Taas! IE aukoo seksisivuja itsekseen hjt.

nikozjr · Oct 22, 2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:21:46, on 22.10.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91AgentS1.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Multi data] "C:\ProgramData\AcidBlehBleh.cw1iw"
O4 - HKLM\..\Run: [copy bin slow 16] "C:\ProgramData\Comp Burn Blah.sl8qq"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 5105 bytes

MB löysi 3viirusta logi hävisi koska poistin ne ja en tajunnu että se käynnistää itsensä heti uudestaan.

laitan koht uudeestaan login scannailen läpi.

nikozjr · Oct 23, 2008

MB scannasi itsensä läpi. edelleen pomppii noi vitun popupit silmille koht lentää koko IE helvettiin...

Tuore logi:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:06:26, on 23.10.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91AgentS1.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PC Wizard 2008\PC Wizard.exe
C:\Program Files\PC Wizard 2008\PC Wizard.exe
C:\Program Files\PC Wizard 2008\pcwizard.dll
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Multi data] "C:\ProgramData\AcidBlehBleh.v5sth"
O4 - HKLM\..\Run: [copy bin slow 16] "C:\ProgramData\Comp Burn Blah.sl8qq"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 5486 bytes

kelari · Oct 23, 2008

http://www.virustorjunta.net/modules.php?name=Forums&file=viewtopic&t=16258

yaht · Oct 23, 2008

Vistassa pitää suorittaa toimen piteet järjestelmän valvoja.

Käynnistä Hijackthis ja merkitse seuraavat rivit.

O4 - HKLM\..\Run: [Multi data] "C:\ProgramData\AcidBlehBleh.cw1iw"
O4 - HKLM\..\Run: [copy bin slow 16] "C:\ProgramData\Comp Burn Blah.sl8qq"

Paina lopuksi Fix Checked.

1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä:
Combofix.exe
Combofix.exe

Avaa Combofix.exe ja seuraa näyttöön tulevia ohjeita

Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*

nikozjr · Oct 23, 2008

joo tota combofixii en saa toimimaan.. eikö oikeestaa enää innostakkaan. sen mukana tulee tämmösii..:

hijacthis logi combofixin jälkeen!:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:06:26, on 23.10.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91AgentS1.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PC Wizard 2008\PC Wizard.exe
C:\Program Files\PC Wizard 2008\PC Wizard.exe
C:\Program Files\PC Wizard 2008\pcwizard.dll
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Multi data] "C:\ProgramData\AcidBlehBleh.v5sth"
O4 - HKLM\..\Run: [copy bin slow 16] "C:\ProgramData\Comp Burn Blah.sl8qq"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 5486 bytes

EDIT::

rauhoituin vähäsen ja ajoin combofix läpi. viiruksia tulee combofixin mukana. mut poistin comodo firewall kokonaan niin combofix toimi. (ei auttanut jos suljin vaan comodo firewall)

LOGI:

ComboFix 08-10-23.01 - nikopoekaa 2008-10-23 20:13:23.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1035.18.1422 [GMT 3:00]
Sijainti: C:\Users\nikopoekaa\Downloads\ComboFix.exe
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Mahdollisesti saastuneet sivut -----

hxxp://youtouch.no-ip.biz
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-09-23 to 2008-10-23 )))))))))))))))))
.

