Onko mitään vikaa?

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by mmari, Jul 30, 2007.

  1. mmari

    mmari Member

    Joined:
    Jul 30, 2007
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    11
    Kone on hidastunut ja pop upeja tulee kokoajan esim. error safe, antivirus, musicPlusTv.com, cellorador, jamba.. Htj näyttää tältä:

    Logfile of HijackThis v1.99.1
    Scan saved at 13:44:59, on 30.7.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
    C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
    C:\Program Files\dna Nettiturva\Anti-Virus\FSGK32.EXE
    C:\Program Files\dna Nettiturva\Common\FSMB32.EXE
    C:\Program Files\dna Nettiturva\Common\FCH32.EXE
    C:\Program Files\dna Nettiturva\Anti-Virus\fssm32.exe
    C:\Program Files\dna Nettiturva\Anti-Virus\fsqh.exe
    C:\Program Files\dna Nettiturva\Common\FAMEH32.EXE
    C:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe
    C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
    C:\Program Files\dna Nettiturva\FSAUA\program\fsus.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\S & M\Työpöytä\HijackThis.exe
    C:\Program Files\dna Nettiturva\Common\FSM32.EXE
    C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\dna Nettiturva\FSGUI\fsguidll.exe
    C:\Program Files\dna Nettiturva\Anti-Virus\fsav32.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.suomi24.fi/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.suomi24.fi/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = dna Internet Explorer
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://paivitys.dnainternet.fi/yhteys/proxy.pac
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\dna Nettiturva\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\dna Nettiturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\hmscxauv.dll",sitypnow
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/29bd527656e0f1485422/netzip/RdxIE601.cab
    O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash2/sis/DinerDash2.1.0.0.67.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
    O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
     
    mmari, Jul 30, 2007
    #1
  2. yamaneko

    yamaneko Senior member

    Joined:
    Sep 22, 2005
    Messages:
    5,093
    Likes Received:
    1
    Trophy Points:
    118
    yamaneko, Jul 30, 2007
    #2
  3. mmari

    mmari Member

    Joined:
    Jul 30, 2007
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    11
    Tässä uusi hjt

    Logfile of HijackThis v1.99.1
    Scan saved at 14:25:39, on 30.7.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
    C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
    C:\Program Files\dna Nettiturva\Anti-Virus\FSGK32.EXE
    C:\Program Files\dna Nettiturva\Common\FSMB32.EXE
    C:\Program Files\dna Nettiturva\Common\FCH32.EXE
    C:\Program Files\dna Nettiturva\Anti-Virus\fssm32.exe
    C:\Program Files\dna Nettiturva\Anti-Virus\fsqh.exe
    C:\Program Files\dna Nettiturva\Common\FAMEH32.EXE
    C:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe
    C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
    C:\Program Files\dna Nettiturva\FSAUA\program\fsus.exe
    C:\Program Files\dna Nettiturva\Common\FSM32.EXE
    C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\dna Nettiturva\FSGUI\fsguidll.exe
    C:\Program Files\dna Nettiturva\Anti-Virus\fsav32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Hjt\Skanneri.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.suomi24.fi/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.suomi24.fi/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = dna Internet Explorer
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://paivitys.dnainternet.fi/yhteys/proxy.pac
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {76904B5A-E3C5-4117-B5D2-CCD85A876C8B} - C:\WINDOWS\system32\ljhgh.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8BF884A4-CF81-4E00-B7C1-076FCE6CFDD7} - C:\WINDOWS\system32\tuvwtrs.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\hfarwnge.dll
    O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\dna Nettiturva\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\dna Nettiturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\hmscxauv.dll",sitypnow
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/29bd527656e0f1485422/netzip/RdxIE601.cab
    O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash2/sis/DinerDash2.1.0.0.67.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: ljhgh - C:\WINDOWS\system32\ljhgh.dll
    O20 - Winlogon Notify: tuvwtrs - C:\WINDOWS\SYSTEM32\tuvwtrs.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
    O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\dna Nettiturva\Common\FSMA32.EXE

     
    mmari, Jul 30, 2007
    #3
  4. yamaneko

    yamaneko Senior member

    Joined:
    Sep 22, 2005
    Messages:
    5,093
    Likes Received:
    1
    Trophy Points:
    118
    1.
    Lataa VundoFix.exe työpöydällesi.
    [*]Tupla-klikkaa VundoFix.exe ajaaksesi sen.
    [*]Klikkaa Scan for Vundo valintaa.
    [*]Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
    [*]Sinulta kysytään haluatko poistaa filut - klikkaa YES.
    [*]Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
    [*]Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
    [*]Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.


    Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
    Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

    2.
    1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
    combofix.exe
    combofix.exe

    2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
    3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.


    3.
    Ota uusi Hijackthis -loki ja postita yhdessä C:\vundofix.txt ja C:\ComboFix.txt kanssa tänne
     
    yamaneko, Jul 30, 2007
    #4
  5. mmari

    mmari Member

    Joined:
    Jul 30, 2007
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    11
    VundoFix:

    VundoFix V6.5.6

    Checking Java version...

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Scan started at 13:27:41 30.7.2007

    Listing files found while scanning....

    C:\windows\system32\ddcde.dll
    C:\WINDOWS\system32\hghjl.bak1
    C:\WINDOWS\system32\hghjl.bak2
    C:\WINDOWS\system32\hghjl.ini
    C:\WINDOWS\system32\hghjl.ini2
    C:\WINDOWS\system32\hghjl.tmp
    C:\windows\system32\hvyterxi.dll
    C:\windows\system32\ixretyvh.ini
    C:\windows\system32\khtnixtn.dll
    C:\WINDOWS\system32\ljhgh.dll
    C:\windows\system32\sufqnehu.ini
    C:\windows\system32\swwsqjhd.dll
    C:\WINDOWS\system32\tuvwtrs.dll
    C:\windows\system32\uhenqfus.dll
    C:\windows\system32\vekhhkvk.dll
    C:\windows\system32\xaogtyqo.dll
    C:\windows\system32\xyjvqxsn.dll

    Beginning removal...

    Attempting to delete C:\windows\system32\ddcde.dll
    C:\windows\system32\ddcde.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\hghjl.bak1
    C:\WINDOWS\system32\hghjl.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\hghjl.bak2
    C:\WINDOWS\system32\hghjl.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\hghjl.ini
    C:\WINDOWS\system32\hghjl.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\hghjl.ini2
    C:\WINDOWS\system32\hghjl.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\hghjl.tmp
    C:\WINDOWS\system32\hghjl.tmp Has been deleted!

    Attempting to delete C:\windows\system32\hvyterxi.dll
    C:\windows\system32\hvyterxi.dll Has been deleted!

    Attempting to delete C:\windows\system32\ixretyvh.ini
    C:\windows\system32\ixretyvh.ini Has been deleted!

    Attempting to delete C:\windows\system32\khtnixtn.dll
    C:\windows\system32\khtnixtn.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ljhgh.dll
    C:\WINDOWS\system32\ljhgh.dll Could not be deleted.

    Attempting to delete C:\windows\system32\sufqnehu.ini
    C:\windows\system32\sufqnehu.ini Has been deleted!

    Attempting to delete C:\windows\system32\swwsqjhd.dll
    C:\windows\system32\swwsqjhd.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\tuvwtrs.dll
    C:\WINDOWS\system32\tuvwtrs.dll Could not be deleted.

    Attempting to delete C:\windows\system32\uhenqfus.dll
    C:\windows\system32\uhenqfus.dll Has been deleted!

    Attempting to delete C:\windows\system32\vekhhkvk.dll
    C:\windows\system32\vekhhkvk.dll Has been deleted!

    Attempting to delete C:\windows\system32\xaogtyqo.dll
    C:\windows\system32\xaogtyqo.dll Has been deleted!

    Attempting to delete C:\windows\system32\xyjvqxsn.dll
    C:\windows\system32\xyjvqxsn.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\hghjl.ini
    C:\WINDOWS\system32\hghjl.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\hghjl.ini2
    C:\WINDOWS\system32\hghjl.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ljhgh.dll
    C:\WINDOWS\system32\ljhgh.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\tuvwtrs.dll
    C:\WINDOWS\system32\tuvwtrs.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    VundoFix V6.5.6

    Checking Java version...

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Scan started at 14:11:28 30.7.2007

    Listing files found while scanning....

    C:\windows\system32\hghjl.ini
    C:\WINDOWS\system32\ljhgh.dll
    C:\WINDOWS\system32\tuvwtrs.dll

    VundoFix V6.5.6

    Checking Java version...

