Onglemia

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by Makkei, Mar 19, 2007.

Page 1 of 2
  1. Makkei

    Makkei Regular member

    Joined:
    Jan 16, 2006
    Messages:
    169
    Likes Received:
    0
    Trophy Points:
    26
    Tänään alkoi ikkunoita vilisemään silmissä kun avasin koneen ja kirjauduin sisälle ne näyttivät command ikkunoilta ja sitten oli näitä perinteisiä pop-up ikkunoita ajattelin pistää tehtävien hallinnasta prosessit ja hjt login.
    http://kotisivu.dnainternet.net/kylloari/Kuvia/ScreenShot00026.jpg

    HJT:

    Logfile of HijackThis v1.99.1
    Scan saved at 19:48:52, on 19.3.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\arservice.exe
    C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\Program Files\SiteAdvisor\6009\SAService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    C:\Program Files\F-Secure\Common\FIH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\ARPWRMSG.EXE
    C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\Program Files\SiteAdvisor\6009\SiteAdv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\F-Secure\FSGUI\fsguidll.exe
    C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
    C:\Program Files\FastStone Capture\FSCapture.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\ALCXMNTR.EXE
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\DC++\DCPlusPlus.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Hjt\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fin.afterdawn.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = dna Internet Explorer
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://paivitys.dnainternet.fi/yhteys/proxy.pac
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6009\SiteAdv.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6009\SiteAdv.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
    O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6009\SiteAdv.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
    O4 - Global Startup: FastStone Capture.lnk = C:\Program Files\FastStone Capture\FSCapture.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Photosmart Premier -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6009\SiteAdv.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - C:\Program Files\Common Files\A&W\MidRadio.ocx
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6009\SAService.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

    ja vielä kerran kiitos etukäteen mahdollisista avuista
     
    Makkei, Mar 19, 2007
    #1
  2. Auttaja

    Auttaja Guest

    Auttaja, Mar 19, 2007
    #2
  3. Makkei

    Makkei Regular member

    Joined:
    Jan 16, 2006
    Messages:
    169
    Likes Received:
    0
    Trophy Points:
    26
    "Mara" - 07-03-19 19:55:40 Service Pack 2
    ComboFix 07-03-15.2 - Running from: "C:\Documents and Settings\Mara\Desktop"

    ((((((((((((((((((((((((((((((( Files Created from 2007-02-19 to 2007-03-19 ))))))))))))))))))))))))))))))))))


    2007-03-19 18:59 <KANSIO> d-------- C:\Program Files\SpeedFan
    2007-03-17 16:25 <KANSIO> d-------- C:\DOCUME~1\PIVI~1\Phone Browser
    2007-03-17 16:25 <KANSIO> d-------- C:\DOCUME~1\PIVI~1\APPLIC~1\HP
    2007-03-16 16:24 <KANSIO> d-------- C:\DOCUME~1\Mara\APPLIC~1\Nokia Multimedia Player
    2007-03-15 20:42 6,388 --a------ C:\WINDOWS\system32\d3d9caps.dat
    2007-03-11 11:33 <KANSIO> d-------- C:\Program Files\uTorrent
    2007-03-10 19:06 <KANSIO> d-------- C:\Program Files\Nokia
    2007-03-10 19:06 <KANSIO> d-------- C:\Program Files\Common Files\Nokia
    2007-03-04 12:55 <KANSIO> d-------- C:\DOCUME~1\Mara\APPLIC~1\Image Zone Express
    2007-03-03 13:58 <KANSIO> d-------- C:\Program Files\MSBuild
    2007-03-03 13:56 <KANSIO> d-------- C:\WINDOWS\system32\XPSViewer
    2007-03-03 13:55 <KANSIO> d-------- C:\Program Files\Reference Assemblies
    2007-03-03 13:50 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
    2007-03-03 13:49 <KANSIO> d-------- C:\dafdda2bf98576a96e3c9a
    2007-03-03 13:48 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
    2007-03-03 13:48 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
    2007-03-03 13:48 116,736 --------- C:\WINDOWS\system32\aaclient.dll
    2007-03-02 18:23 <KANSIO> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Image Zone Express
    2007-03-02 18:01 <KANSIO> d-------- C:\bin
    2007-03-02 16:49 126,351 --a------ C:\WINDOWS\hpoins11.dat
    2007-03-02 16:36 49,664 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
    2007-03-02 16:36 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
    2007-03-02 16:35 77,824 -ra------ C:\WINDOWS\system32\HPZIDS01.dll
    2007-03-02 16:35 38,400 --a------ C:\WINDOWS\system32\hpz3l054.dll
    2007-03-02 16:35 282,624 -ra------ C:\WINDOWS\system32\HPZc3212.dll
    2007-03-02 16:35 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
    2007-03-02 16:34 827,392 -ra------ C:\WINDOWS\system32\hpotiop2.dll
    2007-03-02 16:34 659,456 -ra------ C:\WINDOWS\system32\hpowiax2.dll
    2007-03-02 16:34 254,026 -ra------ C:\WINDOWS\system32\hpovst09.dll
    2007-03-02 16:29 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2007-02-22 20:04 <KANSIO> d-------- C:\Program Files\Common Files\Skype


