. Onko mahdollista? Tuossa olis vielä hjt-loki. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:48:07, on 10.12.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\crypserv.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\WgaTray.exe C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE C:\WINDOWS\system32\ctfmon.exe H:\Documents and Settings\Ohjelmat\Digital Imaging\bin\hpotdd01.exe C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.olet.info/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.kotinet.com:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: MSN-työkalurivi - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fi\msntb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKCU\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: hp psc 2000 Series.lnk = H:\Documents and Settings\Ohjelmat\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: V&ie Microsoft Exceliin - res://H:\DOCUME~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\DOCUME~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1227449182750 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1E70CFC4-BC68-49E6-96F2-F3CA7988D5B9}: NameServer = 212.50.211.242 212.50.192.226 O17 - HKLM\System\CS5\Services\Tcpip\..\{1E70CFC4-BC68-49E6-96F2-F3CA7988D5B9}: NameServer = 212.50.211.242 212.50.192.226 O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - F:\Ohjelmat\Common\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 9386 bytes
Lataa Malwarebytes' Anti-Malware työpöydällesi. 1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman. 2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish. 3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version. 4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan. 5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset. 6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected. 7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt 8. Lähetä lokin sisältö seuraavassa viestissäsi
Joo luulin, että koneeni on "puhdas", mutta eipä ollutkaan. Tässä loki. Malwarebytes' Anti-Malware 1.31 Tietokantaversio: 1489 Windows 5.1.2600 Service Pack 3 11.12.2008 20:35:53 mbam-log-2008-12-11 (20-35-53).txt Tarkistustyyppi: Täysi tarkistus (C:\|F:\|G:\|H:\|) Tarkistetut kohteet: 150335 Kulunut aika: 2 hour(s), 28 minute(s), 57 second(s) Saastuneita muistiprosesseja: 0 Saastuneita muistimoduuleja: 0 Saastuneita rekisteriavaimia: 1 Saastuneita rekisteriarvoja: 0 Saastuneita rekisterikohteita: 0 Saastuneita hakemistoja: 0 Saastuneita tiedostoja: 3 Saastuneita muistiprosesseja: (Haitallisia kohteita ei löydetty) Saastuneita muistimoduuleja: (Haitallisia kohteita ei löydetty) Saastuneita rekisteriavaimia: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully. Saastuneita rekisteriarvoja: (Haitallisia kohteita ei löydetty) Saastuneita rekisterikohteita: (Haitallisia kohteita ei löydetty) Saastuneita hakemistoja: (Haitallisia kohteita ei löydetty) Saastuneita tiedostoja: C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Setup.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\WINDOWS\system32\TDSSerrors.log (Trojan.TDSS) -> Quarantined and deleted successfully.
1.Lataa Combofix.exe työpöydällesi yhdestä linkistä: Combofix1 Combofix2 2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia. 3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi. Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen. ================ Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi. Käynnistä koneesi vikasietotilaan: sammuta ja käynnistä käynnistyksen yhteydessä hakkaa F8 nappia valitse nuolinäppäimellä vikasietotila paina enter ja enter valitse käyttäjätilisi paina kyllä Jossakin koneissa hakataan F8:sin sijasta F5:tä " Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix. " Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman. " Paina Y käynnistääksesi skriptin. " Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot". " Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen. " Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta. " Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished". " Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle. " Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.