2008-10-23 20:04 . 2008-10-23 20:12 <KANSIO> d-------- C:\32788R22FWJFW
2008-10-23 11:08 . 2005-05-26 15:34 2,297,552 --a------ C:\Windows\System32\d3dx9_26.dll
2008-10-23 10:56 . 2008-10-23 11:08 <KANSIO> d--h----- C:\Windows\msdownld.tmp
2008-10-22 22:18 . 2008-10-22 22:18 61,440 --a------ C:\Windows\System32\drivers\sqjzcw.sys
2008-10-22 21:08 . 2008-10-22 21:08 <KANSIO> d-------- C:\Users\All Users\Send acid copy bin
2008-10-22 21:08 . 2008-10-22 21:08 <KANSIO> d-------- C:\ProgramData\Send acid copy bin
2008-10-22 21:07 . 2008-10-22 21:08 <KANSIO> d-------- C:\Users\All Users\Funk manager bolt
2008-10-22 21:07 . 2008-10-22 21:08 <KANSIO> d-------- C:\ProgramData\Funk manager bolt
2008-10-22 21:07 . 2008-10-22 21:07 <KANSIO> d-------- C:\Program Files\Funk manager bolt
2008-10-22 17:54 . 2008-10-22 17:55 <KANSIO> d-------- C:\Users\nikopoekaa\AppData\Roaming\DivX
2008-10-22 17:53 . 2008-10-22 17:54 <KANSIO> d-------- C:\Program Files\DivX
2008-10-22 17:53 . 2008-10-22 17:53 <KANSIO> d-------- C:\Program Files\Common Files\PX Storage Engine
2008-10-21 21:45 . 2008-10-21 21:45 <KANSIO> d-------- C:\Program Files\HyCam2
2008-10-21 16:15 . 2008-10-21 16:15 <KANSIO> d-------- C:\Program Files\Sun
2008-10-21 16:13 . 2008-10-21 16:14 <KANSIO> d-------- C:\Program Files\Java
2008-10-21 16:08 . 2008-10-21 16:08 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-10-21 11:16 . 2008-10-21 13:05 280 --a------ C:\Windows\System32\PDBootState
2008-10-21 11:07 . 2008-10-21 11:07 <KANSIO> d-------- C:\Users\nikopoekaa\AppData\Roaming\U3
2008-10-21 11:07 . 2008-10-21 11:07 0 --a------ C:\LOG7E91.tmp
2008-10-21 11:05 . 2008-10-21 11:05 <KANSIO> d----c--- C:\Windows\System32\DRVSTORE
2008-10-21 11:05 . 2008-01-09 22:00 68,624 -ra------ C:\Windows\System32\drivers\DefragFS.sys
2008-10-21 11:04 . 2008-10-21 11:04 <KANSIO> d-------- C:\Users\All Users\Raxco
2008-10-21 11:04 . 2008-10-21 11:04 <KANSIO> d-------- C:\ProgramData\Raxco
2008-10-21 11:04 . 2008-10-21 11:04 <KANSIO> d-------- C:\Program Files\Raxco
2008-10-21 11:03 . 2008-10-21 11:03 <KANSIO> d-------- C:\Users\All Users\Protexis
2008-10-21 11:03 . 2008-10-21 11:03 <KANSIO> d-------- C:\ProgramData\Protexis
2008-10-20 21:30 . 2008-10-23 20:13 0 --ah----- C:\Windows\BITC778.tmp
2008-10-20 21:28 . 2008-10-20 21:28 <KANSIO> d-------- C:\Windows\System32\QuickTime
2008-10-20 21:28 . 2008-10-20 21:28 <KANSIO> d-------- C:\Users\All Users\TechSmith
2008-10-20 21:28 . 2008-10-20 21:28 <KANSIO> d-------- C:\ProgramData\TechSmith
2008-10-20 21:28 . 2008-01-18 03:36 107,864 --a------ C:\Windows\System32\tsccvid.dll
2008-10-20 21:28 . 2008-10-23 20:13 0 --ah----- C:\Windows\BIT5DEC.tmp
2008-10-20 21:27 . 2008-10-20 21:27 <KANSIO> d-------- C:\Program Files\TechSmith
2008-10-20 21:27 . 2008-10-20 21:27 <KANSIO> d-------- C:\Program Files\Common Files\TechSmith Shared
2008-10-20 21:27 . 2008-10-23 20:13 0 --ah----- C:\Windows\BITFFC5.tmp
2008-10-20 21:24 . 2008-10-23 20:13 0 --ah----- C:\Windows\BIT823B.tmp
2008-10-20 21:23 . 2008-10-23 20:13 0 --ah----- C:\Windows\BIT589C.tmp
2008-10-20 19:51 . 2008-10-20 19:51 <KANSIO> d-------- C:\Windows\Sun
2008-10-20 16:59 . 2008-10-20 17:23 <KANSIO> d-------- C:\Program Files\Thoosje Vista Sidebar
2008-10-20 15:41 . 2008-10-20 15:41 <KANSIO> d-------- C:\Users\nikopoekaa\AppData\Roaming\Malwarebytes
2008-10-20 15:20 . 2008-10-23 13:27 <KANSIO> d-------- C:\Program Files\DC++
2008-10-19 16:49 . 2008-10-19 16:49 <KANSIO> d-------- C:\Program Files\Alcohol Soft
2008-10-19 16:45 . 2008-10-19 16:45 716,272 --a------ C:\Windows\System32\drivers\sptd.sys
2008-10-19 10:23 . 2008-10-19 10:23 <KANSIO> d-------- C:\Users\All Users\SwiftKit
2008-10-19 10:23 . 2008-10-19 10:23 <KANSIO> d-------- C:\ProgramData\SwiftKit
2008-10-19 10:23 . 2008-10-22 22:14 <KANSIO> d-------- C:\Program Files\SwiftKit
2008-10-18 21:24 . 2008-10-18 21:24 <KANSIO> d-------- C:\Users\All Users\Malwarebytes
2008-10-18 21:24 . 2008-10-18 21:24 <KANSIO> d-------- C:\ProgramData\Malwarebytes
2008-10-18 21:24 . 2008-10-23 09:53 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-18 21:24 . 2008-10-22 16:10 38,496 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-10-18 21:24 . 2008-10-22 16:10 15,504 --a------ C:\Windows\System32\drivers\mbam.sys
2008-10-18 10:48 . 2008-10-18 10:48 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-10-18 09:34 . 2008-10-18 09:41 <KANSIO> d-------- C:\Temp
2008-10-18 09:34 . 2008-10-16 20:33 2,097,152 --a------ C:\Temp\autorun.bin
2008-10-18 09:34 . 2008-05-20 12:49 1,570,816 --a------ C:\Temp\TSDNWIN.exe
2008-10-17 22:48 . 2008-10-23 19:59 <KANSIO> d-------- C:\Users\nikopoekaa\AppData\Roaming\Comodo
2008-10-17 22:48 . 2008-10-23 19:57 <KANSIO> d-------- C:\Users\All Users\comodo
2008-10-17 22:48 . 2008-10-23 19:57 <KANSIO> d-------- C:\ProgramData\comodo
2008-10-17 22:48 . 2008-10-23 19:59 <KANSIO> d-------- C:\Program Files\COMODO
2008-10-17 22:43 . 2008-10-17 22:43 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2008-10-17 22:12 . 2008-10-17 22:12 <KANSIO> d-------- C:\Users\All Users\FLEXnet
2008-10-17 22:12 . 2008-10-17 22:12 <KANSIO> d-------- C:\ProgramData\FLEXnet
2008-10-17 22:09 . 2008-10-17 22:09 <KANSIO> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-10-17 22:08 . 2008-10-17 23:34 <KANSIO> d-------- C:\Program Files\Common Files\Adobe
2008-10-17 20:35 . 2008-10-17 20:35 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-10-16 17:11 . 2008-10-16 17:11 <KANSIO> d-------- C:\Users\nikopoekaa\AppData\Roaming\Thunderbird
2008-10-16 17:11 . 2008-10-22 17:53 <KANSIO> d-------- C:\Program Files\Mozilla Thunderbird
2008-10-16 17:11 . 2008-10-16 17:11 0 --a------ C:\Windows\nsreg.dat
2008-10-15 20:51 . 2008-09-18 08:09 3,601,464 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-10-15 20:51 . 2008-09-18 08:09 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-10-15 20:51 . 2008-09-18 05:16 2,032,640 --a------ C:\Windows\System32\win32k.sys
2008-10-15 20:51 . 2008-08-27 04:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys
2008-10-15 20:06 . 2008-10-23 18:49 30 --a------ C:\Users\nikopoekaa\jagex_runescape_preferences.dat
2008-10-15 20:05 . 2008-10-15 20:05 <KANSIO> d-------- C:\.jagex_cache_32
2008-10-15 18:13 . 2008-10-18 22:19 <KANSIO> d-------- C:\Users\nikopoekaa\AppData\Roaming\Winamp
2008-10-15 18:13 . 2008-10-16 16:44 <KANSIO> d-------- C:\Program Files\Winamp
2008-10-15 18:13 . 2008-09-16 03:14 129,784 --------- C:\Windows\System32\pxafs.dll
2008-10-14 16:36 . 2008-10-23 19:57 <KANSIO> d-------- C:\Users\nikopoekaa\AppData\Roaming\NoNameScript
2008-10-14 16:36 . 2008-10-21 23:01 <KANSIO> d-------- C:\Users\nikopoekaa\AppData\Roaming\mIRC
2008-10-14 16:36 . 2008-10-23 13:43 <KANSIO> d-------- C:\Program Files\mIRC
2008-10-13 20:05 . 2008-10-21 15:14 <KANSIO> d-------- C:\Users\nikopoekaa\AppData\Roaming\uTorrent
2008-10-13 20:05 . 2008-10-13 20:05 <KANSIO> d-------- C:\Program Files\uTorrent
2008-10-13 19:20 . 2008-10-13 19:20 <KANSIO> d-------- C:\Windows\System32\Macromed
2008-10-13 19:10 . 2008-10-13 19:10 <KANSIO> d-------- C:\Users\All Users\Avira
2008-10-13 19:10 . 2008-10-13 19:10 <KANSIO> d-------- C:\ProgramData\Avira
2008-10-13 19:10 . 2008-10-13 19:10 <KANSIO> d-------- C:\Program Files\Avira
2008-10-13 17:47 . 2008-10-13 17:47 <KANSIO> d-------- C:\Program Files\PC Wizard 2008
2008-10-13 17:47 . 2007-09-15 16:11 27,136 --a------ C:\Windows\System32\PCWizard.cpl
2008-10-13 17:10 . 2008-10-13 17:10 <KANSIO> d-------- C:\RaidTool
2008-10-13 17:10 . 2007-03-21 19:23 1,953,792 -r------- C:\Windows\System32\xRaidSetup.exe
2008-10-13 17:10 . 2007-03-21 00:15 143,360 -r------- C:\Windows\System32\xRaidAPI.dll
2008-10-13 17:09 . 2008-10-13 17:10 <KANSIO> d-------- C:\Windows\RaidTool
2008-10-13 17:09 . 2006-08-30 15:33 319,984 -r------- C:\Windows\System32\DifxApi.dll
2008-10-13 17:09 . 2007-03-24 14:20 46,208 --a------ C:\Windows\System32\drivers\jraid.sys
2008-10-13 17:09 . 2006-02-07 22:52 6,912 --a------ C:\Windows\System32\drivers\JGOGO.sys
2008-10-13 17:07 . 2008-10-13 17:07 <KANSIO> d-------- C:\Windows\System32\Attansic
2008-10-13 17:06 . 2007-03-15 17:41 48,128 --a------ C:\Windows\System32\drivers\atl01v32.sys
2008-10-13 17:04 . 2008-10-13 17:04 <KANSIO> d-------- C:\Windows\System32\RTCOM
2008-10-13 17:03 . 2008-10-13 17:03 <KANSIO> d-------- C:\Program Files\Realtek
2008-10-13 17:03 . 2008-10-13 17:10 <KANSIO> d--h----- C:\Program Files\InstallShield Installation Information
2008-10-13 17:03 . 2007-03-23 22:04 4,423,680 --a------ C:\Windows\RtHDVCpl.exe
2008-10-13 17:03 . 2007-03-21 21:58 1,844,224 --a------ C:\Windows\System32\RtkAPO.dll
2008-10-13 17:03 . 2007-03-16 18:06 1,822,720 --a------ C:\Windows\SkyTel.exe
2008-10-13 17:03 . 2007-03-26 22:18 1,761,696 --a------ C:\Windows\System32\drivers\RTKVHDA.sys
2008-10-13 17:03 . 2007-01-16 13:39 1,191,936 --a------ C:\Windows\RtlUpd.exe
2008-10-13 17:03 . 2007-03-20 18:24 532,480 --a------ C:\Windows\System32\RTSndMgr.cpl
2008-10-13 17:03 . 2007-03-14 20:10 495,104 --a------ C:\Windows\System32\RtkPgExt.dll
2008-10-13 17:03 . 2006-12-13 13:30 339,968 --a------ C:\Windows\System32\SRSTSXT.dll
2008-10-13 17:03 . 2008-10-13 17:03 319,456 --a------ C:\Windows\DIFxAPI.dll
2008-10-13 17:03 . 2007-03-23 18:34 266,240 --a------ C:\Windows\System32\RtkApoApi.dll
2008-10-13 17:03 . 2006-11-29 21:47 135,168 --a------ C:\Windows\System32\SRSWOW.dll
2008-10-13 17:03 . 2007-03-22 17:30 18,432 --a------ C:\Windows\System32\RtkCoInst.dll
2008-10-13 17:02 . 2008-10-13 17:02 <KANSIO> d-------- C:\Program Files\Common Files\InstallShield
2008-10-13 17:02 . 2007-01-12 19:54 520,192 -r------- C:\Windows\RtlExUpd.dll
2008-10-13 17:02 . 2008-10-13 17:02 315,392 --a------ C:\Windows\HideWin.exe
2008-10-13 16:47 . 2008-10-13 16:47 <KANSIO> d-------- C:\Windows\ASUSInstAll
2008-10-13 16:41 . 2008-10-13 16:41 <KANSIO> d-------- C:\Program Files\Intel
2008-10-13 16:41 . 2008-10-13 16:41 <KANSIO> d-------- C:\Intel
2008-10-13 16:41 . 2008-10-13 17:10 14,066 --a------ C:\Windows\Ascd_log.ini
2008-10-13 16:41 . 2008-10-13 16:41 13,742 --a------ C:\Windows\Ascd_tmp.ini
2008-10-13 16:41 . 2006-10-19 00:44 7,680 --a------ C:\Windows\System32\drivers\ASACPI.sys
2008-10-13 14:10 . 2008-10-13 14:10 <KANSIO> d-------- C:\Users\nikopoekaa\AppData\Roaming\ATI
2008-10-13 14:10 . 2008-10-13 14:10 <KANSIO> d-------- C:\Users\All Users\ATI
2008-10-13 14:10 . 2008-10-13 14:10 <KANSIO> d-------- C:\ProgramData\ATI
2008-10-13 14:09 . 2008-10-13 14:09 0 --a------ C:\Windows\ativpsrm.bin

