Eli kone alkanut sekoilemaan, lähinnä windowsin osalta, esimerkiksi ohjauspaneelin lisää ja poista sovellus on aivan sekaisin. Tässä ois tää hjt-logi jos joku viittis tsekkailla Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:08:17, on 12.8.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\uTorrent\utorrent.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe C:\Program Files\BUFFALO\Client Manager 2\ClientMgr2.exe C:\Program Files\Last.fm\LastFMHelper.exe C:\Program Files\Samurize\Client.exe C:\Program Files\Sygate\SPF\smc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Last.fm\LastFM.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: ClientManager2.lnk = C:\Program Files\BUFFALO\Client Manager 2\ClientMgr2.exe O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169821442771 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing) O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- End of file - 9602 bytes Kiitos jo etukäteen.
Moron! ========= Avaa hijackthis merkkaa seuraavat rivi(t) ja paina fix checked, sulje muut ohjelmat siksi aikaa. O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE Tässä ohje miten merkataan: ========== Skannaa koneesi Ewido Online Scannerilla * Lataa Ewido_micro.exe tästä. * Tallenna tiedosto esimerkiksi työpöydälle. * Tuplaklikkaa Ewido_micro.exeä työpöydälläsi. * Ewido alkaa samantien päivittämään tunnisteitaan. Tässä voi mennä hetki. * Kun päivitykset on ladattu, varmista että kaikki kohdat ovat rastitettuja ikkunan vasemmassa laidassa. * Klikkaa vasemmalla alhaalla olevaa Start Scan -nappia. * Scannaus alkaa. Tässä voi kestää jonkun aikaa, riippuen tiedostojen määrästä. * Kun skannaus on valmis ja löytyneitä kohteita on, niin varmista, että kaikkien kohteiden vasemmalla puolella olevissa kohdissa on rastit. * Klikkaa Save report -nappia ja tallenna raportti vaikka työpöydälle. * Klikkaa Remove Infections -nappia. * Kun vastaat aukeavaan ilmoitukseen ok, niin kaikki saastuneet tiedostot poistetaan. * Poiston jälkeen voit sammuttaa Ewido Online Scannerin painamalla yläkulmassa olevaa punaista rastia. * Käynnistä kone nyt uudelleen ja postita tallentamasi raportti viestiketjuusi ========== Loistava ohje tietokoneeen nopeuttamiseksi http://neko.1g.fi/ohje/hidastelua.html ========== Jos sinulla ei ole tätä java versiota (6.2): Vanha java saastuttaa helposti koneesi! Javan päivitys ja välimuistin tyhjennys: 1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa. 2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... ) Niissä pitäisi olla seuraava kuva vieressä: 3. Valitse kaikki entiset Java versiosi ja valitse Poista. 4. Asenna uusin Java päivitys seuraavasta linkistä.. 5. Käynnistä kone uudelleen asennuksen jälkeen: http://java.sun.com/javase/downloads/index.jsp tai http://www.filehippo.com/download_java_runtime/ Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u2 Paina Download Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se. 6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi). 7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia. (Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa. Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle). 8. Varmista että kaikki kaksi valintaa ovat rastitettuja: *Applications and Applets *Trace and Log Files Ja paina OK -nappia 9. Klikkaa OK "Temporary Files Settings" -ikkunassasi. 10. Klikkaa OK jättääksesi Java asetusikkunasi. ========== Lataa Deckard's System Scanner Työpöydällesi. Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman. [*]Sulje kaikki avoimet ikkunat ja ohjelmat. [*]Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita. [*]Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt [*]Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V ) [*]kopioi ja liitä Extra.txt & Main.txt sisältö seuraavaan vastaukseesi. ja ewido online skannerin raportti
EWIDO-raportti: __________________________________________________ ewido anti-spyware online scanner http://www.ewido.net __________________________________________________ Name: TrackingCookie.Atdmt Path: C:\Documents and Settings\acer\Cookies\acer@atdmt[2].txt Risk: Medium Name: TrackingCookie.Serving-sys Path: C:\Documents and Settings\acer\Cookies\acer@bs.serving-sys[2].txt Risk: Medium Name: TrackingCookie.Serving-sys Path: C:\Documents and Settings\acer\Cookies\acer@serving-sys[1].txt Risk: Medium Name: TrackingCookie.Netflame Path: C:\Documents and Settings\acer\Cookies\acer@ssl-hints.netflame[1].txt Risk: Medium Name: TrackingCookie.Statistik-gallup Path: C:\Documents and Settings\acer\Cookies\acer@statistik-gallup[1].txt Risk: Medium Name: TrackingCookie.Doubleclick Path: :mozilla.8:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Statistik-gallup Path: :mozilla.17:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Webtrends Path: :mozilla.44:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Advertising Path: :mozilla.45:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Advertising Path: :mozilla.46:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Advertising Path: :mozilla.47:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Advertising Path: :mozilla.48:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Advertising Path: :mozilla.49:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.59:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.60:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.61:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.62:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.63:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Adbrite Path: :mozilla.72:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.73:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Adbrite Path: :mozilla.74:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Adbrite Path: :mozilla.75:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Hitbox Path: :mozilla.114:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Hitbox Path: :mozilla.115:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Atdmt Path: :mozilla.119:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Tradedoubler Path: :mozilla.140:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Tradedoubler Path: :mozilla.141:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Statcounter Path: :mozilla.154:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Statcounter Path: :mozilla.155:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Statcounter Path: :mozilla.156:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Statcounter Path: :mozilla.157:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Adtech Path: :mozilla.160:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Adtech Path: :mozilla.161:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Revsci Path: :mozilla.162:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Revsci Path: :mozilla.163:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Revsci Path: :mozilla.164:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Revsci Path: :mozilla.165:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Revsci Path: :mozilla.166:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Revsci Path: :mozilla.167:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Specificclick Path: :mozilla.186:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Specificclick Path: :mozilla.187:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Specificclick Path: :mozilla.189:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Specificclick Path: :mozilla.190:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Fastclick Path: :mozilla.199:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Zedo Path: :mozilla.200:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.201:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.202:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.203:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Adengage Path: :mozilla.242:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Gamershell Path: :mozilla.259:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Gamershell Path: :mozilla.260:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Gamershell Path: :mozilla.261:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Gamershell Path: :mozilla.262:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Gamershell Path: :mozilla.263:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Gamershell Path: :mozilla.264:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Gamershell Path: :mozilla.265:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Gamershell Path: :mozilla.266:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Gamershell Path: :mozilla.267:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Gamershell Path: :mozilla.268:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Gamershell Path: :mozilla.269:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Gamershell Path: :mozilla.270:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Gamershell Path: :mozilla.271:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Gamershell Path: :mozilla.272:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Gamershell Path: :mozilla.273:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Burstnet Path: :mozilla.274:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Tribalfusion Path: :mozilla.275:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Com Path: :mozilla.282:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Googleadservices Path: :mozilla.304:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Netflame Path: :mozilla.318:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Hitbox Path: :mozilla.326:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Hitslink Path: :mozilla.332:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: TrackingCookie.Hitslink Path: :mozilla.333:C:\Documents and Settings\acer\Application Data\Mozilla\Firefox\Profiles\aay5tqoj.default\cookies.txt Risk: Medium Name: Trojan.Agent.abd Path: C:\Program Files\Alcohol Soft\Alcohol 120\star_syn_client.dll Risk: High Name: Heuristic.Win32.Morphine-Crypted Path: C:\Program Files\Multi Theft Auto\MTAClient.exe Risk: Questionable Sitten se DSS.exe: Deckard's System Scanner v20070809.63 Run by acer on 2007-08-13 at 01:08:18 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 103: 2007-08-12 22:08:22 UTC - RP255 - Deckard's System Scanner Restore Point 102: 2007-08-12 21:51:26 UTC - RP254 - Installed Java(TM) 6 Update 2 101: 2007-08-12 20:39:25 UTC - RP253 - Removed WebFldrs XP 100: 2007-08-12 20:36:33 UTC - RP252 - Removed Java(TM) SE Runtime Environment 6 Update 1 99: 2007-08-12 20:34:42 UTC - RP251 - Removed Java(TM) 6 Update 2 -- First Restore Point -- 1: 2007-05-15 10:01:01 UTC - RP153 - Installed Kaspersky Anti-Virus 7.0 Beta. Backed up registry hives. Performed disk cleanup. -- HijackThis (run as acer.exe) ------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:09:34, on 13.8.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\eHome\ehSched.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Sygate\SPF\smc.exe C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe C:\Program Files\BUFFALO\Client Manager 2\ClientMgr2.exe C:\Program Files\Last.fm\LastFMHelper.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Documents and Settings\acer\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\acer.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: ClientManager2.lnk = C:\Program Files\BUFFALO\Client Manager 2\ClientMgr2.exe O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169821442771 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing) O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- End of file - 9257 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ----------- backup-20070812-232538-771 O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE backup-20070812-232538-991 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) -- File Associations ----------------------------------------------------------- .reg - regfile - shell\open\command - "regedit.exe" "%1" -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 Teefer (Teefer for NT) - c:\windows\system32\drivers\teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver> R0 UBHelper - c:\windows\system32\drivers\ubhelper.sys R0 Vax347b - c:\windows\system32\drivers\vax347b.sys R0 Vax347s - c:\windows\system32\drivers\vax347s.sys R1 BUFADPT - c:\windows\system32\bufadpt.sys <Not Verified; BUFFALO INC.; BUFFALO Wireless LAN> R1 wpsdrvnt - c:\windows\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt> R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; > R3 ZDPSp50 (ZDPSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\zdpsp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> S3 BFAIFILT - c:\windows\system32\drivers\bfaifilt.sys S3 EraserUtilRebootDrv - c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys (file missing) S3 psdfilter - c:\windows\system32\drivers\psdfilter.sys (file missing) S3 psdvdisk - c:\windows\system32\drivers\psdvdisk.sys (file missing) S3 u2kg54 (BUFFALO WLI-U2-KG54 Wireless LAN Adapter Service) - c:\windows\system32\drivers\rt2500usb.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; > S2 ccEvtMgr (Symantec Event Manager) - "c:\program files\common files\symantec shared\ccevtmgr.exe" (file missing) S2 ccSetMgr (Symantec Settings Manager) - "c:\program files\common files\symantec shared\ccsetmgr.exe" (file missing) S3 FileZilla Server (FileZilla Server FTP server) - c:\program files\filezilla server\filezilla server.exe <Not Verified; FileZilla Project; FileZilla Server> S3 NSCService (Norton Protection Center Service) - "c:\program files\common files\symantec shared\security console\nscsrvce.exe" (file missing) S3 PACSPTISVR - "c:\program files\common files\sony shared\avlib\pacsptisvr.exe" <Not Verified; ; PACSPTISVR Module> S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Files created between 2007-07-13 and 2007-08-13 ----------------------------- 2007-08-13 00:51:31 0 d-------- C:\Program Files\Java 2007-08-13 00:51:28 0 d-------- C:\Program Files\Common Files\Java 2007-08-12 23:08:02 0 d-------- C:\Program Files\Trend Micro 2007-08-10 04:20:40 4682 --a------ C:\WINDOWS\system32\npptNT2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT> 2007-08-10 03:54:01 0 d-------- C:\Program Files\Acclaim 2007-08-07 05:05:27 0 d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-08-07 04:15:43 0 dr------- C:\Documents and Settings\LocalService\Favorites 2007-08-07 04:15:31 0 --a------ C:\WINDOWS\nsreg.dat 2007-08-07 04:15:27 0 d-------- C:\Documents and Settings\LocalService\Application Data\Mozilla 2007-08-07 04:11:54 61008 --a------ C:\WINDOWS\system32\drivers\Teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver> 2007-08-07 04:11:53 21075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt> 2007-08-07 04:11:48 0 d-------- C:\Program Files\Sygate 2007-08-07 04:11:37 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-08-07 03:53:04 298104 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System> 2007-08-07 03:28:32 0 dr-h----- C:\Documents and Settings\acer\Recent 2007-08-07 03:09:32 0 d-------- C:\WINDOWS\system32\ZoneLabs 2007-08-07 03:09:11 0 d-------- C:\WINDOWS\Internet Logs 2007-08-03 13:32:58 0 d-------- C:\Program Files\vcmm 2007-07-31 20:46:15 0 d-------- C:\Documents and Settings\All Users\Application Data\NtiDvdCopy 2007-07-16 02:19:45 0 d-------- C:\Documents and Settings\All Users\SonicStage 2007-07-16 02:12:26 770048 --a------ C:\WINDOWS\system32\CDDBUISony.dll <Not Verified; Gracenote; CDDBUIControl Module> 2007-07-16 02:12:26 532480 --a------ C:\WINDOWS\system32\CddbPlaylist2Sony.dll <Not Verified; ; CddbPlaylist2 Module> 2007-07-16 02:12:26 589824 --a------ C:\WINDOWS\system32\CddbMusicIDSony.dll <Not Verified; Gracenote; CddbMusicID Module> 2007-07-16 02:12:26 73728 --a------ C:\WINDOWS\system32\CddbLinkSony.dll <Not Verified; Gracenote; CddbLink Module> 2007-07-16 02:12:26 655360 --a------ C:\WINDOWS\system32\CDDBControlSony.dll <Not Verified; Gracenote, Inc.; CDDBControl Core Module> 2007-07-16 02:11:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony Corporation 2007-07-16 02:11:01 0 d-------- C:\Program Files\Sony 2007-07-16 02:10:24 0 d-------- C:\Documents and Settings\acer\Application Data\Sony Corporation 2007-07-16 02:10:22 0 d-------- C:\Program Files\Common Files\Sony Shared 2007-07-15 04:29:10 0 d-------- C:\Program Files\Stardock 2007-07-15 02:01:38 0 d-------- C:\Program Files\Samurize -- Find3M Report --------------------------------------------------------------- 2007-08-13 01:09:33 0 d-------- C:\Documents and Settings\acer\Application Data\uTorrent 2007-08-13 00:51:28 0 d-------- C:\Program Files\Common Files 2007-08-10 03:54:01 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-08-02 19:30:15 0 d-------- C:\Program Files\mIRC 2007-07-31 17:31:38 0 d-------- C:\Program Files\RevConnect 2007-07-15 04:59:25 0 d-------- C:\Program Files\VstPlugins 2007-07-15 04:29:24 0 d-------- C:\Program Files\Common Files\Stardock 2007-07-11 16:08:05 0 d-------- C:\Documents and Settings\acer\Application Data\Apple Computer 2007-07-11 16:07:07 0 d-------- C:\Program Files\QuickTime 2007-07-11 04:36:21 0 d-------- C:\Program Files\Last.fm 2007-07-02 16:16:14 0 d-------- C:\Program Files\SystemRequirementsLab 2007-07-02 16:16:11 0 d-------- C:\Documents and Settings\acer\Application Data\SystemRequirementsLab 2007-06-30 13:25:47 0 d-------- C:\Program Files\Winamp 2007-06-28 17:19:43 0 d-------- C:\Program Files\Square Soft, Inc 2007-06-27 03:22:43 0 d-------- C:\Program Files\StepMania 2007-06-27 03:17:49 0 d-------- C:\Documents and Settings\acer\Application Data\gtk-2.0 2007-06-21 15:24:22 0 d-------- C:\Program Files\Graffiti Studio 2.0 2007-06-18 21:20:33 0 d-------- C:\Program Files\Truck Dismount 2007-06-18 19:03:07 0 d-------- C:\Program Files\Porrasturvat - Stair Dismount 2007-06-14 14:34:52 0 d-------- C:\Program Files\Rockstar Games 2007-06-13 05:12:34 0 d-------- C:\Documents and Settings\acer\Application Data\Adobe -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [29.09.2005 15:01] "LaunchApp"="Alaunch" [] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12.07.2006 01:19] "nwiz"="nwiz.exe" [12.07.2006 01:19 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12.07.2006 01:19] "RTHDCPL"="RTHDCPL.EXE" [01.06.2006 03:48 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [16.05.2006 05:04 C:\WINDOWS\SkyTel.exe] "ntiMUI"="c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [11.05.2005 17:15] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [10.08.2004 23:00] "IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [10.08.2004 23:00] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [10.08.2004 23:00] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [10.08.2004 23:00] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [10.08.2004 23:00] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [07.08.2007 