Ajoin SDFixin ensin, kun Combofix ei lähtenyt pelittään. Tässä nämä lokit. SDFix: Version 1.240 Run by Paula Nissinen on pe 12.12.2008 at 20:35 Microsoft Windows XP [versio 5.1.2600] Running From: C:\Documents and Settings\Paula Nissinen.-\Työpöytä\SDFix\SDFix Checking Services : Name : tdssserv Path : \systemroot\system32\drivers\TDSSserv.sys tdssserv - Deleted Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\system32\drivers\TDSSserv.sys - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-12 20:54:09 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TDSSserv] "start"=dword:00000001 "type"=dword:00000001 "imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\TDSSserv] "start"=dword:00000001 "type"=dword:00000001 "imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\TDSSserv] "start"=dword:00000001 "type"=dword:00000001 "imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys" scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="wmfhotfix.dll" "DeviceNotSelectedTimeout"="15" "GDIProcessHandleQuota"=dword:00002710 "Spooler"="yes" "swapdisk"="" "TransmissionRetryTimeout"="90" "USERProcessHandleQuota"=dword:00002710 "NoPopUpsOnBoot"=dword:00000001 scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent" "C:\\Program Files\\SmartFTP\\SmartFTP.exe"="C:\\Program Files\\SmartFTP\\SmartFTP.exe:*:Enabled:SmartFTP" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "G:\\LimeWire\\LimeWire.exe"="G:\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files : File Backups: - C:\DOCUME~1\PAULAN~1.-\TYPYT~1\SDFix\SDFix\backups\backups.zip Files with Hidden Attributes : Mon 14 Apr 2008 1,695,232 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe" Mon 14 Apr 2008 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe" Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll" Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\Tools.dll" Sat 27 May 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak" Thu 29 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv01.tmp" Sat 22 Oct 2005 19,456 ...H. --- "C:\Documents and Settings\Paula Nissinen.-\Application Data\Microsoft\Word\~WRL0904.tmp" Finished! ComboFix 08-12-11.06 - Paula Nissinen 2008-12-12 21:03:57.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1035.18.608 [GMT 2:00] Sijainti: c:\documents and settings\Paula Nissinen.-\Työpöytä\ComboFix.exe * Uusi palautuspiste luotu * Resident AV is active . (((((((((((((((((((((((((((((((((((((( Muut poistot )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\autorun.inf . ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-11-12 to 2008-12-12 ))))))))))))))))) . 2008-12-12 20:34 . 2008-12-12 20:34 579,072 --a--c--- c:\windows\system32\dllcache\user32.dll 2008-12-12 20:33 . 2008-12-12 20:33 <KANSIO> d-------- c:\windows\ERUNT 2008-12-08 18:06 . 2008-12-08 18:06 <KANSIO> d-------- c:\program files\HP 2008-12-08 18:06 . 2008-12-08 18:06 214 --a------ c:\windows\HP_48BitScanUpdatePatch.ini 2008-12-08 17:53 . 2008-12-08 17:58 19,560 --a------ c:\windows\hpoins01.dat 2008-12-08 17:53 . 2003-04-22 18:04 16,606 --------- c:\windows\hpomdl01.dat 2008-11-28 12:26 . 2008-11-28 12:26 <KANSIO> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Office Genuine Advantage 2008-11-23 23:15 . 2008-10-16 22:18 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll 2008-11-23 23:15 . 2007-04-17 11:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat 2008-11-23 23:15 . 2007-03-08 07:10 1,011,712 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui 2008-11-23 23:15 . 2008-10-16 22:18 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll 2008-11-23 23:15 . 