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Scan started at 19:45:05 30.7.2007

    Listing files found while scanning....

    C:\windows\system32\hghjl.bak1
    C:\WINDOWS\system32\hghjl.ini
    C:\WINDOWS\system32\hghjl.ini2
    C:\WINDOWS\system32\hghjl.tmp
    C:\WINDOWS\system32\ljhgh.dll
    C:\WINDOWS\system32\tuvwtrs.dll

    Beginning removal...

    Attempting to delete C:\windows\system32\hghjl.bak1
    C:\windows\system32\hghjl.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\hghjl.ini
    C:\WINDOWS\system32\hghjl.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\hghjl.ini2
    C:\WINDOWS\system32\hghjl.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\hghjl.tmp
    C:\WINDOWS\system32\hghjl.tmp Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ljhgh.dll
    C:\WINDOWS\system32\ljhgh.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\tuvwtrs.dll
    C:\WINDOWS\system32\tuvwtrs.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\hghjl.ini
    C:\WINDOWS\system32\hghjl.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\hghjl.ini2
    C:\WINDOWS\system32\hghjl.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ljhgh.dll
    C:\WINDOWS\system32\ljhgh.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\tuvwtrs.dll
    C:\WINDOWS\system32\tuvwtrs.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    ComboFix:
    ComboFix 07-07-30.2 - "S & M" 2007-07-30 20:04:47.1 [GMT 3:00] - NTFS
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.Tosi
    * Created a new restore point


    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\hfarwnge.dll
    C:\WINDOWS\system32\takxcagv.dll
    C:\WINDOWS\system32\hghjl.ini
    C:\WINDOWS\system32\cdccf.bak1
    C:\WINDOWS\system32\ljhgh.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\S&M~1\TYPYT~1\internet.lnk
    e:\RECYCLER\Kama Sutra (Photo Book).pdf


    ((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-30 )))))))))))))))))))))))))))))))


    2007-07-30 20:02 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-30 15:21 126,016 --a------ C:\WINDOWS\system32\xxopigfl.dll
    2007-07-30 15:18 66,112 --a------ C:\WINDOWS\system32\teswjhii.exe
    2007-07-30 14:23 <KANSIO> d-------- C:\Hjt
    2007-07-30 13:27 <KANSIO> d-------- C:\VundoFix Backups
    2007-07-30 12:45 4,672 --a------ C:\WINDOWS\system32\tducxjxf.exe
    2007-07-30 12:42 66,112 --a------ C:\WINDOWS\system32\ynugvfnp.exe
    2007-07-30 12:40 4,672 --a------ C:\WINDOWS\system32\hqkghhgt.exe
    2007-07-30 12:27 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\fssg
    2007-07-29 15:24 126,016 --------- C:\WINDOWS\system32\pixbawjv.dll
    2007-07-26 19:22 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberon Games
    2007-07-26 18:55 <KANSIO> d-------- C:\DOCUME~1\S&M~1\APPLIC~1\Gamelab
    2007-07-26 18:54 <KANSIO> d-------- C:\Program Files\PlayFirst
    2007-07-26 13:40 <KANSIO> d-------- C:\WINDOWS\system32\appmgmt
    2007-07-24 17:28 <KANSIO> d-------- C:\Program Files\DaemonTools_WhenUSave_Installer
    2007-07-24 17:27 <KANSIO> d-------- C:\Program Files\DAEMON Tools
    2007-07-24 17:19 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2007-07-24 17:13 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
    2007-07-24 17:13 160,640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
    2007-07-24 17:12 <KANSIO> d-------- C:\Program Files\Alcohol Soft
    2007-07-23 15:00 126,016 --a------ C:\WINDOWS\system32\psqhbtax.dll
    2007-07-19 20:30 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-07-16 12:35 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TERMINAL Studio
    2007-07-15 22:09 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
    2007-07-15 22:00 <KANSIO> d-------- C:\Program Files\BFG
    2007-07-15 16:55 <KANSIO> d-------- C:\DOCUME~1\S&M~1\APPLIC~1\Azureus
    2007-07-15 16:54 <KANSIO> d-------- C:\Program Files\Azureus
    2007-07-14 15:03 <KANSIO> d-------- C:\Program Files\bfgclient
    2007-07-14 15:03 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFishGamesCache
    2007-07-14 14:59 <KANSIO> d-------- C:\WINDOWS\pss
    2007-07-13 20:52 3,670,016 --a------ C:\DOCUME~1\S&M~1\ntuser.dat
    2007-07-13 20:51 <KANSIO> d-------- C:\Program Files\IObit
    2007-07-13 20:00 <KANSIO> d-------- C:\Program Files\Panicware
    2007-07-13 17:44 <KANSIO> dr------- C:\DOCUME~1\LOCALS~1\Suosikit
    2007-07-13 17:36 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Legacy Interactive
    2007-07-12 20:45 <KANSIO> d--hs---- C:\WINDOWS\ftpcache
    2007-07-12 20:45 <KANSIO> d-------- C:\DOCUME~1\S&M~1\APPLIC~1\Sandlot Games
    2007-07-12 20:45 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
    2007-07-11 14:06 <KANSIO> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    2007-07-07 12:03 128,576 --a------ C:\WINDOWS\system32\avhfokdy.dll
    2007-07-04 16:48 <KANSIO> d-------- C:\Program Files\ReflexiveArcade
    2007-07-04 16:22 31,254 --a------ C:\WINDOWS\system32\iiffdaa.dll
    2007-07-04 16:22 31,254 --a------ C:\WINDOWS\system32\cbxuuuv.dll
    2007-07-04 16:22 31,254 --a------ C:\WINDOWS\system32\byxwwvt.dll
    2007-07-04 16:21 31,254 --------- C:\WINDOWS\system32\tuvwtrs.dll
    2007-07-04 16:09 <KANSIO> d-------- C:\Program Files\Shockwave.com
    2007-07-04 15:40 <KANSIO> d-------- C:\DOCUME~1\S&M~1\APPLIC~1\PlayFirst
    2007-07-04 15:40 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
    2007-06-21 20:29 <KANSIO> d-------- C:\DOCUME~1\S&M~1\APPLIC~1\WinRAR
    2007-06-17 20:04 <KANSIO> d--h----- C:\WINDOWS\PIF
    2007-06-17 18:38 <KANSIO> d-------- C:\Downloads