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-03-19 19:53 -------- d-------- C:\Program Files\dc++
    2007-03-19 19:11 12 --a------ C:\WINDOWS\bthservsdp.dat
    2007-03-19 17:48 -------- d-------- C:\Program Files\steam
    2007-03-16 16:34 -------- d-------- C:\Program Files\ffdshow
    2007-03-12 22:40 -------- d-------- C:\Program Files\microsoft digital image 2006
    2007-03-11 12:10 -------- d-------- C:\DOCUME~1\Mara\APPLIC~1\utorrent
    2007-03-10 19:09 -------- d-------- C:\DOCUME~1\Mara\APPLIC~1\nokia
    2007-03-10 19:06 -------- d-------- C:\Program Files\Common Files\pcsuite
    2007-03-02 18:02 -------- d-------- C:\Program Files\hp
    2007-03-02 17:58 -------- d-------- C:\Program Files\Common Files\sonic shared
    2007-03-02 17:46 -------- d-------- C:\Program Files\hewlett-packard
    2007-02-22 20:05 -------- d-------- C:\DOCUME~1\Mara\APPLIC~1\skype
    2007-02-22 20:04 -------- d-------- C:\Program Files\skype
    2007-02-21 21:00 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll
    2007-02-15 16:07 -------- d-------- C:\DOCUME~1\Mara\APPLIC~1\sony corporation
    2007-02-15 15:45 -------- d--h----- C:\Program Files\installshield installation information
    2007-02-15 15:45 -------- d-------- C:\Program Files\sony
    2007-02-15 15:45 -------- d-------- C:\Program Files\Common Files\sony shared
    2007-02-15 15:44 -------- d-------- C:\Program Files\sony corporation
    2007-01-31 08:14 -------- d-------- C:\Program Files\google
    2007-01-26 10:42 2831232 --a------ C:\WINDOWS\system32\drivers\3xHybrid.sys
    2007-01-25 15:55 -------- d-------- C:\Program Files\siteadvisor
    2007-01-20 22:10 -------- d-------- C:\DOCUME~1\Mara\APPLIC~1\hp
    2007-01-19 21:53 -------- d-------- C:\DOCUME~1\Mara\APPLIC~1\dvdcss
    2007-01-19 21:50 -------- d-------- C:\Program Files\videolan
    2007-01-19 21:50 -------- d-------- C:\DOCUME~1\Mara\APPLIC~1\vlc
    2007-01-19 20:03 -------- d-------- C:\DOCUME~1\Mara\APPLIC~1\otto
    2007-01-08 19:01 17408 --a------ C:\WINDOWS\system32\corpol.dll
    2007-01-06 21:53 5046 --a------ C:\WINDOWS\system32\tmp.reg
    2007-01-02 16:17 1744 --a------ C:\DOCUME~1\Mara\APPLIC~1\wklnhst.dat
    2007-01-02 13:00 87608 --a------ C:\DOCUME~1\Mara\APPLIC~1\ezpinst.exe
    2007-01-02 13:00 7824 --a------ C:\DOCUME~1\Mara\APPLIC~1\pcouffin.cat
    2007-01-02 13:00 47360 --a------ C:\DOCUME~1\Mara\APPLIC~1\pcouffin.sys
    2007-01-02 13:00 33 --a------ C:\DOCUME~1\Mara\APPLIC~1\pcouffin.log
    2007-01-02 13:00 1144 --a------ C:\DOCUME~1\Mara\APPLIC~1\pcouffin.inf


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
    "Steam"=""
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
    "WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
    "ftutil2"="rundll32.exe ftutil2.dll,SetWriteCacheMode"
    "AlwaysReady Power Message APP"="ARPWRMSG.EXE"
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "nwiz"="nwiz.exe /installquiet /keeploaded /nodetect"
    "HPHUPD08"="c:\\Program Files\\HP\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphupd08.exe"
    "DMAScheduler"="c:\\Program Files\\Sonic\\DigitalMedia Plus\\DigitalMedia Archive\\DMAScheduler.exe"
    "Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
    "HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
    "HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
    "KBD"="C:\\HP\\KBD\\KBD.EXE"
    "LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
    "LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
    "LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
    "F-Secure Manager"="\"C:\\Program Files\\F-Secure\\Common\\FSM32.EXE\" /splash"
    "F-Secure TNB"="\"C:\\Program Files\\F-Secure\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
    "SiteAdvisor"="C:\\Program Files\\SiteAdvisor\\6009\\SiteAdv.exe"
    "BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
    "UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
    63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
    6d,73,73,74,79,6c,65,73,00
    "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
    73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoCDBurning"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
    bthsvcs REG_MULTI_SZ BthServ\0\0



    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job


    ********************************************************************

    catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    ********************************************************************

    Completion time: 07-03-19 19:59:27

     
    Last edited: Mar 19, 2007
    Makkei, Mar 19, 2007
    #3
  4. Auttaja

    Auttaja Guest

    siel on vaikka mitä kivaa, aloitetaan tällä


    Lataa
    VundoFix.exe työpöydällesi.
    *Tupla-klikkaa VundoFix.exe ajaaksesi sen.
    *Klikkaa Scan for Vundo valintaa.
    *Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
    *Sinulta kysytään haluatko poistaa filut - klikkaa YES.
    *Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
    *Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
    *Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.


    Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
    Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.
     
    Auttaja, Mar 19, 2007
    #4
  5. Makkei

    Makkei Regular member

    Joined:
    Jan 16, 2006
    Messages:
    169
    Likes Received:
    0
    Trophy Points:
    26
    täytyykö klikata remove vundo nappia jos se ei löydä mitään ilmoitti vaan ''no infected files were found''



    VundoFix V6.1.5

    Checking Java version...

    Java version is 1.5.0.5

    Java version is 1.5.0.6

    Java version is 1.5.0.9

    Scan started at 21:03:32 19.3.2007

    Listing files found while scanning....

    No infected files were found.


    sitte uus HJT:

    Logfile of HijackThis v1.99.1
    Scan saved at 21:10:38, on 19.3.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\arservice.exe
    C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\Program Files\SiteAdvisor\6009\SAService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    C:\Program Files\F-Secure\Common\FIH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\ARPWRMSG.EXE
    C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\SiteAdvisor\6009\SiteAdv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\F-Secure\FSGUI\fsguidll.exe
    C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
    C:\Program Files\FastStone Capture\FSCapture.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\ALCXMNTR.EXE
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Hjt\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fin.afterdawn.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = dna Internet Explorer
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://paivitys.dnainternet.fi/yhteys/proxy.pac
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6009\SiteAdv.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6009\SiteAdv.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
    O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6009\SiteAdv.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
    O4 - Global Startup: FastStone Capture.lnk = C:\Program Files\FastStone Capture\FSCapture.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Photosmart Premier -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6009\SiteAdv.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - C:\Program Files\Common Files\A&W\MidRadio.ocx
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6009\SAService.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

     
    Last edited: Mar 19, 2007
    Makkei, Mar 19, 2007
    #5
  6. Auttaja

    Auttaja Guest

    Hakuammunta:

    Lataa
    http://www.uploads.ejvindh.net/rustbfix.exe
    http://uploads.ejvindh.andymanchesta.com/Rustbfix.exe

    Tuplaklikkaa tiedostoa rustbfix.exe. Jos löytyy Rustock.b-infektio, sinua pyydetään pian käynnistämään kone uudelleen. Uudelleenkäynnistyminen saattaa kestää hetken ja joudut ehkä käynnistämään koneen vielä toisenkin kerran. Kaikki tämä tapahtuu automaattisesti. Uudelleenkäynnistyksen jälkeen kaksi lokitiedostoa avautuu (%root%\avenger.txt & %root%\rustbfix\pelog.txt).
     
    Last edited by a moderator: Mar 19, 2007
    Auttaja, Mar 19, 2007
    #6
  7. Makkei

    Makkei Regular member

    Joined:
    Jan 16, 2006
    Messages:
    169
    Likes Received:
    0
    Trophy Points:
    26
    Sanoo vaan Error: Sorry the server is not ready to serve.
    Kokeilen huomenna uusiks.

    Eikä löytyny mitään rustok vai mikä ny olikaan infektiota.
     
    Last edited: Mar 19, 2007
    Makkei, Mar 19, 2007
    #7
  8. Auttaja

    Auttaja Guest


    ***************

    Lataa NoLop työpöydällesi yhdestä seuraavista linkeistä...
    Linkki 1
    Linkki 2
    Linkki 3

    [*]Sulje kaikki ohjelmat, koska tämä vaihe vaatii uudelleenkäynnistyksen
    [*]Tuplaklikkaa NoLop.exe ajaaksesi sen
    [*]Klikkaa nappulaa "Search and Destroy"
    <<Tietokoneesi skannataan saastuneiden tiedostojen osalta>>
    [*] Kun skannaus on valmis, sinua pyydetään käynnistämään kone uudestaan, jos infektio löytyy. Klikkaa OK
    [*] Klikkaa "REBOOT"-painiketta.
    [*] NoLopin pitäisi antaa viesti. Jos ei, tuplaklikkaa ohjelmaa ja se valmistuu. Lähetä C:\NoLop.log-tiedoston sisältö uuden HijackThis-lokin kera.