03:52] "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [27.09.2005 12:16] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12.07.2007 04:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [10.08.2004 23:00] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19.01.2007 12:55] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [12.11.2006 13:48] "µTorrent"="C:\Program Files\uTorrent\utorrent.exe" [15.02.2007 17:25] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog C:\Documents and Settings\acer\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16.3.2005 20:16:50] Client Default.lnk - C:\Program Files\Samurize\Client.exe [7.4.2007 23:02:08] Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [15.7.2007 4:29:23] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Acer WLAN 11g USB Dongle.lnk - C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe [16.11.2005 20:25:14] Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16.3.2005 20:16:50] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14.12.2004 4:44:06] ClientManager2.lnk - C:\Program Files\BUFFALO\Client Manager 2\ClientMgr2.exe [26.1.2007 14:48:56] Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [29.6.2007 2:06:47] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient] C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 31.01.2005 16:13 49152 C:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] AutoRun\command- I:\SegaClassics.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{774cdd86-b2d1-11db-ae5d-000d0b9f511e}] AutoRun\command- L:\Install.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ddff5a93-ad32-11db-ae52-001921a02fa1}] AutoRun\command- I:\lzext.exe -- End of Deckard's System Scanner: finished at 2007-08-13 at 01:09:58 --------- extra.txt : Deckard's System Scanner v20070809.63 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ CPU 1: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ Percentage of Memory in Use: 37% Physical Memory (total/avail): 1023.48 MiB / 639.23 MiB Pagefile Memory (total/avail): 2461.02 MiB / 2135.69 MiB Virtual Memory (total/avail): 2047.88 MiB / 1957.37 MiB C: is Fixed (NTFS) - 232.88 GiB total, 42.41 GiB free. D: is CDROM (No Media) E: is Fixed (FAT32) - 16.05 GiB total, 0.19 GiB free. F: is Removable (FAT) G: is Removable (No Media) H: is Removable (No Media) I: is CDROM (No Media) J: is CDROM (No Media) K: is Removable (No Media) -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is disabled. FirstRunDisabled is set. AntiVirusDisableNotify is set. FirewallDisableNotify is set. FW: Sygate Personal Firewall Pro v4.6 (Sygate Technologies, Inc.) AV: ESET NOD32 antivirus system 2.70 v2.70 (ESET, spol. s r.o.) [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent" "C:\\Program Files\\RevConnect\\DCPlusPlus.exe"="C:\\Program Files\\RevConnect\\DCPlusPlus.exe:*:EnabledC++" "C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Sierra\\FEARCombat\\FEARMP.exe"="C:\\Program Files\\Sierra\\FEARCombat\\FEARMP.exe:*:Enabled:FEAR Combat" "C:\\Program Files\\Sierra\\FEAR\\FEAR.exe"="C:\\Program Files\\Sierra\\FEAR\\FEAR.exe:*:Enabled:FEAR" "C:\\Program Files\\Sierra\\FEAR\\FEARMP.exe"="C:\\Program Files\\Sierra\\FEAR\\FEARMP.exe:*:Enabled:FEAR" "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Etätuki - Windows Messenger ja ääniyhteys" "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*isabled:Orb" "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*isabled:Orb Stream Client" "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*isabled:OrbTray" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\acer\Application Data CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=ACER-F4F9D416C1 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\acer LOGONSERVER=\\ACER-F4F9D416C1 NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 75 Stepping 2, AuthenticAMD PROCESSOR_LEVEL=15 PROCESSOR_REVISION=4b02 ProgramFiles=C:\Program Files PROMPT=$P$G SamDir=SINSTDIR SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\acer\LOCALS~1\Temp TMP=C:\DOCUME~1\acer\LOCALS~1\Temp USERDOMAIN=ACER-F4F9D416C1 USERNAME=acer USERPROFILE=C:\Documents and Settings\acer windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- acer (admin) Administrator (admin) -- Add/Remove Programs --------------------------------------------------------- 2Moons --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1BD67531-A957-4592-9743-A2761BB4AC28}\setup.exe" -l0x9 -removeonly HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Kaspersky Online Scanner --> C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe NOD32 antivirus system --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL NOD32 FiX --> "C:\Program Files\Eset\unins000.exe" Sygate Personal Firewall Pro --> MsiExec.exe /I{10B446B3-4DF4-4489-A168-8A98F7CD807E} Time Adjuster STANDARD 3.1 --> "C:\Program Files\TimeAdjuster\Uninstall.exe" -- Application Event Log ------------------------------------------------------- Event ID #8348: Warning Event Submitted/Written: 08/13/2007 01:01:23 AM Event Source: Microsoft Fax Event Description: Lähtevien faksien reitityssääntö ei kelpaa, koska se ei löydä kelvollista laitetta. Tätä sääntöä käyttäviä lähteviä fakseja ei reititetä. Varmista, että kohdelaite (tai reititysryhmän kohdelaitteet) on kytketty ja asennettu oikein ja että se on käytössä. Jos faksit reititetään ryhmään, varmista, että ryhmä on määritetty oikein. Maan tai alueen numero: * Suuntanumero: * Event ID #8347: Warning Event Submitted/Written: 08/13/2007 01:01:22 AM Event Source: Microsoft Fax Event Description: Faksipalvelu ei onnistunut alustamaan määritettyjä faksilaitteita (näennäisiä tai TAPI-laitteita). Fakseja ei voi lähettää tai vastaanottaa, ennen kuin faksilaite on asennettu. Event ID #8345: Error Event Submitted/Written: 08/13/2007 01:00:11 AM Event Source: Automatic LiveUpdate Scheduler Event Description: Information Level: error This service is not authorized to start. Event ID #8344: Warning Event Submitted/Written: 08/13/2007 00:58:58 AM Event Source: Userenv Event Description: Windows tallensi käyttäjän ACER-F4F9D416C1\acer rekisterin, kun jokin sovellus tai palvelu käytti yhä rekisteriä uloskirjautumisen aikana. Käyttäjän rekisterin varaamaa muistia ei ole vapautettu. Rekisterin lataus poistetaan, kun rekisteri ei ole enää käytössä. Tähän on usein syynä käyttäjän tilin avulla suoritettavat palvelut. Määritä palvelut LocalService- tai NetworkService-tilin avulla suoritettaviksi. Event ID #8342: Warning Event Submitted/Written: 08/13/2007 00:38:46 AM Event Source: Microsoft Fax Event Description: Lähtevien faksien reitityssääntö ei kelpaa, koska se ei löydä kelvollista laitetta. Tätä sääntöä käyttäviä lähteviä fakseja ei reititetä. Varmista, että kohdelaite (tai reititysryhmän kohdelaitteet) on kytketty ja asennettu oikein ja että se on käytössä. Jos faksit reititetään ryhmään, varmista, että ryhmä on määritetty oikein. Maan tai alueen numero: * Suuntanumero: * -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event ID #12836: Error Event Submitted/Written: 08/13/2007 01:01:31 AM Event Source: Service Control Manager Event Description: Palvelua Automatic LiveUpdate Scheduler ei voi käynnistää. Virhekoodi on %%1053 Event ID #12835: Error Event Submitted/Written: 08/13/2007 01:01:31 AM Event Source: Service Control Manager Event Description: Aikakatkaisu (30000 ms) odottaa palvelun Automatic LiveUpdate Scheduler yhdistymistä. Event ID #12809: Error Event Submitted/Written: 08/13/2007 00:38:56 AM Event Source: Service Control Manager Event Description: Palvelua Automatic LiveUpdate Scheduler ei voi käynnistää. Virhekoodi on %%1053 Event ID #12808: Error Event Submitted/Written: 08/13/2007 00:38:56 AM Event Source: Service Control Manager Event Description: Aikakatkaisu (30000 ms) odottaa palvelun Automatic LiveUpdate Scheduler yhdistymistä. Event ID #12797: Warning Event Submitted/Written: 08/12/2007 08:56:38 PM Event Source: Tcpip Event Description: TCP/IP saavutti yhtäaikaisille TCP-yhteysyrityksille asetetun suojausrajoituksen. -- End of Deckard's System Scanner: finished at 2007-08-13 at 01:09:58 ---------
Pysy puhtaana -> Tyhjennä järjestelmänpalautus Ohjeet Tyhjennä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä. -> Käytä CCleaneria -> CCleaner Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti. -> Asenna SpywareBlaster -> SpywareBlaster SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia! Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas -> Asenna MVPS Hosts tiedosto -> MVPS Hosts Estää koneesi yhteyden haitallisiin sivustoihin. Opas saatavilla suomeksi! Nimimerkki Axelin opas -> Vaihda selaimesi Firefoxiin -> Firefox Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer. -> Pidä järjestelmäsi ajantasalla. -> Windows Update Vieraile Windows Updatessa säännöllisesti. -> Pidä palomuuri ja virustorjunta ajantasalla Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi. ja hyvä myös escan http://koti.mbnet.fi/pattaya1/escanmwav.htm ->Pidä ohjelmistosi ajantasalla. -> Secunia Software Inspector Secunia Software Inspector tutkii sinun järjestälmäsi ja ohjelmistosi puuttuvien turvallisuuspäivityksien osalta. Tavallinen tutkinta kestää normaalisti 5-40 sekuntia, kun läpikotainen (thorough system inspection) voi kestää useita minuutteja. ->Seuraa säännöllisesti viestintäviraston tietoja uusista haavoittuvuuksista -> CERT-FI Jos tulevaisuudessa tulee haittaohjelmien kanssa ongelmia, älä epäröi laittaa Hijackthis-logia tarkistettavaksi!