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-22 19:18 98 ----a-w C:\Program Files\fbshgpu.txt
2008-10-16 19:00 --------- d-----w C:\Program Files\Windows Mail
2008-10-13 09:37 --------- d-sh--w C:\ProgramData\Työpöytä
2008-10-13 09:37 --------- d-sh--w C:\ProgramData\Tiedostot
2008-10-13 09:37 --------- d-sh--w C:\ProgramData\Suosikit
2008-10-13 09:37 --------- d-sh--w C:\ProgramData\Mallit
2008-10-13 09:37 --------- d-sh--w C:\ProgramData\Käynnistä-valikko
2008-10-13 09:37 --------- d-sh--w C:\Program Files\Common Files\Järjestelmä
2008-09-16 00:14 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-09-16 00:14 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-09-16 00:12 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-09-16 00:12 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-09-16 00:12 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-09-16 00:12 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-09-16 00:12 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-09-16 00:12 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-09-16 00:12 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-09-16 00:12 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-09-16 00:12 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-09-16 00:12 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-09-16 00:11 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-09-16 00:11 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-09-16 00:11 815,104 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-09-16 00:11 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-09-16 00:11 683,520 ----a-w C:\Windows\System32\DivX.dll
2008-09-16 00:11 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-09-16 00:11 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-08-22 10:08 878,592 ----a-w C:\Windows\System32\wininet.dll
2008-08-22 10:07 43,008 ----a-w C:\Windows\System32\licmgr10.dll
2008-08-22 10:07 18,944 ----a-w C:\Windows\System32\corpol.dll
2008-08-22 10:06 72,704 ----a-w C:\Windows\System32\admparse.dll
2008-08-22 10:06 71,680 ----a-w C:\Windows\System32\iesetup.dll
2008-08-22 10:06 66,560 ----a-w C:\Windows\System32\wextract.exe
2008-08-22 10:06 129,024 ----a-w C:\Windows\System32\ieUnatt.exe
2008-08-22 10:06 110,080 ----a-w C:\Windows\System32\PDMSetup.exe
2008-08-22 10:06 103,936 ----a-w C:\Windows\System32\SetDepNx.exe
2008-08-22 10:06 103,424 ----a-w C:\Windows\System32\SetIEInstalledDate.exe
2008-08-22 10:05 35,840 ----a-w C:\Windows\System32\imgutil.dll
2008-08-22 10:05 168,960 ----a-w C:\Windows\System32\iexpress.exe
2008-08-22 10:04 48,640 ----a-w C:\Windows\System32\PrivacIE.dll
2008-08-22 10:04 48,128 ----a-w C:\Windows\System32\mshtmler.dll
2008-08-22 10:04 45,568 ----a-w C:\Windows\System32\mshta.exe
2008-08-22 09:57 156,160 ----a-w C:\Windows\System32\msls31.dll
2008-08-22 03:38 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-08-22 03:38 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-08-22 03:38 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-08-22 03:38 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-08-21 02:14 425,984 ----a-w C:\Windows\System32\ATIDEMGX.dll
2008-08-21 02:13 159,744 ----a-w C:\Windows\System32\atitmmxx.dll
2008-08-21 02:12 43,520 ----a-w C:\Windows\System32\ati2edxx.dll
2008-08-21 02:12 327,680 ----a-w C:\Windows\System32\atipdlxx.dll
2008-08-21 02:12 270,336 ----a-w C:\Windows\System32\Ati2evxx.dll
2008-08-21 02:12 262,144 ----a-w C:\Windows\System32\Oemdspif.dll
2008-08-21 02:11 700,416 ----a-w C:\Windows\System32\Ati2evxx.exe
2008-08-21 02:03 2,143,744 ----a-w C:\Windows\System32\atidxx32.dll
2008-08-21 01:57 4,003,328 ----a-w C:\Windows\System32\atiumdag.dll
2008-08-21 01:43 9,838,592 ----a-w C:\Windows\System32\atioglxx.dll
2008-08-21 01:36 4,653,056 ----a-w C:\Windows\System32\atiumdva.dll
2008-08-21 01:23 50,688 ----a-w C:\Windows\System32\amdpcom32.dll
2008-08-21 01:22 48,640 ----a-w C:\Windows\System32\atiadlxx.dll
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-07-31 07:41 68,616 ----a-w C:\Windows\System32\XAPOFX1_1.dll
2008-07-31 07:41 238,088 ----a-w C:\Windows\System32\xactengine3_2.dll
2008-07-31 07:40 509,448 ----a-w C:\Windows\System32\XAudio2_2.dll
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Multi data"="C:\ProgramData\AcidBlehBleh.152j5wh" [X]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Multi data"="C:\ProgramData\AcidBlehBleh.v5sth" [X]
"copy bin slow 16"="C:\ProgramData\Comp Burn Blah.sl8qq" [X]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 C:\Windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{62DE573C-2D84-4810-8AFC-694960ED335B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{A10DBAD1-81BA-45E1-B1FD-A229B6367BB7}C:\\program files\\dc++\\dcplusplus.exe"= UDP:C:\program files\dc++\dcplusplus.exeC++
"UDP Query User{E1D8CA9A-267F-405E-A7B8-CA4A81CBB9B4}C:\\program files\\dc++\\dcplusplus.exe"= TCP:C:\program files\dc++\dcplusplus.exeC++
"{0BE71B41-3642-49AB-9D84-FBD3833BC36F}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{5FCCB64F-7421-4213-BEC2-A0722472F7D7}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{BADD2D4B-26B8-46B9-AC5D-AC14A485F5C7}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{4AF0C4FE-57AC-4DA4-99B0-EE9D3A11AAFA}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC

R2 PD91Agent;PD91Agent;C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-01-16 664840]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\atl01v32.sys [2007-03-15 48128]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-08-21 3928576]
S3 PD91Engine;PD91Engine;C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-01-16 894216]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{276730e1-9ce0-11dd-a0c2-001e8c65f1f0}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a7b0523-9900-11dd-8b70-806e6f6e6963}]
\shell\AutoRun\command - D:\.\Bin\Assetup.exe
.
.
------- Täydentävä tarkistus -------
.
FireFox -: Profile - C:\Users\nikopoekaa\AppData\Roaming\Mozilla\Firefox\Profiles\22qgqu36.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www2.firesearch.com/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-23 20:18:08
Windows 6.0.6001 Service Pack 1 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
Valmistumisajankohta: 2008-10-23 20:19:01
ComboFix-quarantined-files.txt 2008-10-23 17:18:59

Ennen ajoa: 547,088,551,936 tavua vapaana
Ajon jälkeen: 547,120,189,440 tavua vapaana

273 --- E O F --- 2008-10-20 10:09:32

yaht · Oct 23, 2008

Jeh tuo virus minkä antivir tunnisti on Eicar eli testi virus jolla testaan antivirus ohjelman toimiminen.

Lataa NoLop työpöydällesi yhdestä seuraavista linkeistä...
Linkki 1
Linkki 2
Linkki 3

- Sulje kaikki ohjelmat, koska tämä vaihe vaatii uudelleenkäynnistyksen
- Tuplaklikkaa NoLop.exe ajaaksesi sen

- Klikkaa nappulaa "Search and Destroy"
<<Tietokoneesi skannataan saastuneiden tiedostojen osalta>>
- Kun skannaus on valmis, sinua pyydetään käynnistämään kone uudestaan, jos infektio löytyy. Klikkaa OK
- Klikkaa "REBOOT"-painiketta.
- NoLopin pitäisi antaa viesti. Jos ei, tuplaklikkaa ohjelmaa ja se valmistuu. Lähetä C:\NoLop.log-tiedoston sisältö uuden HijackThis-lokin kera.

-- Jos saat seuraavan virheen, "mscomctl.ocx or one of its dependencies are not correctly registered," lataa mscomctl.ocx ja tallenna se system32-hakemistoosi (yleensä c:\Windows\system32). Tämän jälkeen aja ohjelma uudestaan. --

nikozjr · Oct 23, 2008

ei viiruksia löytänyt.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:39:37, on 23.10.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91AgentS1.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\SwiftKit\SwiftKit.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Multi data] "C:\ProgramData\AcidBlehBleh.v5sth"
O4 - HKLM\..\Run: [copy bin slow 16] "C:\ProgramData\Comp Burn Blah.sl8qq"
O4 - HKCU\..\Run: [Multi data] "C:\ProgramData\AcidBlehBleh.152j5wh"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 4481 bytes

ainakin noi bytes on vähentynyt tostaD

eiköhän tämä ole tällä selvä jos ei logista enää mitään löydy.
pitäneen asentaa toi comodo firewall taas koonnelle niin ei tule uudestaan myös pop upit on ollut poissa.

yaht · Oct 23, 2008

On tuossa lokissa viellä tuo loppi mutta koitetaan toista ohjelmaa.

On suositeltavaa ottaa virustorjunnan reaaliaikainen tarkistus pois päältä ettei se häiritse Lop S&D:n toimintaa; voit laittaa sen takaisin päälle tarkistuksen jälkeen

Lataa Lop S&D täältä

Tuplaklikkaa Lop S&D.exeä
Valitse Suomi kieleksi painamalla U ja Enter.
Tämän jälkeen valitse Optio 1 (Etsi) painamalla 1 ja Enter
Odota, kunnes tarkistus on valmis
Loki avautuu muistioon. Lähetä se seuraavassa viestissäsi. Se löytyy myös sijainnista C:\lopR.txt

nikozjr · Oct 24, 2008

ok! putsataas loppuun asti.

lopR logi:

--------------------\\ Lop S&D 4.2.4-7 XP/Vista

Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz )
BIOS : BIOS Date: 06/18/08 21:14:06 Ver: 08.00.12
USER : nikopoekaa ( Administrator )
BOOT : Normal boot
Firewall : COMODO Firewall Pro 3.0 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total : 596 Go Free : 508 Go
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 23-10-2008|23:15 )
Option : [1] ( pe 24.10.2008| 8:55 )

[ UAC => 1 ]