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-30 12:39 --------- d-------- C:\Program Files\dna Nettiturva
    2007-07-30 12:33 51644 --a------ C:\WINDOWS\system32\perfc00B.dat
    2007-07-30 12:33 290046 --a------ C:\WINDOWS\system32\perfh00B.dat
    2007-07-24 17:20 --------- d-------- C:\DOCUME~1\S&M~1\APPLIC~1\foobar2000
    2007-06-22 14:09 --------- d-------- C:\Program Files\eMule
    2007-06-22 12:49 --------- d-------- C:\Program Files\LimeWire
    2007-05-30 20:46 --------- d-------- C:\Program Files\CCleaner
    2007-05-16 18:14 683520 --a------ C:\WINDOWS\system32\inetcomm.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8BF884A4-CF81-4E00-B7C1-076FCE6CFDD7}]
    2007-07-04 16:21 31254 --------- C:\WINDOWS\system32\tuvwtrs.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "F-Secure Manager"="C:\Program Files\dna Nettiturva\Common\FSM32.exe" [2007-04-26 20:12]
    "F-Secure TNB"="C:\Program Files\dna Nettiturva\FSGUI\TNBUtil.exe" [2007-04-26 20:10]
    "News Service"="C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe" [2005-05-31 15:45]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-02-13 21:29]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 01:29]

    C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{8BF884A4-CF81-4E00-B7C1-076FCE6CFDD7}"= C:\WINDOWS\system32\tuvwtrs.dll [2007-07-04 16:21 31254]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvwtrs]
    tuvwtrs.dll 2007-07-04 16:21 31254 C:\WINDOWS\system32\tuvwtrs.dll

    R0 a347bus;a347bus;C:\WINDOWS\system32\DRIVERS\a347bus.sys
    R0 a347scsi;a347scsi;C:\WINDOWS\system32\Drivers\a347scsi.sys
    R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys
    R1 F-Secure HIPS;F-Secure HIPS;\??\C:\Program Files\dna Nettiturva\HIPS\fshs.sys
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Program Files\dna Nettiturva\Anti-Virus\minifilter\fsgk.sys
    S4 F-Secure Filter;F-Secure File System Filter;\??\C:\Program Files\dna Nettiturva\Anti-Virus\Win2K\FSfilter.sys
    S4 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Program Files\dna Nettiturva\Anti-Virus\Win2K\FSrec.sys