2008-10-16 22:18 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll 2008-11-23 23:15 . 2008-10-16 22:18 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll 2008-11-23 23:15 . 2008-10-16 22:18 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll 2008-11-23 23:15 . 2008-10-16 22:18 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll 2008-11-23 23:15 . 2008-10-16 15:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe 2008-11-23 17:33 . 2008-05-01 16:35 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll 2008-11-23 17:33 . 2008-06-14 19:34 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys 2008-11-23 17:33 . 2008-08-14 12:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys 2008-11-23 17:32 . 2008-08-14 15:25 2,191,488 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-11-23 17:32 . 2008-08-14 15:25 2,147,840 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-11-23 17:32 . 2008-08-14 15:25 2,068,352 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-11-23 17:32 . 2008-08-14 15:24 2,026,496 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-11-23 17:32 . 2008-09-15 17:27 1,846,656 -----c--- c:\windows\system32\dllcache\win32k.sys 2008-11-23 17:32 . 2008-09-08 12:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys 2008-11-23 17:31 . 2008-04-11 21:05 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll 2008-11-23 17:31 . 2008-05-08 16:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys 2008-11-23 17:30 . 2008-10-15 18:37 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2008-11-23 17:19 . 2008-09-04 19:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2008-11-23 17:19 . 2008-10-24 13:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-23 17:03 . 2008-11-23 17:03 <KANSIO> d-------- c:\windows\system32\fi 2008-11-23 17:03 . 2008-11-23 17:03 <KANSIO> d-------- c:\windows\l2schemas 2008-11-23 16:37 . 2008-04-14 18:12 774,144 -----c--- c:\windows\system32\dllcache\setup_wm.exe 2008-11-23 16:36 . 2008-09-10 03:15 1,307,648 --------- c:\windows\system32\msxml6.dll 2008-11-23 16:35 . 2008-04-14 18:10 845,338 -----c--- c:\windows\system32\dllcache\msdxm.ocx 2008-11-23 16:34 . 2008-04-14 18:10 290,816 -----c--- c:\windows\system32\dllcache\l3codeca.acm 2008-11-23 16:34 . 2008-04-13 18:36 144,384 --------- c:\windows\system32\drivers\hdaudbus.sys 2008-11-23 16:34 . 2008-04-14 18:10 102,912 -----c--- c:\windows\system32\dllcache\dpcdll.dll 2008-11-23 16:34 . 2008-04-14 18:11 61,440 --------- c:\windows\system32\kmsvc.dll 2008-11-23 16:34 . 2008-04-14 18:11 37,376 --------- c:\windows\system32\l2gpstore.dll 2008-11-23 16:34 . 2008-04-14 18:09 24,064 -----c--- c:\windows\system32\dllcache\pidgen.dll 2008-11-23 16:34 . 2008-04-14 18:11 10,752 --------- c:\windows\system32\smtpapi.dll 2008-11-23 16:34 . 2008-04-14 18:11 9,728 --------- c:\windows\system32\rwnh.dll 2008-11-23 16:34 . 2008-04-14 18:10 6,144 --------- c:\windows\system32\kbdpash.dll 2008-11-23 16:34 . 2008-04-14 18:10 6,144 --------- c:\windows\system32\kbdnepr.dll 2008-11-23 16:34 . 2008-04-14 18:10 6,144 --------- c:\windows\system32\kbdiultn.dll 2008-11-23 16:34 . 2008-04-14 18:10 6,144 --------- c:\windows\system32\kbdbhc.dll 2008-11-23 16:34 . 2008-04-14 17:52 1,950 --------- c:\windows\system32\pid.inf 2008-11-23 16:07 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui 2008-11-23 15:35 . 2008-11-23 15:35 749 -rah----- c:\windows\WindowsShell.Manifest 2008-11-23 15:35 . 2008-11-23 15:35 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest 2008-11-23 15:35 . 2008-11-23 15:35 749 -rah----- c:\windows\system32\sapi.cpl.manifest 2008-11-23 15:35 . 2008-11-23 15:35 749 -rah----- c:\windows\system32\nwc.cpl.manifest 2008-11-23 15:35 . 2008-11-23 15:35 749 -rah----- c:\windows\system32\ncpa.cpl.manifest 2008-11-23 15:35 . 2008-11-23 15:35 488 -rah----- c:\windows\system32\logonui.exe.manifest 2008-11-23 15:20 . 2008-05-03 05:46 251,599 --a------ c:\windows\system32\nvdspjpn.chm 2008-11-23 15:14 . 