--------------------\\ Listaa hakemistoja sijainnissa Local

[13.10.2008|12:38] C:\Users\NIKOPO~1\AppData\Local\Application Data
[13.10.2008|14:10] C:\Users\NIKOPO~1\AppData\Local\ATI
[17.10.2008|15:43] C:\Users\NIKOPO~1\AppData\Local\d3d8caps.dat
[13.10.2008|12:50] C:\Users\NIKOPO~1\AppData\Local\d3d9caps.dat
[22.10.2008|23:16] C:\Users\NIKOPO~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[13.10.2008|12:38] C:\Users\NIKOPO~1\AppData\Local\GDIPFONTCACHEV1.DAT
[23.10.2008|23:12] C:\Users\NIKOPO~1\AppData\Local\IconCache.db
[17.10.2008|22:05] C:\Users\NIKOPO~1\AppData\Local\Microsoft
[13.10.2008|15:10] C:\Users\NIKOPO~1\AppData\Local\Mozilla
[13.10.2008|12:38] C:\Users\NIKOPO~1\AppData\Local\Sivuhistoria
[20.10.2008|17:00] C:\Users\NIKOPO~1\AppData\Local\Stardock
[20.10.2008|21:31] C:\Users\NIKOPO~1\AppData\Local\TechSmith
[24.10.2008|08:54] C:\Users\NIKOPO~1\AppData\Local\Temp
[13.10.2008|12:38] C:\Users\NIKOPO~1\AppData\Local\Temporary Internet Files
[16.10.2008|17:11] C:\Users\NIKOPO~1\AppData\Local\Thunderbird
[19.10.2008|20:18] C:\Users\NIKOPO~1\AppData\Local\VirtualStore
[5|tiedosto(a)] C:\Users\NIKOPO~1\AppData\Local\tavua
[13|kansio(ta)] C:\Users\NIKOPO~1\AppData\Local\tavua vapaana

--------------------\\ Ajoitetut tehtävät sijaitsee C:\Windows\Tasks

[24.10.2008 08:51][--ah-----] C:\Windows\tasks\SA.DAT
[23.10.2008 23:13][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listaa hakemistoja sijainnissa C:\ProgramData

[23.10.2008|18:31] C:\ProgramData\AcidBlehBleh.152j5wh
[22.10.2008|21:07] C:\ProgramData\AcidBlehBleh.1jhscz
[23.10.2008|11:45] C:\ProgramData\AcidBlehBleh.2d1y5lw
[23.10.2008|15:11] C:\ProgramData\AcidBlehBleh.2h4wyg
[23.10.2008|14:49] C:\ProgramData\AcidBlehBleh.44tbk
[23.10.2008|09:52] C:\ProgramData\AcidBlehBleh.5ol7qy
[23.10.2008|12:07] C:\ProgramData\AcidBlehBleh.6lzegs
[23.10.2008|17:36] C:\ProgramData\AcidBlehBleh.7v36v8x
[22.10.2008|21:30] C:\ProgramData\AcidBlehBleh.9b2chce
[22.10.2008|21:07] C:\ProgramData\AcidBlehBleh.9zvs4
[22.10.2008|21:52] C:\ProgramData\AcidBlehBleh.adbneb
[23.10.2008|11:15] C:\ProgramData\AcidBlehBleh.aysbk8n
[23.10.2008|12:51] C:\ProgramData\AcidBlehBleh.byo6o
[22.10.2008|22:13] C:\ProgramData\AcidBlehBleh.cw1iw
[22.10.2008|23:04] C:\ProgramData\AcidBlehBleh.eparc
[23.10.2008|16:30] C:\ProgramData\AcidBlehBleh.f11htag
[23.10.2008|16:08] C:\ProgramData\AcidBlehBleh.g1s5bw
[22.10.2008|22:42] C:\ProgramData\AcidBlehBleh.iwsu7
[23.10.2008|14:28] C:\ProgramData\AcidBlehBleh.jojmd3
[23.10.2008|15:47] C:\ProgramData\AcidBlehBleh.mvf4m
[23.10.2008|10:53] C:\ProgramData\AcidBlehBleh.nau4g7n
[23.10.2008|16:52] C:\ProgramData\AcidBlehBleh.odpilq
[23.10.2008|13:13] C:\ProgramData\AcidBlehBleh.qfrzjrz
[23.10.2008|10:31] C:\ProgramData\AcidBlehBleh.scq4u5l
[23.10.2008|17:58] C:\ProgramData\AcidBlehBleh.v5sth
[23.10.2008|13:44] C:\ProgramData\AcidBlehBleh.wb660
[23.10.2008|12:29] C:\ProgramData\AcidBlehBleh.wij9zh
[23.10.2008|14:06] C:\ProgramData\AcidBlehBleh.wjfxdey
[23.10.2008|17:14] C:\ProgramData\AcidBlehBleh.ylvdd8o
[02.11.2006|16:02] C:\ProgramData\Application Data
[13.10.2008|14:10] C:\ProgramData\ATI
[13.10.2008|19:10] C:\ProgramData\Avira
[23.10.2008|21:46] C:\ProgramData\comodo
[22.10.2008|21:08] C:\ProgramData\Comp Burn Blah.sl8qq
[02.11.2006|16:02] C:\ProgramData\Desktop
[02.11.2006|16:02] C:\ProgramData\Documents
[02.11.2006|16:02] C:\ProgramData\Favorites
[17.10.2008|22:12] C:\ProgramData\FLEXnet
[22.10.2008|21:08] C:\ProgramData\Funk manager bolt
[13.10.2008|12:37] C:\ProgramData\K„ynnist„-valikko
[13.10.2008|12:37] C:\ProgramData\Mallit
[18.10.2008|21:24] C:\ProgramData\Malwarebytes
[18.10.2008|22:06] C:\ProgramData\Microsoft
[20.10.2008|14:04] C:\ProgramData\ntuser.pol
[21.10.2008|11:03] C:\ProgramData\Protexis
[21.10.2008|11:04] C:\ProgramData\Raxco
[22.10.2008|21:08] C:\ProgramData\Send acid copy bin
[02.11.2006|16:02] C:\ProgramData\Start Menu
[13.10.2008|12:37] C:\ProgramData\Suosikit
[19.10.2008|10:23] C:\ProgramData\SwiftKit
[20.10.2008|21:28] C:\ProgramData\TechSmith
[02.11.2006|16:02] C:\ProgramData\Templates
[13.10.2008|12:37] C:\ProgramData\Tiedostot
[13.10.2008|12:37] C:\ProgramData\Ty”p”yt„
[13.10.2008|12:56] C:\ProgramData\WLInstaller
[31|tiedosto(a)] C:\ProgramData\tavua
[26|kansio(ta)] C:\ProgramData\tavua vapaana

--------------------\\ Listaa hakemistoja sijainnissa C:\Program Files

[17.10.2008|23:34] C:\Program Files\Adobe
[19.10.2008|16:49] C:\Program Files\Alcohol Soft
[13.10.2008|17:02] C:\Program Files\ATI
[13.10.2008|14:06] C:\Program Files\ATI Technologies
[13.10.2008|19:10] C:\Program Files\Avira
[23.10.2008|20:14] C:\Program Files\Common Files
[23.10.2008|21:41] C:\Program Files\COMODO
[23.10.2008|13:27] C:\Program Files\DC++
[22.10.2008|17:54] C:\Program Files\DivX
[22.10.2008|21:07] C:\Program Files\Funk manager bolt
[21.10.2008|21:45] C:\Program Files\HyCam2
[13.10.2008|17:10] C:\Program Files\InstallShield Installation Information
[13.10.2008|16:41] C:\Program Files\Intel
[20.10.2008|12:43] C:\Program Files\Internet Explorer
[21.10.2008|16:14] C:\Program Files\Java
[23.10.2008|09:53] C:\Program Files\Malwarebytes' Anti-Malware
[02.11.2006|15:37] C:\Program Files\Microsoft Games
[23.10.2008|13:43] C:\Program Files\mIRC
[21.01.2008|05:35] C:\Program Files\Movie Maker
[23.10.2008|21:52] C:\Program Files\Mozilla Firefox
[22.10.2008|17:53] C:\Program Files\Mozilla Thunderbird
[02.11.2006|15:37] C:\Program Files\MSBuild
[13.10.2008|17:47] C:\Program Files\PC Wizard 2008
[21.10.2008|11:04] C:\Program Files\Raxco
[13.10.2008|17:03] C:\Program Files\Realtek
[02.11.2006|15:37] C:\Program Files\Reference Assemblies
[21.10.2008|16:15] C:\Program Files\Sun
[22.10.2008|22:14] C:\Program Files\SwiftKit
[20.10.2008|21:27] C:\Program Files\TechSmith
[20.10.2008|17:23] C:\Program Files\Thoosje Vista Sidebar
[18.10.2008|10:48] C:\Program Files\Trend Micro
[02.11.2006|16:01] C:\Program Files\Uninstall Information
[13.10.2008|20:05] C:\Program Files\uTorrent
[16.10.2008|16:44] C:\Program Files\Winamp
[21.01.2008|05:35] C:\Program Files\Windows Calendar
[21.01.2008|05:35] C:\Program Files\Windows Collaboration
[21.01.2008|05:35] C:\Program Files\Windows Defender
[21.01.2008|05:35] C:\Program Files\Windows Journal
[13.10.2008|13:12] C:\Program Files\Windows Live
[16.10.2008|22:00] C:\Program Files\Windows Mail
[21.01.2008|05:35] C:\Program Files\Windows Media Player
[13.10.2008|12:37] C:\Program Files\Windows NT
[21.01.2008|05:35] C:\Program Files\Windows Photo Gallery
[21.01.2008|05:35] C:\Program Files\Windows Sidebar
[19.10.2008|22:27] C:\Program Files\WinRAR
[0|tiedosto(a)] C:\Program Files\tavua
[47|kansio(ta)] C:\Program Files\tavua vapaana

--------------------\\ Listaa hakemistoja sijainnissa C:\Program Files\Common Files