    -- Jos saat seuraavan virheen, "mscomctl.ocx or one of its dependencies are not correctly registered,"
    lataa mscomctl.ocx
    ja tallenna se system32-hakemistoosi (yleensä c:\Windows\system32). Tämän jälkeen aja ohjelma uudestaan.

    ****************

    lataa ATF Cleaner
    http://www.atribune.org/ccount/click.php?id=1

    Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman. Main:n alla valitse: Select All
    Klikkaa Empty Selected valintaa.
    Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
    Klikkaa Empty Selected valintaa.
    HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
    Jos käytät Operaa selaimenasi Klikkaa Opera yläpuolelta ja valitse: Select All
    Klikkaa Empty Selected valintaa taas.
    HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
    Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
    Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)


    **************************

    Lataa AVG Anti-Spyware 7.5 ja tallenna ohjelma työpöydällesi.

    [*]Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
    [*]Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
    [*]Käynnistä AVG Anti-Spyware.
    [*]Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.
    [*]Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.
    [*]Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
    [*]Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
    [*]Sitten "Reports" valikon alta:
    [*]Laita täppi kohtaan "Automatically generate report after every scan"
    [*]Ota täppi pois kohdasta"Only if threats were found"


    10. Klikkaa OK jättääksesi Java asetusikkunasi.
    [*]Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
    [*]"Resident shield is", muuta tila active:sta inactive:ksi
    [*]Sulje ohjelma, ÄLÄ skannaa vielä.

    Käynnistä tietokone vikasietotilaan:
    1. Käynnistä tietokone uudelleen.
    2. Kun tietokone käynnistyy, paina F8-näppäintä.
    3. Näyttöön tulee erilaisia käynnistysvaihtoehtoja.
    4. Valitse näppäimistön nuolinäppäinten avulla Vikasietotila.
    5. Paina ENTER-näppäintä.


    *************

    HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.
    [*]Kun vikasietotilassa, käynnistä AVG Anti-Spyware.
    [*]Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
    [*]AVG aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.
    Kun skannaus on valmis:
    TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
    [*]Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
    [*]Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"
    [​IMG]
    [*]Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
    [*]Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
    [*]Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestiketjuusi.

    *********************

    Javan päivitys ja välimuistin tyhjennys:

    1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
    2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
    Niissä pitäisi olla seuraava kuva vieressä: [​IMG]
    3. Valitse kaikki entiset Java versiosi ja valitse Poista.
    4. Asenna uusin Java päivitys seuraavasta linkistä..
    5. Käynnistä kone uudelleen asennuksen jälkeen:

    http://java.sun.com/javase/downloads/index.jsp

    Rullaa alas kohteeseen Java Runtime Environment (JRE) 6

    Paina Download

    Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se.

    6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).

    7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia.

    (Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
    Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle    ).

    8. Varmista että kaikki kaksi valintaa ovat rastitettuja:

    *Applications and Applets

    *Trace and Log Files


    Ja paina OK -nappia

    9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.

    10. Klikkaa OK jättääksesi Java asetusikkunasi.
    ******************

    nyt ei mee ohi
     
    Auttaja, Mar 19, 2007
    #8
  9. Makkei

    Makkei Regular member

    Joined:
    Jan 16, 2006
    Messages:
    169
    Likes Received:
    0
    Trophy Points:
    26
    Kaikki muut toimi paitsi toi AVG anti-spyware ku se valittaa sitä samaa siinä päivityksen yhteydessä ja sää nähä huomenna ku tulee koulusta kotiin ja menee koneelle että onko auttanu.
    Noi java systeemit ja sun muut vois tehä pikkusiskojen läppärille ja ehän se mitään haittaa kun käytän Internet Exploreria, Firefoxia ja operaa kun poistin niistä kaikista sillä atf-cleanerilla ne ylimääräset jutut huomenna kokeilen vielä sitä Avg:tä jos se sit suostuis päivittämään tunnisteet...
    Kiitos Sulle Auttaja tähän mennessä saadusta avusta...
     
    Makkei, Mar 19, 2007
    #9
  10. Auttaja

    Auttaja Guest

    se AVG anti-spywaren päivittäminen ei onnistu aina! paina monta kertaa start update niin toimii =)

    tuskin on ongelmat viel poistunu :)
     
    Auttaja, Mar 19, 2007
    #10
  11. Makkei

    Makkei Regular member

    Joined:
    Jan 16, 2006
    Messages:
    169
    Likes Received:
    0
    Trophy Points:
    26
    Ei oo poistunu vielä jotain häikkää on vielä niitä command ikkunan näkösiä ei oo näkyny.
    Kokeilen nyt sitä AVG:tä uusiks
    Ei tosa hjt logissa oo mitään häikkää vai ootko vielä kerinny kattomaan?
     