2001-10-09 14:00 24,661 --a------ c:\windows\system32\spxcoins.dll 2008-11-23 15:14 . 2001-10-09 14:00 13,312 --a------ c:\windows\system32\irclass.dll 2008-11-23 15:13 . 2004-09-15 08:58 1,086,058 -ra------ c:\windows\SETCB.tmp 2008-11-23 15:13 . 2004-09-15 09:01 1,014,139 -ra------ c:\windows\SETC8.tmp 2008-11-23 15:13 . 2004-09-15 08:58 14,043 -ra------ c:\windows\SETD7.tmp 2008-11-22 15:08 . 2006-03-02 14:00 2 --a------ c:\windows\desktop.ini 2008-11-22 15:05 . 2008-04-14 18:12 344,064 --a------ c:\windows\system32\mspaint.exe 2008-11-22 14:54 . 2006-03-02 14:00 1,086,058 -ra------ c:\windows\SETEF.tmp 2008-11-22 14:54 . 2006-03-02 14:00 1,014,139 -ra------ c:\windows\SETEC.tmp 2008-11-22 14:54 . 2006-03-02 14:00 14,573 -ra------ c:\windows\SET12E.tmp 2008-11-22 14:54 . 2006-03-02 14:00 14,043 -ra------ c:\windows\SETFB.tmp 2008-11-20 23:16 . 2007-07-30 19:19 271,224 --a------ c:\windows\system32\mucltui.dll 2008-11-20 23:16 . 2007-07-30 19:19 207,736 --a------ c:\windows\system32\muweb.dll 2008-11-20 23:16 . 2007-07-30 19:18 30,072 --a------ c:\windows\system32\mucltui.dll.mui 2008-11-20 23:06 . 2008-11-20 23:06 <KANSIO> d-------- c:\program files\MSBuild 2008-11-20 23:04 . 2008-11-20 23:04 <KANSIO> d-------- c:\program files\Microsoft.NET 2008-11-20 23:01 . 2008-12-01 12:21 <KANSIO> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help 2008-11-16 22:03 . 2008-11-16 22:03 2,276 --ah----- C:\ZbThumbnail.info 2008-11-16 18:43 . 2008-11-16 19:17 234 --a------ c:\windows\wininit.ini 2008-11-16 17:39 . 2008-11-16 17:39 <KANSIO> d-------- c:\documents and settings\Järjestelmänvalvoja\Application Data\Malwarebytes 2008-11-16 17:37 . 2004-07-23 17:29 <KANSIO> d--h----- c:\documents and settings\Järjestelmänvalvoja\Verkkoympäristö 2008-11-16 17:37 . 2004-07-23 17:29 <KANSIO> d--h----- c:\documents and settings\Järjestelmänvalvoja\Verkkoympäristö 2008-11-16 17:37 . 2004-07-23 17:29 <KANSIO> d-------- c:\documents and settings\Järjestelmänvalvoja\Työpöytä 2008-11-16 17:37 . 2004-07-23 17:29 <KANSIO> d-------- c:\documents and settings\Järjestelmänvalvoja\Työpöytä 2008-11-16 17:37 . 2004-07-23 17:29 <KANSIO> d--h----- c:\documents and settings\Järjestelmänvalvoja\Tulostinympäristö 2008-11-16 17:37 . 2004-07-23 17:29 <KANSIO> d--h----- c:\documents and settings\Järjestelmänvalvoja\Tulostinympäristö 2008-11-16 17:37 . 2004-07-23 17:29 <KANSIO> d-------- c:\documents and settings\Järjestelmänvalvoja\Suosikit 2008-11-16 17:37 . 2004-07-23 17:29 <KANSIO> d-------- c:\documents and settings\Järjestelmänvalvoja\Suosikit 2008-11-16 17:37 . 2006-01-20 14:56 <KANSIO> d--h----- c:\documents and settings\Järjestelmänvalvoja\Mallit 2008-11-16 17:37 . 2006-01-20 14:56 <KANSIO> d--h----- c:\documents and settings\Järjestelmänvalvoja\Mallit 2008-11-16 17:37 . 2004-07-23 17:29 <KANSIO> dr------- c:\documents and settings\Järjestelmänvalvoja\Käynnistä-valikko 2008-11-16 17:37 . 2004-07-23 17:29 <KANSIO> dr------- c:\documents and settings\Järjestelmänvalvoja\Käynnistä-valikko 2008-11-16 17:37 . 2008-11-16 17:37 <KANSIO> d-------- c:\documents and settings\Järjestelmänvalvoja 2008-11-16 15:47 . 2008-12-11 17:59 <KANSIO> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-16 15:47 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-16 15:47 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-15 17:21 . 2008-11-15 17:21 <KANSIO> d--hs---- C:\found.000 2008-11-15 12:59 . 2008-11-06 02:03 <KANSIO> d-------- C:\SDFix . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-12 17:36 --------- d-----w c:\program files\F-Secure Internet Security 2008-11-29 15:29 --------- d-----w c:\program files\Hewlett-Packard 2008-11-27 19:13 --------- d-----w c:\program files\MSN Messenger 2008-11-20 20:45 --------- d-----w c:\program files\Lavasoft 2008-11-17 16:34 --------- d-----w c:\program files\Java 2008-11-16 17:19 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-11-16 16:04 30,856 ----a-w c:\windows\system32\drivers\fsbts.sys 2008-11-09 13:18 --------- d-----w c:\program files\SystemRequirementsLab 2008-11-09 13:18 --------- d-----w c:\documents and settings\Paula Nissinen.