[17.10.2008|23:34] C:\Program Files\Common Files\Adobe
[13.10.2008|17:02] C:\Program Files\Common Files\InstallShield
[21.10.2008|16:08] C:\Program Files\Common Files\Java
[13.10.2008|12:37] C:\Program Files\Common Files\J„rjestelm„ [C:\Program Files\Common Files\System]
[17.10.2008|22:09] C:\Program Files\Common Files\Macrovision Shared
[23.10.2008|10:53] C:\Program Files\Common Files\microsoft shared
[22.10.2008|17:53] C:\Program Files\Common Files\PX Storage Engine
[02.11.2006|14:18] C:\Program Files\Common Files\Services
[02.11.2006|14:18] C:\Program Files\Common Files\SpeechEngines
[21.01.2008|05:35] C:\Program Files\Common Files\System
[20.10.2008|21:27] C:\Program Files\Common Files\TechSmith Shared
[13.10.2008|13:12] C:\Program Files\Common Files\WindowsLiveInstaller
[0|tiedosto(a)] C:\Program Files\Common Files\tavua
[14|kansio(ta)] C:\Program Files\Common Files\tavua vapaana

--------------------\\ Process

( 57 Processes )

iexplore.exe ~ [PID:2988]
iexplore.exe ~ [PID:2996]
iexplore.exe ~ [PID:3004]

--------------------\\ Etsii S_Lopilla

C:\ProgramData\AcidBlehBleh.44tbk
C:\ProgramData\AcidBlehBleh.9zvs4
C:\ProgramData\AcidBlehBleh.byo6o
C:\ProgramData\AcidBlehBleh.cw1iw
C:\ProgramData\AcidBlehBleh.eparc
C:\ProgramData\AcidBlehBleh.iwsu7
C:\ProgramData\AcidBlehBleh.mvf4m
C:\ProgramData\AcidBlehBleh.v5sth
C:\ProgramData\AcidBlehBleh.wb660
C:\ProgramData\Comp Burn Blah.sl8qq
C:\ProgramData\AcidBlehBleh.1jhscz
C:\ProgramData\AcidBlehBleh.2h4wyg
C:\ProgramData\AcidBlehBleh.5ol7qy
C:\ProgramData\AcidBlehBleh.6lzegs
C:\ProgramData\AcidBlehBleh.adbneb
C:\ProgramData\AcidBlehBleh.g1s5bw
C:\ProgramData\AcidBlehBleh.jojmd3
C:\ProgramData\AcidBlehBleh.odpilq
C:\ProgramData\AcidBlehBleh.wij9zh
C:\ProgramData\AcidBlehBleh.152j5wh
C:\ProgramData\AcidBlehBleh.2d1y5lw
C:\ProgramData\AcidBlehBleh.7v36v8x
C:\ProgramData\AcidBlehBleh.9b2chce
C:\ProgramData\AcidBlehBleh.aysbk8n
C:\ProgramData\AcidBlehBleh.f11htag
C:\ProgramData\AcidBlehBleh.nau4g7n
C:\ProgramData\AcidBlehBleh.qfrzjrz
C:\ProgramData\AcidBlehBleh.scq4u5l
C:\ProgramData\AcidBlehBleh.wjfxdey
C:\ProgramData\AcidBlehBleh.ylvdd8o
C:\ProgramData\FUNKMA~1
C:\ProgramData\FUNKMA~1\tray readme.exe
C:\ProgramData\FUNKMA~1\vxaqbfzi.exe

--------------------\\ Etsii Lopin tiedostoja ja kansioita

C:\ProgramData\Send acid copy bin
C:\ProgramData\Send acid copy bin\htm cake.exe
C:\Users\NIKOPO~1\AppData\Local\Temp\nsf9E79.tmp
C:\Users\NIKOPO~1\AppData\Local\Temp\nsq7EA6.tmp
C:\Users\NIKOPO~1\AppData\Local\Temp\nsxD879.tmp
C:\Users\NIKOPO~1\AppData\Roaming\MICROS~1\Windows\Cookies\nikopoekaa@www.adserver5[1].txt
C:\Users\NIKOPO~1\AppData\Roaming\MICROS~1\Windows\Cookies\nikopoekaa@advertising[2].txt
C:\Users\NIKOPO~1\AppData\Roaming\MICROS~1\Windows\Cookies\nikopoekaa@partypoker[2].txt

--------------------\\ Etsii rekisterikohteita

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf Meal Audio]
"DisplayName"="CiD Help"
"UninstallString"="C:\\PROGRA~2\\FUNKMA~1\\tray readme.exe -uninstall"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Multi data"="\"C:\\ProgramData\\AcidBlehBleh.152j5wh\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Multi data"="\"C:\\ProgramData\\AcidBlehBleh.v5sth\""
"copy bin slow 16"="\"C:\\ProgramData\\Comp Burn Blah.sl8qq\""

--------------------\\ Tarkistaa Hosts-tiedostoa

Hosts-tiedosto PUHDAS

--------------------\\ Tarkistaa Catchmella onko piilotettuja tiedostoja

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-24 08:55:49
Windows 6.0.6001 Service Pack 1 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Tarkistaa muita infektioita

--------------------\\ Cracks & Keygens ..

C:\Users\NIKOPO~1\AppData\Roaming\uTorrent\Camtasia Studio 5.0.2 Full + Crack Patch.torrent
C:\Users\NIKOPO~1\Downloads\Camtasia Studio 5.0.2 Full + Crack Patch
C:\Users\NIKOPO~1\Downloads\Camtasia Studio 5.0.2 Full + Crack Patch\camtasia.msi
C:\Users\NIKOPO~1\Downloads\Camtasia Studio 5.0.2 Full + Crack Patch\Patch.exe
C:\Users\NIKOPO~1\Downloads\Camtasia Studio 5.0.2 Full + Crack Patch\Read Me.txt

[F:24][D:25]-> C:\Users\NIKOPO~1\AppData\Local\Temp
[F:32][D:1]-> C:\Users\NIKOPO~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:154][D:4]-> C:\Users\NIKOPO~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:4][D:3]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - pe 24.10.2008| 8:56 - Option : [1]

--------------------\\ Tarkistus valmistui 8:56:14
[ UAC => 1 ]

EDIT:
olisiko suositeltavaa jos poistan ton camtasia studion koska en siellä mitään tee ja siin on pöpöjä=P

EDIT2: IE ruvennut taas aukomaa mainos sivuja.

EDIT3: miksi prosesseissa näkyy iexplorer vaikka en ees käytä??

yaht · Oct 24, 2008

Poista vaan ja tuo örkkin takia nuo ie ovat koko ajan käynnissä.

Käynnistä Lop S&D

Valitse Optio 3 (Korjaa - Hosts) painamalla 3 ja Enter
ÄLÄ sulje ikkunaa korjauksen aikana!
Loki avautuu muistioon. Lähetä se seuraavassa viestissäsi. Se löytyy myös sijainnista C:\lopR.txt

nikozjr · Oct 24, 2008

--------------------\\ Lop S&D 4.2.4-7 XP/Vista

Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz )
BIOS : BIOS Date: 06/18/08 21:14:06 Ver: 08.00.12
USER : nikopoekaa ( Administrator )
BOOT : Normal boot
Firewall : COMODO Firewall Pro 3.0 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total : 596 Go Free : 508 Go
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 23-10-2008|23:15 )
Option : [3] ( pe 24.10.2008|17:04 )

[ UAC => 1 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Korjaa

Poistettu! - C:\ProgramData\Send acid copy bin\htm cake.exe
Poistettu! - C:\Users\NIKOPO~1\AppData\Local\Temp\nsf9E79.tmp
Poistettu! - C:\Users\NIKOPO~1\AppData\Local\Temp\nsq7EA6.tmp
Poistettu! - C:\Users\NIKOPO~1\AppData\Local\Temp\nsxD879.tmp
Poistettu! - C:\Users\NIKOPO~1\AppData\Roaming\MICROS~1\Windows\Cookies\nikopoekaa@www.adserver5[1].txt
Poistettu! - C:\Users\NIKOPO~1\AppData\Roaming\MICROS~1\Windows\Cookies\nikopoekaa@advertising[2].txt
Poistettu! - C:\Users\NIKOPO~1\AppData\Roaming\MICROS~1\Windows\Cookies\nikopoekaa@partypoker[2].txt
Poistettu! - C:\ProgramData\AcidBlehBleh.44tbk
Poistettu! - C:\ProgramData\AcidBlehBleh.9zvs4
Poistettu! - C:\ProgramData\AcidBlehBleh.byo6o
Poistettu! - C:\ProgramData\AcidBlehBleh.cw1iw
Poistettu! - C:\ProgramData\AcidBlehBleh.eparc
Poistettu! - C:\ProgramData\AcidBlehBleh.iwsu7
Poistettu! - C:\ProgramData\AcidBlehBleh.mvf4m
Poistettu! - C:\ProgramData\AcidBlehBleh.v5sth
Poistettu! - C:\ProgramData\AcidBlehBleh.wb660
Poistettu! - C:\ProgramData\Comp Burn Blah.sl8qq
Poistettu! - C:\ProgramData\AcidBlehBleh.1jhscz
Poistettu! - C:\ProgramData\AcidBlehBleh.2h4wyg
Poistettu! - C:\ProgramData\AcidBlehBleh.5ol7qy
Poistettu! - C:\ProgramData\AcidBlehBleh.6lzegs
Poistettu! - C:\ProgramData\AcidBlehBleh.adbneb
Poistettu! - C:\ProgramData\AcidBlehBleh.g1s5bw
Poistettu! - C:\ProgramData\AcidBlehBleh.jojmd3
Poistettu! - C:\ProgramData\AcidBlehBleh.odpilq
Poistettu! - C:\ProgramData\AcidBlehBleh.wij9zh
Poistettu! - C:\ProgramData\AcidBlehBleh.152j5wh
Poistettu! - C:\ProgramData\AcidBlehBleh.2d1y5lw
Poistettu! - C:\ProgramData\AcidBlehBleh.7v36v8x
Poistettu! - C:\ProgramData\AcidBlehBleh.9b2chce
Poistettu! - C:\ProgramData\AcidBlehBleh.aysbk8n
Poistettu! - C:\ProgramData\AcidBlehBleh.f11htag
Poistettu! - C:\ProgramData\AcidBlehBleh.nau4g7n
Poistettu! - C:\ProgramData\AcidBlehBleh.qfrzjrz
Poistettu! - C:\ProgramData\AcidBlehBleh.scq4u5l
Poistettu! - C:\ProgramData\AcidBlehBleh.wjfxdey
Poistettu! - C:\ProgramData\AcidBlehBleh.ylvdd8o
Epoonnistui ! - C:\ProgramData\FUNKMA~1\tray readme.exe
Poistettu! - C:\ProgramData\FUNKMA~1\vxaqbfzi.exe
Poistettu! - C:\ProgramData\Send acid copy bin
Epoonnistui ! - C:\ProgramData\FUNKMA~1