    Last edited: Mar 20, 2007
    Makkei, Mar 20, 2007
    #11
  12. Auttaja

    Auttaja Guest

    Lähetä tämän tiedoston sisältö

    C:\NoLop.log

    ******

    Lataa tuosta CCleaner ja asenna se: http://ccleaner.com/download/downloadpage.aspx?1
    Kun asennat tätä ohjelmaa niin älä asenna sen mukana tulevaa yahoo-toolbaria. Tämä ohjelma
    etsii ja poistaa ns. turhia tiedostoja koneeltasi eli esim: temp tiedostot ja tällä saat myös
    puhdistettua rekisterisi. -korjaa automaattisesti tiedostojärjestelmän virheet¨
    -etsi ja yritä korjata virheelliset sektorit

    ********

    Ajetaanpas blacklightia.

    Lataa ja tallenna Blacklight työpöydällesi;

    Tupla-klikkaa blbeta.exe, hyväksy sopimus, klikkaa > Scan, sitten > Next

    Näet listan kaikesta mitä löytyi. Työpöydällesi myös ilmestyy loki jonka nimi on fsbl.xxxxxxx.log (xxxxxxx;n tilalla on luultavimmin numeroita).

    Kopioi ja liitä tämä loki seuraavaan vastaukseesi. Älä valitse "Rename" optiota vielä! Haluamme nähdä login ensin, koska hyviä tiedostoja saattaa olla mukana.
     
    Last edited by a moderator: Mar 20, 2007
    Auttaja, Mar 20, 2007
    #12
  13. Makkei

    Makkei Regular member

    Joined:
    Jan 16, 2006
    Messages:
    169
    Likes Received:
    0
    Trophy Points:
    26
    03/20/07 17:19:32 [Info]: BlackLight Engine 1.0.55 initialized
    03/20/07 17:19:32 [Info]: OS: 5.1 build 2600 (Service Pack 2)
    03/20/07 17:19:32 [Note]: 7019 4
    03/20/07 17:19:32 [Note]: 7005 0
    03/20/07 17:19:36 [Note]: 7006 0
    03/20/07 17:19:36 [Note]: 7011 4756
    03/20/07 17:19:36 [Note]: 7026 0
    03/20/07 17:19:36 [Note]: 7026 0
    03/20/07 17:19:46 [Note]: FSRAW library version 1.7.1021
    03/20/07 17:27:05 [Note]: 4013 10118
    03/20/07 17:27:05 [Note]: 4020 27 65536
    03/20/07 17:27:05 [Note]: 4018 27 65536
    03/20/07 17:27:05 [Note]: 4013 10065
    03/20/07 17:27:05 [Note]: 4020 27 65536
    03/20/07 17:27:05 [Note]: 4018 27 65536
    03/20/07 17:27:05 [Note]: 4013 10120
    03/20/07 17:27:05 [Note]: 4020 27 65536
    03/20/07 17:27:05 [Note]: 4018 27 65536
    03/20/07 17:27:05 [Note]: 4013 10146
    03/20/07 17:27:05 [Note]: 4020 27 65536
    03/20/07 17:27:05 [Note]: 4018 27 65536
    03/20/07 17:27:06 [Note]: 4013 10054
    03/20/07 17:27:06 [Note]: 4020 27 65536
    03/20/07 17:27:06 [Note]: 4018 27 65536
    03/20/07 17:27:06 [Note]: 4013 10055
    03/20/07 17:27:06 [Note]: 4020 27 65536
    03/20/07 17:27:06 [Note]: 4018 27 65536
    03/20/07 17:27:06 [Note]: 4013 10107
    03/20/07 17:27:06 [Note]: 4020 27 65536
    03/20/07 17:27:06 [Note]: 4018 27 65536
    03/20/07 17:27:06 [Note]: 4013 10108
    03/20/07 17:27:06 [Note]: 4020 27 65536
    03/20/07 17:27:06 [Note]: 4018 27 65536
    03/20/07 17:27:06 [Note]: 4013 10109
    03/20/07 17:27:06 [Note]: 4020 27 65536
    03/20/07 17:27:06 [Note]: 4018 27 65536
    03/20/07 17:27:06 [Note]: 4013 10017
    03/20/07 17:27:06 [Note]: 4020 27 65536
    03/20/07 17:27:06 [Note]: 4018 27 65536
    03/20/07 17:27:06 [Note]: 4013 10019
    03/20/07 17:27:06 [Note]: 4020 27 65536
    03/20/07 17:27:06 [Note]: 4018 27 65536
    03/20/07 17:27:06 [Note]: 4013 10018
    03/20/07 17:27:06 [Note]: 4020 27 65536
    03/20/07 17:27:06 [Note]: 4018 27 65536
    03/20/07 17:27:06 [Note]: 4013 10018
    03/20/07 17:27:06 [Note]: 4020 27 65536
    03/20/07 17:27:06 [Note]: 4018 27 65536
    03/20/07 17:27:06 [Note]: 4013 10019
    03/20/07 17:27:06 [Note]: 4020 27 65536
    03/20/07 17:27:06 [Note]: 4018 27 65536
    03/20/07 17:27:06 [Note]: 4013 10020
    03/20/07 17:27:06 [Note]: 4020 27 65536
    03/20/07 17:27:06 [Note]: 4018 27 65536
    03/20/07 17:27:06 [Note]: 4013 10021
    03/20/07 17:27:06 [Note]: 4020 27 65536
    03/20/07 17:27:06 [Note]: 4018 27 65536
    03/20/07 17:27:06 [Note]: 4013 10022
    03/20/07 17:27:06 [Note]: 4020 27 65536
    03/20/07 17:27:06 [Note]: 4018 27 65536
    03/20/07 17:27:06 [Note]: 4013 10023
    03/20/07 17:27:06 [Note]: 4020 27 65536
    03/20/07 17:27:06 [Note]: 4018 27 65536
    03/20/07 17:27:07 [Note]: 4013 10010
    03/20/07 17:27:07 [Note]: 4020 27 65536
    03/20/07 17:27:07 [Note]: 4018 27 65536
    03/20/07 17:27:07 [Note]: 4013 10010
    03/20/07 17:27:07 [Note]: 4020 27 65536
    03/20/07 17:27:07 [Note]: 4018 27 65536
    03/20/07 17:27:07 [Note]: 4013 10094
    03/20/07 17:27:07 [Note]: 4020 27 65536
    03/20/07 17:27:07 [Note]: 4018 27 65536
    03/20/07 17:29:51 [Note]: 7007 0