-\Application Data\SystemRequirementsLab 2008-11-08 16:15 --------- d-----w c:\program files\Panda Security 2008-11-06 20:01 --------- d-----w c:\documents and settings\Paula Nissinen.-\Application Data\IObit 2008-11-02 16:29 --------- d-----w c:\program files\Stellar Phoenix Windows Data Recovery 2008-11-02 12:37 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2008-11-01 18:00 --------- d-----w c:\program files\IObit 2008-11-01 14:01 6,080 ----a-w c:\windows\system32\drivers\UNIDRV.SYS 2008-10-26 13:42 --------- d-----w c:\program files\FileASSASSIN 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-23 16:56 --------- d-----w c:\program files\util 2008-10-23 16:56 --------- d-----w c:\program files\Setup 2008-10-23 16:56 --------- d-----w c:\program files\fin 2008-10-23 16:56 --------- d-----w c:\program files\Drivers 2008-10-23 16:56 --------- d-----w c:\program files\common 2008-10-23 12:38 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-19 15:35 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\qvctohcn 2008-10-19 14:48 --------- d-----w c:\documents and settings\Paula Nissinen.-\Application Data\Malwarebytes 2008-10-19 14:47 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes 2008-10-18 08:19 --------- d-----w c:\program files\Trend Micro 2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll 2008-10-16 12:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 12:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 12:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 12:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 12:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 12:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 12:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 12:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-14 20:20 --------- d-----w c:\program files\yjfcjyb 2008-10-14 19:36 23,600 ----a-w c:\windows\system32\drivers\TVICHW32.SYS 2008-10-14 18:57 --------- d-----w c:\documents and settings\Paula Nissinen.-\Application Data\Uniblue 2008-10-14 18:38 --------- d-----w c:\documents and settings\Paula Nissinen.-\Application Data\F-Secure 2008-10-14 17:25 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\f-secure 2008-10-14 17:22 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\fssg 2008-10-14 16:12 --------- d-----w c:\documents and settings\Paula Nissinen.-\Application Data\LimeWire 2008-10-13 19:49 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\avg8 2008-10-05 13:03 10,520 ----a-w c:\windows\system32\avgrsstx.dll 2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-09-30 14:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-15 15:27 1,846,656 ----a-w c:\windows\system32\win32k.sys 2008-01-20 18:03 3,072 --sha-w c:\program files\Thumbs.db 2006-11-13 08:12 0 ---ha-w c:\documents and settings\LocalService\hpothb07.dat 2006-11-13 07:45 6,423 ---ha-w c:\program files\hpothb07.tif 2006-11-13 07:45 1,893 ---ha-w c:\program files\hpothb07.dat 2006-06-24 16:23 689 ---ha-w c:\documents and settings\Paula Nissinen.-\hpothb07.dat 2005-10-01 17:27 0 ---ha-w c:\documents and settings\Paula Nissinen.-\Application Data\hpothb07.dat 2005-09-30 21:06 172 ---ha-w c:\documents and settings\All Users.WINDOWS\hpothb07.dat 2004-07-05 14:14 67,072 ----a-r c:\program files\SETUPDLL.DLL 2004-07-04 09:17 21,504 ----a-r c:\program files\UNINST32.DLL 2003-04-22 15:27 2,716,160 ------w c:\program files\aiodrv.msi 2003-04-22 15:22 2,605,056 ------w c:\program files\aiosw.msi 2003-04-22 15:04 16,606 ----a-w c:\program files\hpomdl01.dat 2003-04-22 15:03 193 ----a-w c:\program files\readme.html 2003-04-09 15:19 2,848 ----a-w c:\program files\hpound08.inf 2003-04-09 15:19 14,157 ----a-w c:\program files\hpousc08.inf 2003-04-09 15:00 4,715 ----a-w c:\program