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd1a5116-39f1-11dc-a988-00304f184b05}]
    AutoRun\command- I:\AUTOPLAY.EXE


    Contents of the 'Scheduled Tasks' folder
    2007-07-30 09:44:22 C:\WINDOWS\Tasks\Scheduled scanning task.job

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-30 20:15:41
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\xb9m\xd3w\2]
    "AB79C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
    "DisplayName"="Alcohol 120"

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-30 20:22:39 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-07-30 20:21

    --- E O F ---
    Hjt:
    Logfile of HijackThis v1.99.1
    Scan saved at 20:24:58, on 30.7.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
    C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
    C:\Program Files\dna Nettiturva\Anti-Virus\FSGK32.EXE
    C:\Program Files\dna Nettiturva\Common\FSMB32.EXE
    C:\Program Files\dna Nettiturva\Common\FCH32.EXE
    C:\Program Files\dna Nettiturva\Common\FAMEH32.EXE
    C:\Program Files\dna Nettiturva\Anti-Virus\fsqh.exe
    C:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe
    C:\Program Files\dna Nettiturva\Anti-Virus\fssm32.exe
    C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
    C:\Program Files\dna Nettiturva\FSAUA\program\fsus.exe
    C:\Program Files\dna Nettiturva\Anti-Virus\fsav32.exe
    C:\Program Files\dna Nettiturva\Common\FSM32.EXE
    C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\dna Nettiturva\FSGUI\fsguidll.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Hjt\Skanneri.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.suomi24.fi/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://paivitys.dnainternet.fi/yhteys/proxy.pac
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8BF884A4-CF81-4E00-B7C1-076FCE6CFDD7} - C:\WINDOWS\system32\tuvwtrs.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\dna Nettiturva\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\dna Nettiturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/29bd527656e0f1485422/netzip/RdxIE601.cab
    O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash2/sis/DinerDash2.1.0.0.67.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: tuvwtrs - C:\WINDOWS\SYSTEM32\tuvwtrs.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
    O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\dna Nettiturva\Common\FSMA32.EXE

    Mitä mun pitäisi nyt tehdä?
     
    mmari, Jul 30, 2007
    #5
  6. yamaneko

    yamaneko Senior member

    Joined:
    Sep 22, 2005
    Messages:
    5,093
    Likes Received:
    1
    Trophy Points:
    118
    1.
    Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

    Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
    edes .txt).

    Sitten raahaa CFScript ComboFix.exeen kuten alla.

    [​IMG]

    Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

    2.
    Uusi Hjt-loki
     
    yamaneko, Jul 31, 2007
    #6
  7. mmari

    mmari Member

    Joined:
    Jul 30, 2007
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    11
    ComboFix 07-07-30.2 - "S & M" 2007-07-31 19:57:27.2 [GMT 3:00] - NTFS
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.Tosi
    Command switches used ::
    * Created a new restore point


    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\cnipphod.dll
    C:\WINDOWS\system32\rsuvw.bak1
    C:\WINDOWS\system32\rsuvw.bak2
    C:\WINDOWS\system32\rsuvw.ini
    C:\WINDOWS\system32\wvusr.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\hqkghhgt.exe
    C:\WINDOWS\system32\tducxjxf.exe
    C:\WINDOWS\system32\teswjhii.exe
    C:\WINDOWS\system32\tuvwtrs.dll
    C:\WINDOWS\system32\ynugvfnp.exe


    ((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-31 )))))))))))))))))))))))))))))))