    ---------------------------------------------------------------


    oLop! Log by Skate_Punk_21

    Fix running from: C:\Documents and Settings\Mara\Desktop
    [19.3.2007]
    [21:30:02]

    ---Infection Files Found/Removed---
    NO INFECTION FILES FOUND - Cleaning Aborted.

    ---Listing AppData sub directories---

    C:\Documents and Settings\Administrator\Application Data\Identities
    C:\Documents and Settings\Administrator\Application Data\Microsoft
    C:\Documents and Settings\All Users\Application Data\Adobe
    C:\Documents and Settings\All Users\Application Data\Adobe Systems
    C:\Documents and Settings\All Users\Application Data\Anwsoft
    C:\Documents and Settings\All Users\Application Data\Apple Computer
    C:\Documents and Settings\All Users\Application Data\Cyberlink
    C:\Documents and Settings\All Users\Application Data\F-secure
    C:\Documents and Settings\All Users\Application Data\Google
    C:\Documents and Settings\All Users\Application Data\Hp
    C:\Documents and Settings\All Users\Application Data\Installshield
    C:\Documents and Settings\All Users\Application Data\Macromedia
    C:\Documents and Settings\All Users\Application Data\Mcafee
    C:\Documents and Settings\All Users\Application Data\Microsoft
    C:\Documents and Settings\All Users\Application Data\Nokia
    C:\Documents and Settings\All Users\Application Data\Nview_profiles -- EMPTY Directory
    C:\Documents and Settings\All Users\Application Data\Otto
    C:\Documents and Settings\All Users\Application Data\Pc Suite
    C:\Documents and Settings\All Users\Application Data\Siteadvisor -- EMPTY Directory
    C:\Documents and Settings\All Users\Application Data\Skype
    C:\Documents and Settings\All Users\Application Data\Sonic
    C:\Documents and Settings\All Users\Application Data\Sony Corporation
    C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    C:\Documents and Settings\Default User\Application Data\Identities
    C:\Documents and Settings\Default User\Application Data\Microsoft
    C:\Documents and Settings\Guest\Application Data\Identities
    C:\Documents and Settings\Guest\Application Data\Macromedia
    C:\Documents and Settings\Guest\Application Data\Microsoft
    C:\Documents and Settings\Hp_administrator\Application Data\Adobe
    C:\Documents and Settings\Hp_administrator\Application Data\Adobeum
    C:\Documents and Settings\Hp_administrator\Application Data\Ahead
    C:\Documents and Settings\Hp_administrator\Application Data\Apple Computer
    C:\Documents and Settings\Hp_administrator\Application Data\Cyberlink
    C:\Documents and Settings\Hp_administrator\Application Data\Datalayer
    C:\Documents and Settings\Hp_administrator\Application Data\F-secure
    C:\Documents and Settings\Hp_administrator\Application Data\Faststone
    C:\Documents and Settings\Hp_administrator\Application Data\Gearbox Software
    C:\Documents and Settings\Hp_administrator\Application Data\Google
    C:\Documents and Settings\Hp_administrator\Application Data\Hp
    C:\Documents and Settings\Hp_administrator\Application Data\Hpq
    C:\Documents and Settings\Hp_administrator\Application Data\Identities
    C:\Documents and Settings\Hp_administrator\Application Data\Image Zone Express
    C:\Documents and Settings\Hp_administrator\Application Data\Ispnews
    C:\Documents and Settings\Hp_administrator\Application Data\Leadertech
    C:\Documents and Settings\Hp_administrator\Application Data\Macromedia
    C:\Documents and Settings\Hp_administrator\Application Data\Microsoft
    C:\Documents and Settings\Hp_administrator\Application Data\Mozilla
    C:\Documents and Settings\Hp_administrator\Application Data\Nokia
    C:\Documents and Settings\Hp_administrator\Application Data\Nokia Multimedia Player
    C:\Documents and Settings\Hp_administrator\Application Data\Notepad++
    C:\Documents and Settings\Hp_administrator\Application Data\Opera