files\hpoglu08.inf 2003-04-09 15:00 2,889 ----a-w c:\program files\hpousb08.inf 2003-03-20 13:20 24,728 ----a-w c:\program files\HPZipr12.cat 2003-03-20 13:20 24,285 ----a-w c:\program files\hposcu08.cat 2003-03-20 13:20 22,523 ----a-w c:\program files\HPZius12.cat 2003-03-20 13:20 22,082 ----a-w c:\program files\hpzist12.cat 2003-03-20 13:20 22,082 ----a-w c:\program files\HPZid412.cat 2003-03-20 13:20 21,641 ----a-w c:\program files\HPOunp08.cat 2003-03-20 13:20 205,503 ----a-w c:\program files\hpoprn08.cat 2003-03-13 04:33 423,237 ----a-r c:\program files\ch3d4d.Z 2003-03-13 04:33 263,252 ----a-r c:\program files\SETLAN.Z 2003-03-13 04:33 1,494,782 ----a-r c:\program files\data.Z 2003-03-09 18:30 63,562 ----a-w c:\program files\hposcu08.inf 2003-03-09 18:30 51,266 ----a-w c:\program files\hpoprn08.inf 2003-03-09 18:30 33,952 ----a-w c:\program files\hpzid412.inf 2003-03-09 18:30 3,898 ----a-w c:\program files\hpounp08.inf 2003-03-09 18:30 3,667 ----a-w c:\program files\hpzist12.inf 2003-03-09 18:30 274,432 ----a-w c:\program files\hpzglu07.exe 2003-03-09 18:30 237,568 ----a-w c:\program files\hpzc3212.dll 2003-03-09 18:30 23,186 ----a-w c:\program files\hpzcin06.ex_ 2003-03-09 18:30 184,320 ----a-w c:\program files\hpzscr07.dll 2003-03-09 18:30 16,352 ----a-w c:\program files\HPZUCI12.DLL 2003-03-09 18:30 14,285 ----a-w c:\program files\hpzius12.inf 2003-03-09 18:30 10,325 ----a-w c:\program files\hpzipr12.inf 2003-02-21 08:53 5,972 ----a-r c:\program files\CHIMOUSE.INF 2002-09-09 15:48 458,752 ----a-w c:\program files\tls704d.dll 2002-09-09 15:48 22,608 ----a-w c:\program files\usbprint.sys 2002-09-09 15:48 12,288 ----a-w c:\program files\usbmon.dll 2002-09-09 15:47 70,656 ----a-w c:\program files\msvcirt.dll 2002-09-09 15:47 55,155 ----a-w c:\program files\hpzusb00.sy_ 2002-09-09 15:47 5,705 ----a-w c:\program files\hpzuci02.dl_ 2002-09-09 15:47 254,005 ----a-w c:\program files\msvcrt.dll 2002-09-09 15:47 25,639 ----a-w c:\program files\hpzpom04.dl_ 2002-09-09 15:47 212,992 ----a-w c:\program files\hpzpnp07.dll 2002-09-09 15:46 52,552 ----a-w c:\program files\hpziou01.dl_ 2002-09-09 15:46 49,212 ----a-w c:\program files\hpzjvp01.dll 2002-09-09 15:46 46,017 ----a-w c:\program files\hpzion00.sy_ . (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "F-Secure TNB"="c:\program files\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2008-06-25 957024] "F-Secure Manager"="c:\program files\F-Secure Internet Security\Common\FSM32.EXE" [2008-06-25 182936] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users.WINDOWS\K„ynnist„-valikko\Ohjelmat\K„ynnistys\ hp psc 2000 Series.lnk - h:\documents and settings\Ohjelmat\Digital Imaging\bin\hpobnz08.exe [2003-04-09 323646] hpoddt01.exe.lnk - h:\documents and settings\Ohjelmat\Digital Imaging\bin\hpotdd01.exe [2003-04-09 28672] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=wmfhotfix.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"= ctwdm32.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users.WINDOWS\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Käynnistä-valikko^Ohjelmat^Käynnistys^hp psc 2000 Series.lnk] path=c:\documents and settings\All Users.WINDOWS\Käynnistä-valikko\Ohjelmat\Käynnistys\hp psc 2000 Series.lnk backup=c:\windows\pss\hp psc 2000 Series.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Käynnistä-valikko^Ohjelmat^Käynnistys^Microsoft Office.lnk] path=c:\documents and settings\All Users.WINDOWS\Käynnistä-valikko\Ohjelmat\Käynnistys\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Käynnistä-valikko^Ohjelmat^Käynnistys^officejet 6100.lnk] path=c:\documents and settings\All Users.WINDOWS\Käynnistä-valikko\Ohjelmat\Käynnistys\officejet 6100.lnk backup=c:\windows\pss\officejet 6100.