    2007-07-31 10:57 125,504 --a------ C:\WINDOWS\system32\xdgirsxy.dll
    2007-07-31 10:51 66,112 --a------ C:\WINDOWS\system32\qupoldxt.exe
    2007-07-31 10:50 4,672 --a------ C:\WINDOWS\system32\dskjskms.exe
    2007-07-30 20:02 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-30 14:23 <KANSIO> d-------- C:\Hjt
    2007-07-30 13:27 <KANSIO> d-------- C:\VundoFix Backups
    2007-07-30 12:27 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\fssg
    2007-07-26 19:22 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberon Games
    2007-07-26 18:55 <KANSIO> d-------- C:\DOCUME~1\S&M~1\APPLIC~1\Gamelab
    2007-07-26 18:54 <KANSIO> d-------- C:\Program Files\PlayFirst
    2007-07-26 13:40 <KANSIO> d-------- C:\WINDOWS\system32\appmgmt
    2007-07-24 17:28 <KANSIO> d-------- C:\Program Files\DaemonTools_WhenUSave_Installer
    2007-07-24 17:27 <KANSIO> d-------- C:\Program Files\DAEMON Tools
    2007-07-24 17:19 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2007-07-24 17:13 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
    2007-07-24 17:13 160,640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
    2007-07-24 17:12 <KANSIO> d-------- C:\Program Files\Alcohol Soft
    2007-07-19 20:30 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-07-16 12:35 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TERMINAL Studio
    2007-07-15 22:09 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
    2007-07-15 22:00 <KANSIO> d-------- C:\Program Files\BFG
    2007-07-15 16:55 <KANSIO> d-------- C:\DOCUME~1\S&M~1\APPLIC~1\Azureus
    2007-07-15 16:54 <KANSIO> d-------- C:\Program Files\Azureus
    2007-07-14 15:03 <KANSIO> d-------- C:\Program Files\bfgclient
    2007-07-14 15:03 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFishGamesCache
    2007-07-14 14:59 <KANSIO> d-------- C:\WINDOWS\pss
    2007-07-13 20:52 3,670,016 --a------ C:\DOCUME~1\S&M~1\ntuser.dat
    2007-07-13 20:51 <KANSIO> d-------- C:\Program Files\IObit
    2007-07-13 20:00 <KANSIO> d-------- C:\Program Files\Panicware
    2007-07-13 17:44 <KANSIO> dr------- C:\DOCUME~1\LOCALS~1\Suosikit
    2007-07-13 17:36 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Legacy Interactive
    2007-07-12 20:45 <KANSIO> d--hs---- C:\WINDOWS\ftpcache
    2007-07-12 20:45 <KANSIO> d-------- C:\DOCUME~1\S&M~1\APPLIC~1\Sandlot Games
    2007-07-12 20:45 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
    2007-07-11 14:06 <KANSIO> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    2007-07-04 16:48 <KANSIO> d-------- C:\Program Files\ReflexiveArcade
    2007-07-04 16:09 <KANSIO> d-------- C:\Program Files\Shockwave.com
    2007-07-04 15:40 <KANSIO> d-------- C:\DOCUME~1\S&M~1\APPLIC~1\PlayFirst
    2007-07-04 15:40 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
    2007-06-21 20:29 <KANSIO> d-------- C:\DOCUME~1\S&M~1\APPLIC~1\WinRAR
    2007-06-17 20:04 <KANSIO> d--h----- C:\WINDOWS\PIF
    2007-06-17 18:38 <KANSIO> d-------- C:\Downloads


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-31 12:11 --------- d-------- C:\DOCUME~1\S&M~1\APPLIC~1\foobar2000
    2007-07-30 12:39 --------- d-------- C:\Program Files\dna Nettiturva
    2007-07-30 12:33 51644 --a------ C:\WINDOWS\system32\perfc00B.dat
    2007-07-30 12:33 290046 --a------ C:\WINDOWS\system32\perfh00B.dat
    2007-06-22 14:09 --------- d-------- C:\Program Files\eMule
    2007-06-22 12:49 --------- d-------- C:\Program Files\LimeWire
    2007-05-30 20:46 --------- d-------- C:\Program Files\CCleaner
    2007-05-16 18:14 683520 --a------ C:\WINDOWS\system32\inetcomm.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "F-Secure Manager"="C:\Program Files\dna Nettiturva\Common\FSM32.exe" [2007-04-26 20:12]
    "F-Secure TNB"="C:\Program Files\dna Nettiturva\FSGUI\TNBUtil.exe" [2007-04-26 20:10]
    "News Service"="C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe" [2005-05-31 15:45]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-02-13 21:29]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 01:29]

    C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56]