    C:\Documents and Settings\Hp_administrator\Application Data\Pc Suite
    C:\Documents and Settings\Hp_administrator\Application Data\Siteadvisor
    C:\Documents and Settings\Hp_administrator\Application Data\Skype
    C:\Documents and Settings\Hp_administrator\Application Data\Smartftp
    C:\Documents and Settings\Hp_administrator\Application Data\Sonic
    C:\Documents and Settings\Hp_administrator\Application Data\Sun
    C:\Documents and Settings\Hp_administrator\Application Data\Talkback
    C:\Documents and Settings\Hp_administrator\Application Data\Teamspeak2
    C:\Documents and Settings\Hp_administrator\Application Data\Template -- EMPTY Directory
    C:\Documents and Settings\Hp_administrator\Application Data\Vso
    C:\Documents and Settings\Localservice\Application Data\Adobe
    C:\Documents and Settings\Localservice\Application Data\Microsoft
    C:\Documents and Settings\Localservice\Application Data\Mozilla
    C:\Documents and Settings\Localservice\Application Data\Siteadvisor
    C:\Documents and Settings\Mara\Application Data\Adobe
    C:\Documents and Settings\Mara\Application Data\Adobeum -- EMPTY Directory
    C:\Documents and Settings\Mara\Application Data\Apple Computer
    C:\Documents and Settings\Mara\Application Data\Cyberlink
    C:\Documents and Settings\Mara\Application Data\Datalayer
    C:\Documents and Settings\Mara\Application Data\Dvdcss
    C:\Documents and Settings\Mara\Application Data\Exporttool
    C:\Documents and Settings\Mara\Application Data\F-secure
    C:\Documents and Settings\Mara\Application Data\Faststone
    C:\Documents and Settings\Mara\Application Data\Google
    C:\Documents and Settings\Mara\Application Data\Hp
    C:\Documents and Settings\Mara\Application Data\Hpq
    C:\Documents and Settings\Mara\Application Data\Identities
    C:\Documents and Settings\Mara\Application Data\Image Zone Express
    C:\Documents and Settings\Mara\Application Data\Ispnews
    C:\Documents and Settings\Mara\Application Data\Lacie
    C:\Documents and Settings\Mara\Application Data\Leadertech
    C:\Documents and Settings\Mara\Application Data\Macromedia
    C:\Documents and Settings\Mara\Application Data\Microsoft
    C:\Documents and Settings\Mara\Application Data\Mozilla
    C:\Documents and Settings\Mara\Application Data\Msninstaller
    C:\Documents and Settings\Mara\Application Data\Nokia
    C:\Documents and Settings\Mara\Application Data\Nokia Multimedia Player
    C:\Documents and Settings\Mara\Application Data\Notepad++
    C:\Documents and Settings\Mara\Application Data\Nview_wallpaper
    C:\Documents and Settings\Mara\Application Data\Opera
    C:\Documents and Settings\Mara\Application Data\Otto
    C:\Documents and Settings\Mara\Application Data\Pc Suite
    C:\Documents and Settings\Mara\Application Data\Siteadvisor
    C:\Documents and Settings\Mara\Application Data\Skype
    C:\Documents and Settings\Mara\Application Data\Smartftp
    C:\Documents and Settings\Mara\Application Data\Sonic
    C:\Documents and Settings\Mara\Application Data\Sony Corporation
    C:\Documents and Settings\Mara\Application Data\Sun
    C:\Documents and Settings\Mara\Application Data\Talkback
    C:\Documents and Settings\Mara\Application Data\Toshiba
    C:\Documents and Settings\Mara\Application Data\Utorrent
    C:\Documents and Settings\Mara\Application Data\Ventrilo
    C:\Documents and Settings\Mara\Application Data\Vlc
    C:\Documents and Settings\Mara\Application Data\Vso
    C:\Documents and Settings\Networkservice\Application Data\Microsoft
    C:\Documents and Settings\Päivi\Application Data\Faststone
    C:\Documents and Settings\Päivi\Application Data\Hp
    C:\Documents and Settings\Päivi\Application Data\Identities
    C:\Documents and Settings\Päivi\Application Data\Ispnews
    C:\Documents and Settings\Päivi\Application Data\Microsoft
    C:\Documents and Settings\Päivi\Application Data\Pc Suite
    C:\Documents and Settings\Päivi\Application Data\Siteadvisor