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Käynnistä-valikko^Ohjelmat^Käynnistys^SecureDoc.lnk] path=c:\documents and settings\All Users.WINDOWS\Käynnistä-valikko\Ohjelmat\Käynnistys\SecureDoc.lnk backup=c:\windows\pss\SecureDoc.lnkCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2005-12-28 11:41 155648 c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2005-08-14 16:42 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "g:\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2008-10-16 30856] R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2008-10-14 79904] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-05 97928] R1 F-Secure HIPS;F-Secure HIPS Driver;\??\c:\program files\F-Secure Internet Security\HIPS\drivers\fshs.sys [2008-10-14 66720] R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [2005-09-03 12900] R2 Dev_UNIDRV;Dev_UNIDRV;\??\c:\windows\system32\Drivers\UNIDRV.SYS [2006-09-24 6080] R2 NwSapAgent;SAP-agentti;c:\windows\system32\svchost.exe -k netsvcs [2004-09-14 14336] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\c:\program files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [2008-10-14 72288] R3 FSORSPClient;F-Secure ORSP Client;"c:\program files\F-Secure Internet Security\ORSP Client\fsorsp.exe" [2008-10-14 55904] S3 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-05 231704] S3 dump_wmimmc;dump_wmimmc;\??\c:\ijji\ENGLISH\u_sf\GameGuard\dump_wmimmc.sys [] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;f:\ohjelmat\Common\Database\bin\fbserver.exe [2007-12-26 1527900] S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);c:\windows\system32\DRIVERS\SE2Ebus.sys [2006-10-13 61600] S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;c:\windows\system32\DRIVERS\SE2Emdfl.sys [2006-10-13 9360] S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;c:\windows\system32\DRIVERS\SE2Emdm.sys [2006-10-13 97184] S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\SE2Emgmt.sys [2006-10-13 88688] S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);c:\windows\system32\DRIVERS\se2End5.sys [2006-10-13 18704] S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\SE2Eobex.sys [2006-10-13 86560] S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);c:\windows\system32\DRIVERS\se2Eunic.sys [2006-10-13 90800] S3 StickCap;Digital TV DVB-T USB Stick adapter service;c:\windows\system32\Drivers\stickcap.sys [] S3 stickload;Digital TV stick firmware loader service;c:\windows\system32\DRIVERS\stickload.sys [] S4 F-Secure Filter;F-Secure File System Filter;\??\c:\program files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2008-10-14 39776] S4 F-Secure Recognizer;F-Secure File System Recognizer;\??\c:\program files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2008-10-14 25184] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf6dd2fd-37d6-11dd-9a78-0004ed174043}] \Shell\AutoRun\command - I:\InstallTomTomHOME.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{c23dd370-cb79-11d2-898a-00c04f80a47f}] rundll32.exe advpack.dll,LaunchINFSectionEx %SystemRoot%\INF\toolimg.inf,PerUserStub.Install,,260 . 'Ajoitetut tehtävät'-kansion sisältö 2008-12-08 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1228751920.job - h:\documents and settings\Ohjelmat\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 17:56] 2008-12-12 c:\windows\Tasks\Scheduled scanning task.job - c:\progra~1\F-SECU~1\ANTI-V~1\fsav.exe [2008-06-25 15:41] . - - - - POISTETUT JÄMÄRIVIT - - - - MSConfigStartUp-LiveMonitor - c:\program files\MSI\Live Update 3\LMonitor.exe MSConfigStartUp-Share-to-Web Namespace Daemon - c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe . ------- Täydentävä tarkistus ------- . uStart Page = hxxp://www.olet.info/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyServer = proxy.kotinet.com:8080 IE: &Search IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: V&ie Microsoft Exceliin - h:\docume~1\Office12\EXCEL.EXE/3000 LSP: c:\program files\F-Secure Internet Security\FSPS\program\FSLSP.DLL TCP: {1E70CFC4-BC68-49E6-96F2-F3CA7988D5B9} = 212.50.211.242 212.50.192.226 O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd FF - ProfilePath - c:\documents and settings\Paula Nissinen.