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Toinen vaihe

Epoonnistui ! - C:\ProgramData\FUNKMA~1\tray readme.exe
Epoonnistui ! - C:\ProgramData\FUNKMA~1

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listaa hakemistoja sijainnissa Local

[13.10.2008|12:38] C:\Users\NIKOPO~1\AppData\Local\Application Data
[13.10.2008|14:10] C:\Users\NIKOPO~1\AppData\Local\ATI
[17.10.2008|15:43] C:\Users\NIKOPO~1\AppData\Local\d3d8caps.dat
[13.10.2008|12:50] C:\Users\NIKOPO~1\AppData\Local\d3d9caps.dat
[22.10.2008|23:16] C:\Users\NIKOPO~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[13.10.2008|12:38] C:\Users\NIKOPO~1\AppData\Local\GDIPFONTCACHEV1.DAT
[24.10.2008|10:04] C:\Users\NIKOPO~1\AppData\Local\IconCache.db
[17.10.2008|22:05] C:\Users\NIKOPO~1\AppData\Local\Microsoft
[13.10.2008|15:10] C:\Users\NIKOPO~1\AppData\Local\Mozilla
[13.10.2008|12:38] C:\Users\NIKOPO~1\AppData\Local\Sivuhistoria
[20.10.2008|17:00] C:\Users\NIKOPO~1\AppData\Local\Stardock
[20.10.2008|21:31] C:\Users\NIKOPO~1\AppData\Local\TechSmith
[24.10.2008|17:04] C:\Users\NIKOPO~1\AppData\Local\Temp
[13.10.2008|12:38] C:\Users\NIKOPO~1\AppData\Local\Temporary Internet Files
[16.10.2008|17:11] C:\Users\NIKOPO~1\AppData\Local\Thunderbird
[19.10.2008|20:18] C:\Users\NIKOPO~1\AppData\Local\VirtualStore
[5|tiedosto(a)] C:\Users\NIKOPO~1\AppData\Local\tavua
[13|kansio(ta)] C:\Users\NIKOPO~1\AppData\Local\tavua vapaana

--------------------\\ Ajoitetut tehtävät sijaitsee C:\Windows\Tasks

[24.10.2008 16:48][--ah-----] C:\Windows\tasks\SA.DAT
[24.10.2008 10:04][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listaa hakemistoja sijainnissa C:\ProgramData

[02.11.2006|16:02] C:\ProgramData\Application Data
[13.10.2008|14:10] C:\ProgramData\ATI
[13.10.2008|19:10] C:\ProgramData\Avira
[23.10.2008|21:46] C:\ProgramData\comodo
[02.11.2006|16:02] C:\ProgramData\Desktop
[02.11.2006|16:02] C:\ProgramData\Documents
[02.11.2006|16:02] C:\ProgramData\Favorites
[17.10.2008|22:12] C:\ProgramData\FLEXnet
[24.10.2008|17:04] C:\ProgramData\Funk manager bolt
[13.10.2008|12:37] C:\ProgramData\K„ynnist„-valikko
[13.10.2008|12:37] C:\ProgramData\Mallit
[18.10.2008|21:24] C:\ProgramData\Malwarebytes
[18.10.2008|22:06] C:\ProgramData\Microsoft
[20.10.2008|14:04] C:\ProgramData\ntuser.pol
[21.10.2008|11:03] C:\ProgramData\Protexis
[21.10.2008|11:04] C:\ProgramData\Raxco
[02.11.2006|16:02] C:\ProgramData\Start Menu
[13.10.2008|12:37] C:\ProgramData\Suosikit
[19.10.2008|10:23] C:\ProgramData\SwiftKit
[02.11.2006|16:02] C:\ProgramData\Templates
[13.10.2008|12:37] C:\ProgramData\Tiedostot
[13.10.2008|12:37] C:\ProgramData\Ty”p”yt„
[13.10.2008|12:56] C:\ProgramData\WLInstaller
[1|tiedosto(a)] C:\ProgramData\tavua
[24|kansio(ta)] C:\ProgramData\tavua vapaana

--------------------\\ Listaa hakemistoja sijainnissa C:\Program Files

[17.10.2008|23:34] C:\Program Files\Adobe
[19.10.2008|16:49] C:\Program Files\Alcohol Soft
[13.10.2008|17:02] C:\Program Files\ATI
[13.10.2008|14:06] C:\Program Files\ATI Technologies
[13.10.2008|19:10] C:\Program Files\Avira
[24.10.2008|17:01] C:\Program Files\Common Files
[23.10.2008|21:41] C:\Program Files\COMODO
[23.10.2008|13:27] C:\Program Files\DC++
[22.10.2008|17:54] C:\Program Files\DivX
[22.10.2008|21:07] C:\Program Files\Funk manager bolt
[21.10.2008|21:45] C:\Program Files\HyCam2
[13.10.2008|17:10] C:\Program Files\InstallShield Installation Information
[13.10.2008|16:41] C:\Program Files\Intel
[20.10.2008|12:43] C:\Program Files\Internet Explorer
[21.10.2008|16:14] C:\Program Files\Java
[23.10.2008|09:53] C:\Program Files\Malwarebytes' Anti-Malware
[02.11.2006|15:37] C:\Program Files\Microsoft Games
[23.10.2008|13:43] C:\Program Files\mIRC
[21.01.2008|05:35] C:\Program Files\Movie Maker
[23.10.2008|21:52] C:\Program Files\Mozilla Firefox
[22.10.2008|17:53] C:\Program Files\Mozilla Thunderbird
[02.11.2006|15:37] C:\Program Files\MSBuild
[13.10.2008|17:47] C:\Program Files\PC Wizard 2008
[21.10.2008|11:04] C:\Program Files\Raxco
[13.10.2008|17:03] C:\Program Files\Realtek
[02.11.2006|15:37] C:\Program Files\Reference Assemblies
[21.10.2008|16:15] C:\Program Files\Sun
[22.10.2008|22:14] C:\Program Files\SwiftKit
[20.10.2008|21:27] C:\Program Files\TechSmith
[20.10.2008|17:23] C:\Program Files\Thoosje Vista Sidebar
[18.10.2008|10:48] C:\Program Files\Trend Micro
[02.11.2006|16:01] C:\Program Files\Uninstall Information
[13.10.2008|20:05] C:\Program Files\uTorrent
[16.10.2008|16:44] C:\Program Files\Winamp
[21.01.2008|05:35] C:\Program Files\Windows Calendar
[21.01.2008|05:35] C:\Program Files\Windows Collaboration
[21.01.2008|05:35] C:\Program Files\Windows Defender
[21.01.2008|05:35] C:\Program Files\Windows Journal
[13.10.2008|13:12] C:\Program Files\Windows Live
[16.10.2008|22:00] C:\Program Files\Windows Mail
[21.01.2008|05:35] C:\Program Files\Windows Media Player
[13.10.2008|12:37] C:\Program Files\Windows NT
[21.01.2008|05:35] C:\Program Files\Windows Photo Gallery
[21.01.2008|05:35] C:\Program Files\Windows Sidebar
[19.10.2008|22:27] C:\Program Files\WinRAR
[0|tiedosto(a)] C:\Program Files\tavua
[47|kansio(ta)] C:\Program Files\tavua vapaana

--------------------\\ Listaa hakemistoja sijainnissa C:\Program Files\Common Files

[17.10.2008|23:34] C:\Program Files\Common Files\Adobe
[13.10.2008|17:02] C:\Program Files\Common Files\InstallShield
[21.10.2008|16:08] C:\Program Files\Common Files\Java
[13.10.2008|12:37] C:\Program Files\Common Files\J„rjestelm„ [C:\Program Files\Common Files\System]
[17.10.2008|22:09] C:\Program Files\Common Files\Macrovision Shared
[23.10.2008|10:53] C:\Program Files\Common Files\microsoft shared
[22.10.2008|17:53] C:\Program Files\Common Files\PX Storage Engine
[02.11.2006|14:18] C:\Program Files\Common Files\Services
[02.11.2006|14:18] C:\Program Files\Common Files\SpeechEngines
[21.01.2008|05:35] C:\Program Files\Common Files\System
[13.10.2008|13:12] C:\Program Files\Common Files\WindowsLiveInstaller
[0|tiedosto(a)] C:\Program Files\Common Files\tavua
[13|kansio(ta)] C:\Program Files\Common Files\tavua vapaana

--------------------\\ Process

( 57 Processes )

... OK !