    R0 a347bus;a347bus;C:\WINDOWS\system32\DRIVERS\a347bus.sys
    R0 a347scsi;a347scsi;C:\WINDOWS\system32\Drivers\a347scsi.sys
    R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys
    R1 F-Secure HIPS;F-Secure HIPS;\??\C:\Program Files\dna Nettiturva\HIPS\fshs.sys
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Program Files\dna Nettiturva\Anti-Virus\minifilter\fsgk.sys
    S4 F-Secure Filter;F-Secure File System Filter;\??\C:\Program Files\dna Nettiturva\Anti-Virus\Win2K\FSfilter.sys
    S4 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Program Files\dna Nettiturva\Anti-Virus\Win2K\FSrec.sys


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd1a5116-39f1-11dc-a988-00304f184b05}]
    AutoRun\command- I:\AUTOPLAY.EXE


    Contents of the 'Scheduled Tasks' folder
    2007-07-31 07:53:35 C:\WINDOWS\Tasks\Scheduled scanning task.job

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-31 20:09:59
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\xb9m\xd3w\2]
    "AB79C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
    "DisplayName"="Alcohol 120"

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-31 20:15:12 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-07-31 20:14
    C:\ComboFix2.txt ... 2007-07-30 20:22

    --- E O F ---

    Logfile of HijackThis v1.99.1
    Scan saved at 20:16:37, on 31.7.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
    C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
    C:\Program Files\dna Nettiturva\Anti-Virus\FSGK32.EXE
    C:\Program Files\dna Nettiturva\Common\FSMB32.EXE
    C:\Program Files\dna Nettiturva\Common\FCH32.EXE
    C:\Program Files\dna Nettiturva\Common\FAMEH32.EXE
    C:\Program Files\dna Nettiturva\Anti-Virus\fsqh.exe
    C:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe
    C:\Program Files\dna Nettiturva\Anti-Virus\fssm32.exe
    C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
    C:\Program Files\dna Nettiturva\FSAUA\program\fsus.exe
    C:\Program Files\dna Nettiturva\Common\FSM32.EXE
    C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\dna Nettiturva\FSGUI\fsguidll.exe
    C:\Program Files\dna Nettiturva\Anti-Virus\fsav32.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Hjt\Skanneri.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.suomi24.fi/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://paivitys.dnainternet.fi/yhteys/proxy.pac
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\dna Nettiturva\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\dna Nettiturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/29bd527656e0f1485422/netzip/RdxIE601.cab
    O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash2/sis/DinerDash2.1.0.0.67.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
    O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\dna Nettiturva\Common\FSMA32.EXE

    Mitä sitten?
     
    mmari, Jul 31, 2007
    #7
  8. yamaneko

    yamaneko Senior member

    Joined:
    Sep 22, 2005
    Messages:
    5,093
    Likes Received:
    1
    Trophy Points:
    118
    Koita vielä jaksaa :) Ollaan loppusuoralla!

    1.
    Käynnistä Hijackthis ja valitse Do a system scan only
    Valitse seuraavat rivit:

    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/29bd527656e0...ip/RdxIE601.cab

    Valitse lopuksi Fix checked

    2.
    Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

    Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
    edes .txt).

    Sitten raahaa CFScript ComboFix.exeen kuten alla.

    [​IMG]

    Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

    3.
    Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta

    Lataa AVG Anti-Spyware 7.5 ja tallenna ohjelma työpöydällesi.
    [*]Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
    [*]Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
    [*]Käynnistä AVG Anti-Spyware.
    [*]Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.
    [*]Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.

    [*]Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
    [*]Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
    [*]Sitten "Reports" valikon alta:
    [*]Ota pois täppi kohdasta "Automatically generate report after every scan" (AVG a-s:ssä on bugi)
    [*]Ota täppi pois kohdasta"Only if threats were found"

    [*]Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
    [*]"Resident shield is", muuta tila active:sta inactive:ksi
    [*]Sulje ohjelma, ÄLÄ skannaa vielä.
    Käynnistä koneesi vikasietotilaan, Ohje!

    HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.
    [*]Kun vikasietotilassa, käynnistä AVG Anti-Spyware.
    [*]Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
    [*]AVG aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.

    Kun skannaus on valmis:
    TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
    [*]Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
    [*]Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"
    [​IMG]
    [*]Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
    [*]Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
    [*]Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG Anti-Spyware:n raportti viestikejuusi.
     
    yamaneko, Jul 31, 2007
    #8

Share This Page