-\Application Data\Mozilla\Firefox\Profiles\nerydl9d.default\ FF - prefs.js: browser.startup.homepage - hxxp://olet.info/web/sa_mainpage/MainPage_main.jsp FF - prefs.js: network.proxy.http - proxy.kotinet.com FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.type - 1 FF - plugin: c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF - plugin: c:\program files\DivX\DivX Content Uploader\npUpload.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-12 21:06:40 Windows 5.1.2600 Service Pack 3 NTFS tarkistaa piilotettuja prosesseja ... tarkistaa piilotettuja käynnistysarvoja ... tarkistaa piilotettuja tiedostoja ... tarkistus on valmis piilotetut tiedostot: 0 ************************************************************************** . --------------------- Prosesseihin ladatut DLLt --------------------- - - - - - - - > 'lsass.exe'(956) c:\program files\F-Secure Internet Security\FSPS\program\FSLSP.DLL . Valmistumisajankohta: 2008-12-12 21:08:37 ComboFix-quarantined-files.txt 2008-12-12 19:08:20 Ennen ajoa: 1 285 890 048 tavua vapaana Ajon jälkeen: 1,274,843,136 tavua vapaana WindowsXP-KB310994-SP2-Pro-BootDisk-FIN.EXE [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 350 --- E O F --- 2008-12-10 16:33:44 2003-04-22 17:04:02 A------- 19,469 C:\Qoobox\Quarantine\C\Program Files\AUTORUN.INF.vir 2008-12-12 19:35:41 A------- 171 C:\Qoobox\Quarantine\catchme.log 2008-12-12 21:06:06 A------- 13,400 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2008-12-12 21:07:30 A------- 0 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-CFSServ.exe.reg.dat 2008-12-12 21:07:30 A------- 0 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-NDSTray.exe.reg.dat 2008-12-12 21:07:30 A------- 0 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TFncKy.reg.dat 2008-12-12 21:07:57 A------- 610 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-LiveMonitor.reg.dat 2008-12-12 21:07:58 A------- 674 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Share-to-Web Namespace Daemon.reg.dat Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:03:37, on 13.12.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\crypserv.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE C:\WINDOWS\system32\ctfmon.exe H:\Documents and Settings\Ohjelmat\Digital Imaging\bin\hpotdd01.exe C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe H:\Documents and Settings\Ohjelmat\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.olet.info/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.kotinet.com:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: MSN-työkalurivi - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fi\msntb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKCU\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: hp psc 2000 Series.lnk = H:\Documents and Settings\Ohjelmat\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: V&ie Microsoft Exceliin - res://H:\DOCUME~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\DOCUME~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1227449182750 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - F:\Ohjelmat\Common\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 8969 bytes HUH HUH tulipas näitä...
Kopioi / liitä seuraava teksti alapuolella tyhjään muistioFiluun Varmista että tiedoston tyyppi on ”all Files” ja tallenna se Poisto.bat. nimisenä työpöydällesi. @echo off sc stop avg8wd sc delete avg8wd Tupla-klikkaa Poisto.bat. filua työpöydälläsi , ikkuna avautuu ja Sulkeutuu tämä on normaalia. ======== Mikäs on nyt koneen toiminta
Oon tosiaan ihmetellyt tuota AVG-tietoa tuolla koneessa vaikka sitä ei ole ollut mulla aikoihin. Kone tuntuu pelaavan mainiosti. tuota Windows genuine-juttua ei vissiin saa millään pois, kun erehdyin sen toolin kerran lataamaan, aiheestahan se valittaa . Ei sitä ainakaan ohjelmista voi poistaa. Kiitokset sulle avusta.