    Poistin cccleanerilla turhat jutut pois ja korjasin kaikki rekisteri virheet joita oli yli 200 otin niistä varoiksi varmuuskopiot


    onko sulla tietoa että onko tuossa HJT logissa mitään outoa
     
    Makkei, Mar 20, 2007
    #13
  14. Auttaja

    Auttaja Guest

    se on ollu koko ajan melko hyvän näkönen, päivitä java ja laita sitten taas uusi, kaikki haittaohjelmat ei nimittäin näy siinäkään lokissa :)
     
    Auttaja, Mar 20, 2007
    #14
  15. Makkei

    Makkei Regular member

    Joined:
    Jan 16, 2006
    Messages:
    169
    Likes Received:
    0
    Trophy Points:
    26
    Olen päivittänyt javan aikoja sitten. pistän uuden login kun pääsen koulusta ja niitä popuppeja ei oo näkyny vähään aikaan.

    täs ois ny tää loki ku kerkesin laittaa.


    Logfile of HijackThis v1.99.1
    Scan saved at 15:25:01, on 21.3.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
    C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\Program Files\SiteAdvisor\6009\SiteAdv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\WINDOWS\arservice.exe
    C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\FastStone Capture\FSCapture.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\Program Files\SiteAdvisor\6009\SAService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    C:\Program Files\F-Secure\Common\FIH32.EXE
    C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\F-Secure\FSGUI\fsguidll.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Hjt\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fin.afterdawn.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = dna Internet Explorer
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://paivitys.dnainternet.fi/yhteys/proxy.pac
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6009\SiteAdv.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6009\SiteAdv.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
    O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6009\SiteAdv.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
    O4 - Global Startup: FastStone Capture.lnk = C:\Program Files\FastStone Capture\FSCapture.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Photosmart Premier -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6009\SiteAdv.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - C:\Program Files\Common Files\A&W\MidRadio.ocx
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6009\SAService.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

     
    Last edited: Mar 21, 2007
    Makkei, Mar 20, 2007
    #15
  16. Auttaja

    Auttaja Guest

    Eheytys, virheet

    Avaa omatietokone
    Paina oikealla napilla C: asemaa
    ->valitse ominaisuudet
    Avaa työkalut välilehti
    ->aja virheen etsintä
    *molemmat kohdat, siis etsi ja korjaa
    ->eheytä kiintolevy

    *********

    Lataa tuosta CCleaner ja asenna se: http://ccleaner.com/download/downloadpage.aspx?1
    Kun asennat tätä ohjelmaa niin älä asenna sen mukana tulevaa yahoo-toolbaria. Tämä ohjelma
    etsii ja poistaa ns. turhia tiedostoja koneeltasi eli esim: temp tiedostot ja tällä saat myös
    puhdistettua rekisterisi. -korjaa automaattisesti tiedostojärjestelmän virheet¨
    -etsi ja yritä korjata virheelliset sektorit

    kerro jos ongelmia tahi kysyttävää
     
    Auttaja, Mar 21, 2007
    #16
  17. Makkei

    Makkei Regular member

    Joined:
    Jan 16, 2006
    Messages:
    169
    Likes Received:
    0
    Trophy Points:
    26
    Levyn tarkistusta ei voitu suorittaa koska levyä ei saatu yksityiskäyttöön.
     
    Last edited: Mar 22, 2007
    Makkei, Mar 22, 2007
    #17
  18. Auttaja

    Auttaja Guest

    Käynnistäppä kone uudelleen ja kato mitä tapahtuu =)
     
    Auttaja, Mar 22, 2007
    #18
  19. Makkei

    Makkei Regular member

    Joined:
    Jan 16, 2006
    Messages:
    169
    Likes Received:
    0
    Trophy Points:
    26
    joo kokeilen.
    Tähän vielä tämmöinen että miksi prosessori käyttö nousee sataan vaikka käytettäessä Internet Exploreria tai muita ohjelmia
    ja kun kirjautuu ulos ja takaisin sisälle niin kaikki toimii niinkuin pitäisi.
     
    Makkei, Mar 22, 2007
    #19
  20. Auttaja

    Auttaja Guest

    en ikin' ennen oo neuvonu ketään tekemään tätä, mutta tee tää :)

    Escan
    Ohjeet tuolla sivulla.
    http://koti.mbnet.fi/pattaya1/escanmwav.htm
    lataa tuosta
    http://www.spywareinfo.dk/download/mwav.exe
    päivitä tuosta
    http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
    laita täpit merkkauksien mukaan
    http://koti.mbnet.fi/pattaya1/eScan6.jpg

    scannaa

    jos ala luukkuun tulee jotain niin kopioi se näin:
    Käytä komentoa Ctrl+A.
    Kopioi rivit komennolla Ctrl+C.
    Liitä rivit komennolla Ctrl+V.

    Laita virus log tänne.

    Voi olla että jotain löytyy :)
     
    Auttaja, Mar 22, 2007
    #20
Page 1 of 2

Share This Page