--------------------\\ Etsii S_Lopilla

Lopin kansioita ei löytynyt !

--------------------\\ Etsii Lopin tiedostoja ja kansioita

Lopin kansioita ei löytynyt !

--------------------\\ Etsii rekisterikohteita

..... OK !

--------------------\\ Tarkistaa Hosts-tiedostoa

Hosts-tiedosto PUHDAS

--------------------\\ Tarkistaa Catchmella onko piilotettuja tiedostoja

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-24 17:05:05
Windows 6.0.6001 Service Pack 1 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Tarkistaa muita infektioita

--------------------\\ Cracks & Keygens ..

C:\Users\NIKOPO~1\AppData\Roaming\uTorrent\Camtasia Studio 5.0.2 Full + Crack Patch.torrent

[F:25][D:23]-> C:\Users\NIKOPO~1\AppData\Local\Temp
[F:35][D:1]-> C:\Users\NIKOPO~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:159][D:4]-> C:\Users\NIKOPO~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:4][D:3]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - pe 24.10.2008| 8:56 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - pe 24.10.2008|17:05 - Option : [3]

--------------------\\ Tarkistus valmistui 17:05:30
[ UAC => 1 ]

camtasiasta jäi viellä jotain tonne näköjään.

Lada1500s · Oct 24, 2008

BTW. Isseen koneella oli just tuo venäläisiä pornosivuja aukova virus...

MBAM:
C:/Google Inc(tai vastaava)/Isass tai svchost.exe <--- tuo oli siellä niin, että oli päällä eikä muuta kuin MBAM ja oli pornopop-upit mettäs.

Jos Norman on viikonkin vanha, kannattaa ehdottomasti vetää vaikka tuo Avira. Pysyny isseenki kone täydellisen puhtaana.

yaht · Oct 24, 2008

Ajappas viellä Lop s&d Optio 1 uudelleen ja lähetä loki + hijackthis loki.

nikozjr · Oct 24, 2008

--------------------\\ Lop S&D 4.2.4-7 XP/Vista

Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz )
BIOS : BIOS Date: 06/18/08 21:14:06 Ver: 08.00.12
USER : nikopoekaa ( Administrator )
BOOT : Normal boot
Firewall : COMODO Firewall Pro 3.0 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total : 596 Go Free : 504 Go
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 23-10-2008|23:15 )
Option : [1] ( pe 24.10.2008|18:47 )

[ UAC => 1 ]

--------------------\\ Listaa hakemistoja sijainnissa Local

[13.10.2008|12:38] C:\Users\NIKOPO~1\AppData\Local\Application Data
[13.10.2008|14:10] C:\Users\NIKOPO~1\AppData\Local\ATI
[17.10.2008|15:43] C:\Users\NIKOPO~1\AppData\Local\d3d8caps.dat
[13.10.2008|12:50] C:\Users\NIKOPO~1\AppData\Local\d3d9caps.dat
[22.10.2008|23:16] C:\Users\NIKOPO~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[13.10.2008|12:38] C:\Users\NIKOPO~1\AppData\Local\GDIPFONTCACHEV1.DAT
[24.10.2008|10:04] C:\Users\NIKOPO~1\AppData\Local\IconCache.db
[17.10.2008|22:05] C:\Users\NIKOPO~1\AppData\Local\Microsoft
[13.10.2008|15:10] C:\Users\NIKOPO~1\AppData\Local\Mozilla
[13.10.2008|12:38] C:\Users\NIKOPO~1\AppData\Local\Sivuhistoria
[20.10.2008|17:00] C:\Users\NIKOPO~1\AppData\Local\Stardock
[20.10.2008|21:31] C:\Users\NIKOPO~1\AppData\Local\TechSmith
[24.10.2008|18:46] C:\Users\NIKOPO~1\AppData\Local\Temp
[13.10.2008|12:38] C:\Users\NIKOPO~1\AppData\Local\Temporary Internet Files
[16.10.2008|17:11] C:\Users\NIKOPO~1\AppData\Local\Thunderbird
[19.10.2008|20:18] C:\Users\NIKOPO~1\AppData\Local\VirtualStore
[5|tiedosto(a)] C:\Users\NIKOPO~1\AppData\Local\tavua
[13|kansio(ta)] C:\Users\NIKOPO~1\AppData\Local\tavua vapaana

--------------------\\ Ajoitetut tehtävät sijaitsee C:\Windows\Tasks

[24.10.2008 16:48][--ah-----] C:\Windows\tasks\SA.DAT
[24.10.2008 10:04][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listaa hakemistoja sijainnissa C:\ProgramData

[02.11.2006|16:02] C:\ProgramData\Application Data
[13.10.2008|14:10] C:\ProgramData\ATI
[13.10.2008|19:10] C:\ProgramData\Avira
[23.10.2008|21:46] C:\ProgramData\comodo
[02.11.2006|16:02] C:\ProgramData\Desktop
[02.11.2006|16:02] C:\ProgramData\Documents
[02.11.2006|16:02] C:\ProgramData\Favorites
[17.10.2008|22:12] C:\ProgramData\FLEXnet
[24.10.2008|17:04] C:\ProgramData\Funk manager bolt
[13.10.2008|12:37] C:\ProgramData\K„ynnist„-valikko
[13.10.2008|12:37] C:\ProgramData\Mallit
[18.10.2008|21:24] C:\ProgramData\Malwarebytes
[18.10.2008|22:06] C:\ProgramData\Microsoft
[20.10.2008|14:04] C:\ProgramData\ntuser.pol
[21.10.2008|11:03] C:\ProgramData\Protexis
[21.10.2008|11:04] C:\ProgramData\Raxco
[02.11.2006|16:02] C:\ProgramData\Start Menu
[13.10.2008|12:37] C:\ProgramData\Suosikit
[19.10.2008|10:23] C:\ProgramData\SwiftKit
[02.11.2006|16:02] C:\ProgramData\Templates
[13.10.2008|12:37] C:\ProgramData\Tiedostot
[13.10.2008|12:37] C:\ProgramData\Ty”p”yt„
[13.10.2008|12:56] C:\ProgramData\WLInstaller
[1|tiedosto(a)] C:\ProgramData\tavua
[24|kansio(ta)] C:\ProgramData\tavua vapaana

--------------------\\ Listaa hakemistoja sijainnissa C:\Program Files

[17.10.2008|23:34] C:\Program Files\Adobe
[19.10.2008|16:49] C:\Program Files\Alcohol Soft
[13.10.2008|17:02] C:\Program Files\ATI
[13.10.2008|14:06] C:\Program Files\ATI Technologies
[13.10.2008|19:10] C:\Program Files\Avira
[24.10.2008|17:01] C:\Program Files\Common Files
[23.10.2008|21:41] C:\Program Files\COMODO
[23.10.2008|13:27] C:\Program Files\DC++
[22.10.2008|17:54] C:\Program Files\DivX
[22.10.2008|21:07] C:\Program Files\Funk manager bolt
[21.10.2008|21:45] C:\Program Files\HyCam2
[13.10.2008|17:10] C:\Program Files\InstallShield Installation Information
[13.10.2008|16:41] C:\Program Files\Intel
[20.10.2008|12:43] C:\Program Files\Internet Explorer
[21.10.2008|16:14] C:\Program Files\Java
[23.10.2008|09:53] C:\Program Files\Malwarebytes' Anti-Malware
[02.11.2006|15:37] C:\Program Files\Microsoft Games
[23.10.2008|13:43] C:\Program Files\mIRC
[21.01.2008|05:35] C:\Program Files\Movie Maker
[23.10.2008|21:52] C:\Program Files\Mozilla Firefox
[22.10.2008|17:53] C:\Program Files\Mozilla Thunderbird
[02.11.2006|15:37] C:\Program Files\MSBuild
[13.10.2008|17:47] C:\Program Files\PC Wizard 2008
[21.10.2008|11:04] C:\Program Files\Raxco
[13.10.2008|17:03] C:\Program Files\Realtek
[02.11.2006|15:37] C:\Program Files\Reference Assemblies
[21.10.2008|16:15] C:\Program Files\Sun
[22.10.2008|22:14] C:\Program Files\SwiftKit
[20.10.2008|21:27] C:\Program Files\TechSmith
[20.10.2008|17:23] C:\Program Files\Thoosje Vista Sidebar
[18.10.2008|10:48] C:\Program Files\Trend Micro
[02.11.2006|16:01] C:\Program Files\Uninstall Information
[13.10.2008|20:05] C:\Program Files\uTorrent
[16.10.2008|16:44] C:\Program Files\Winamp
[21.01.2008|05:35] C:\Program Files\Windows Calendar
[21.01.2008|05:35] C:\Program Files\Windows Collaboration
[21.01.2008|05:35] C:\Program Files\Windows Defender
[21.01.2008|05:35] C:\Program Files\Windows Journal
[13.10.2008|13:12] C:\Program Files\Windows Live
[16.10.2008|22:00] C:\Program Files\Windows Mail
[21.01.2008|05:35] C:\Program Files\Windows Media Player
[13.10.2008|12:37] C:\Program Files\Windows NT
[21.01.2008|05:35] C:\Program Files\Windows Photo Gallery
[21.01.2008|05:35] C:\Program Files\Windows Sidebar
[19.10.2008|22:27] C:\Program Files\WinRAR
[0|tiedosto(a)] C:\Program Files\tavua
[47|kansio(ta)] C:\Program Files\tavua vapaana

--------------------\\ Listaa hakemistoja sijainnissa C:\Program Files\Common Files

[17.10.2008|23:34] C:\Program Files\Common Files\Adobe
[13.10.2008|17:02] C:\Program Files\Common Files\InstallShield
[21.10.2008|16:08] C:\Program Files\Common Files\Java
[13.10.2008|12:37] C:\Program Files\Common Files\J„rjestelm„ [C:\Program Files\Common Files\System]
[17.10.2008|22:09] C:\Program Files\Common Files\Macrovision Shared
[23.10.2008|10:53] C:\Program Files\Common Files\microsoft shared
[22.10.2008|17:53] C:\Program Files\Common Files\PX Storage Engine
[02.11.2006|14:18] C:\Program Files\Common Files\Services
[02.11.2006|14:18] C:\Program Files\Common Files\SpeechEngines
[21.01.2008|05:35] C:\Program Files\Common Files\System
[13.10.2008|13:12] C:\Program Files\Common Files\WindowsLiveInstaller
[0|tiedosto(a)] C:\Program Files\Common Files\tavua
[13|kansio(ta)] C:\Program Files\Common Files\tavua vapaana

--------------------\\ Process

( 55 Processes )

... OK !

--------------------\\ Etsii S_Lopilla

Lopin kansioita ei löytynyt !

--------------------\\ Etsii Lopin tiedostoja ja kansioita

Lopin kansioita ei löytynyt !

--------------------\\ Etsii rekisterikohteita

..... OK !

--------------------\\ Tarkistaa Hosts-tiedostoa

Hosts-tiedosto PUHDAS

--------------------\\ Tarkistaa Catchmella onko piilotettuja tiedostoja

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-24 18:47:43
Windows 6.0.6001 Service Pack 1 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Tarkistaa muita infektioita

Muita infektiota ei löytynyt !

[F:30][D:24]-> C:\Users\NIKOPO~1\AppData\Local\Temp
[F:37][D:1]-> C:\Users\NIKOPO~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:188][D:4]-> C:\Users\NIKOPO~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:6][D:3]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - pe 24.10.2008| 8:56 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - pe 24.10.2008|17:05 - Option : [3]
3 - "C:\Lop SD\LopR_3.txt" - pe 24.10.2008|18:46 - Option : [1]
4 - "C:\Lop SD\LopR_4.txt" - pe 24.10.2008|18:48 - Option : [1]

--------------------\\ Tarkistus valmistui 18:48:06
[ UAC => 1 ]

Hijacthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:39:37, on 23.10.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91AgentS1.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\SwiftKit\SwiftKit.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Multi data] "C:\ProgramData\AcidBlehBleh.v5sth"
O4 - HKLM\..\Run: [copy bin slow 16] "C:\ProgramData\Comp Burn Blah.sl8qq"
O4 - HKCU\..\Run: [Multi data] "C:\ProgramData\AcidBlehBleh.152j5wh"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 4481 bytes

yaht · Oct 24, 2008

Käynnistä Hijackthis järjestelmän valvoja. (paina oíkeata hiiren nappia kuvakkeen päällä ja valitse Suorita järjestelmän valvojana)

Paina Do system scan only ja merkitse seuraavat rivit.

O4 - HKLM\..\Run: [Multi data] "C:\ProgramData\AcidBlehBleh.v5sth"
O4 - HKLM\..\Run: [copy bin slow 16] "C:\ProgramData\Comp Burn Blah.sl8qq"
O4 - HKCU\..\Run: [Multi data] "C:\ProgramData\AcidBlehBleh.152j5wh"

Paina lopuksi Fix checked.

Poista seuraavat tidostot/kansiot jos löytyy.

C:\ProgramData\AcidBlehBleh.v5sth
C:\ProgramData\Comp Burn Blah.sl8qq
C:\ProgramData\AcidBlehBleh.152j5wh

Tyhjennä roskakori.

Lataa CCleaner tästä

- Asennuksessa poista merkki/rasti kohdasta "asenna Yahoo! toolbar/työkalupalkki".
- Asennuksen jälkeen aukaise CCleaner.
- Valitse vasemmalta pystyrivistä Options.
- Valitse viereisestä pystyrivistä Settings.
- Language kohtaan valitse Suomi.

- Käynnistä CCleaner.
- Valitse Valinnat.
- Paina Lisäasetukset.
- Ota ruksi pois kohdasta "Poista vain yli 48 tuntia vanhat tiedostot Windowsin tilapäiskansioista".

Puhdistaja

- Valitse vasemmalta pystyrivistä Puhdistaja.
- Paina alhaalta Tutki.
Nyt CCleaner tutkii, mitä voidaan poistaa (tempit, cookiessit jne.).
- Kun tutkiminen on valmis, paina Aja CCleaner.
Nyt CCleaner poistaa löydetyt tempit, cookiessit jne.

Rekisterin virheiden korjaus

- Valitse vasemmalta pystyrivistä Rekisteri.
- Paina alhaalta Etsi rekisterin virheitä.
- Kun etsintä on valmis ja olet varma, että haluat korjata ne rivit jotka ovat merkattuja, niin paina Korjaa valitut rekisterin virheet.
- Sinulta kysytään "haluatko varmuuskopioida muutokset rekisteriin", paina Kyllä. Tallenna varmuuskopio vaikka "Omat tiedostot" -kansioon.
- Klikkaa uudesta aukeavasta ikkunasta Korjaa kaikki valitut virheet.
- Saat vielä varmistus kysymyksen, paina Ok.
- Kun virheet on korjattu, paina Sulje.

Nyt voit suljea CCleanerin painamalla oikealta ylhäältä punaista rastia.

Skannaa koneesi Kaspersky Online Skannerilla

* Lue läpi vaatimukset ja yksityisyyssäännökset ja klikkaa Accept.
* Skannerin ja virustietokannan lataus alkaa. Sinulta kysytään sallitko Kasperskyltä tulevan ohjelman asentamisen. Klikkaa Aja/Run.
* Kun lataus on valmis, klikkaa Settings.
* Varmistu, että seuraavat kohdat on valittu. Jos ne eivät ole, valitse ne ja klikkaa Save:
Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases
* Klikkaa Oma Tietokone, My Computer Scan-kohdan alapuolelta.
* Kun tarkistus on valmis, tulokset näytetään. Klikkaa View Scan Report.
* Näet listan saastuneista kohteista. Klikkaa Save Report As....
* Tallenna tiedosto työpöydällesi. Muuta Tiedostotyyppi/Files of type muotoon Tekstitiedosto/Text file(.txt) ennen kuin klikkaat Save.
* Kopioi ja liitä tiedoston sisältö seuraavaan vastaukseesi uuden HijackThis-lokin kera

nikozjr · Oct 24, 2008

tämmönen virhe ilmotus pukkaa kun suljen swiftkit nimisen ohjelman.
http://img370.imageshack.us/img370/8131/javary7.jpg

kapersky scannailee atm.
noita fixattavia kohtia ei löytynyt enää...

uusi logi:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:19:16, on 24.10.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91AgentS1.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DC++\DCPlusPlus.exe
C:\Program Files\SwiftKit\SwiftKit.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\system32\notepad.exe
C:\Users\nikopoekaa\Links\CCleaner\CCleaner.exe
C:\Program Files\SwiftKit\SwiftKit.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 4881 bytes

comodo firewall kyselee aina välillä että vaikka näinn mozilla firefox---->dwmapi.dl <- mikä toi on?=O aika monesti tota dwmapi.dl kysyy.

yaht · Oct 24, 2008

Skannasikko tuolla kaspersky:lla?

dwmapi.dl mitä nyt tuossa tuli comodon foorumilta luettua niin taitaa olla joku comodon bugi eli päivitä sitä jos löytyy päivitys.

Onkos uusin versio tuosta SwiftKit:stä ?

Lataa JavaRa ja pura se työpöydällesi.

***Sulje kaikki päällä olevat Internet Explorerin ikkunat ennen jatkamista!***
* Tuplaklikkaa JavaRa.exeä käynnistääksesi ohjelma.
* Valitse English pudotusvalikosta valitaksesi kieleksi englannin ja klikkaa Select.
* Klikkaa Remove Older Versions poistaaksesi vanhat Java-versiot koneeltasi.
* Klikkaa Yes kun pyydetään. Kun JavaRa on valmis, se ilmoittaa, että lokitiedosto on luotu. Klikkaa OK.
* Lokitiedosto avautuu. Lähetä sen sisältö seuraavassa viestissäsi.

Tämän jälkeen lataa ja asenna Java Runtime Environment (JRE) 6 Update 10.

nikozjr · Oct 26, 2008

Nyt ei oo ss enää ilmotellut tota.
kapersky ei jostain syystä suostu scannaamaan.

Log in or Sign up

Taas! IE aukoo seksisivuja itsekseen hjt.

nikozjr Guest

nikozjr Guest

kelari Regular member

yaht Regular member

nikozjr Guest

yaht Regular member

nikozjr Guest

yaht Regular member

nikozjr Guest

yaht Regular member

nikozjr Guest

Lada1500s Regular member

yaht Regular member

nikozjr Guest

yaht Regular member

nikozjr Guest

yaht Regular member

nikozjr Guest

Share This Page

Log in or Sign up

Taas! IE aukoo seksisivuja itsekseen hjt.

nikozjr Guest

nikozjr Guest

kelari Regular member

yaht Regular member

nikozjr Guest

yaht Regular member

nikozjr Guest

yaht Regular member

nikozjr Guest

yaht Regular member

nikozjr Guest

Lada1500s Regular member

yaht Regular member

nikozjr Guest

yaht Regular member

nikozjr Guest

yaht Regular member

nikozjr Guest

Share This Page

Useful Searches