Toisen Kaverin HJT-logi - lisää tarkastettavaa

De_Nitro · Aug 19, 2008

Juuh, tämä on TOISEN kaverin logi (syy, miksi postaan niitä, on se... että mulla on aD:ssä tunnukset ). Kaveri kertoi, että hänen tausta kuvansa vaihtui, kuten Steam keskustelusta otettu: "sellane sininen tausta ja sitte siinä on keltasella pohjalla että warning spyware detected on your compute! ja sinisel siinä alla että install an antivirus or spyware remover to clean your computer." . Pitemmittä puheitta, logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:25:04, on 19.8.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\program files\steam\steam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\FSGK32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\dna Nettiturva\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\dna Nettiturva\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\dna Nettiturva\Common\FAMEH32.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\fsqh.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\dna Nettiturva\Anti-Virus\fssm32.exe
C:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe
C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
C:\Program Files\dna Nettiturva\FSAUA\program\fsus.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\dna Nettiturva\Anti-Virus\fsav32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\a.exe
C:\DOCUME~1\Matti\LOCALS~1\Temp\fbehecfa.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\pelejä\ohjelmia\nää jokku virus jutut\hijackthis_v2.0.2\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4EA2BCA5-F5F4-4D0D-BAF4-6F95624CE6AD} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A2C04DE5-64DF-4AAA-9C73-5E51F3C36E36} - (no file)
O2 - BHO: (no name) - {ADCA3B29-4990-45F0-9D44-8EA66A29F77F} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {E8D69F0A-98B2-46FF-880C-680869609F9B} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\dna Nettiturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [lphc1rmj0ea25] C:\WINDOWS\system32\lphc1rmj0ea25.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PELEJ~1\ohjelmia\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PELEJ~1\ohjelmia\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.suomi24.fi/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127132756512
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1142344915265
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9.5/ticker.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - https://webmail.dnainternet.net/graphics/mime_text.gif

--
End of file - 9347 bytes

Apua taasen kaivataan.

Hujo · Aug 19, 2008

scannaa hjt:llä merkkaa paina Fix checked

O2 - BHO: (no name) - {4EA2BCA5-F5F4-4D0D-BAF4-6F95624CE6AD} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A2C04DE5-64DF-4AAA-9C73-5E51F3C36E36} - (no file)
O2 - BHO: (no name) - {ADCA3B29-4990-45F0-9D44-8EA66A29F77F} - (no file)
O2 - BHO: (no name) - {E8D69F0A-98B2-46FF-880C-680869609F9B} - (no file)
O4 - HKLM\..\Run: [lphc1rmj0ea25] C:\WINDOWS\system32\lphc1rmj0ea25.exe
O24 - Desktop Component 0: (no name) - https://webmail.dnainternet.net/graphics/mime_text.gif

================

Lataa SmitfraudFix (c) S!Ri
Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:

Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
Postita ponnahtava rapport – muistion sisältö viestiketjuusi.
Löytyy myös C:\rapport.txt

Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat
(AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja.
A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä,
silloin ne saattavat varoittaa käyttäjää.

De_Nitro · Aug 19, 2008

Tarkastus tehty ja tässä logi:

SmitFraudFix v2.338

Scan done at 22:01:52,23, ti 19.08.2008
Run from C:\Documents and Settings\Matti\Ty”p”yt„\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\program files\steam\steam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\FSGK32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\dna Nettiturva\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\dna Nettiturva\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\dna Nettiturva\Common\FAMEH32.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\fsqh.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\dna Nettiturva\Anti-Virus\fssm32.exe
C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\dna Nettiturva\Anti-Virus\fsav32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\a.exe
C:\DOCUME~1\Matti\LOCALS~1\Temp\fbehecfa.exe
C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

hosts file corrupted !

127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\a.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Matti

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Matti\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Matti\Suosikit

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Nykyinen kotisivu"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: VIA Compatable Fast Ethernet Adapter - Paketinajoituksen miniportti
DNS Server Search Order: 212.86.0.5
DNS Server Search Order: 212.86.0.6

Description: VIA Compatable Fast Ethernet Adapter - Paketinajoituksen miniportti
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{00696560-1710-4F11-B891-0D8FA8A3F0D1}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{2A2FCDDD-E2F8-446E-AFFE-AECE73606D97}: DhcpNameServer=212.86.0.5 212.86.0.6
HKLM\SYSTEM\CS1\Services\Tcpip\..\{00696560-1710-4F11-B891-0D8FA8A3F0D1}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{00696560-1710-4F11-B891-0D8FA8A3F0D1}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{2A2FCDDD-E2F8-446E-AFFE-AECE73606D97}: DhcpNameServer=212.86.0.5 212.86.0.6
HKLM\SYSTEM\CS3\Services\Tcpip\..\{00696560-1710-4F11-B891-0D8FA8A3F0D1}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2A2FCDDD-E2F8-446E-AFFE-AECE73606D97}: DhcpNameServer=212.86.0.5 212.86.0.6
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.86.0.5 212.86.0.6
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.86.0.5 212.86.0.6
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.86.0.5 212.86.0.6

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Hujo · Aug 19, 2008

Printtaa ohjeet ulos

Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi.

Vikasietotilaan:

sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä

Jossakin koneissa hakataan F8:sin sijasta F5:tä

Kun vikasietotilassa, avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
Valitse optio #2 - Clean kirjoittamalla 2 ja painamalla "Enter" poistaaksesi tarttuneet tiedostot.

Sinulta kysytään: "Registry cleaning - Do you want to clean the registry ?"; vastaa "Yes" kirjoittamalla Y ja paina "Enter" poistaaksesi työpöydän taustakuvan ja puhdistaaksesi tarttuneet rekisteriavaimet.

Työkalu tarkistaa jos wininet.dll on tarttunut. Sinua saatetaan pyytää korvaamaan tarttunut .dll (jos löytyy); vastaa "Yes" kirjoittamalla Y ja painamalla "Enter".

Työkalun saattaa tarvita käynnistää kone uudelleen; jos ei tee niin, käynnistä normaaliin Windowsiin.
Tekstitiedosto ilmestyy, puhdistusprosessin jäljiltä; kopioi & liitä tämän raportin tulokset vastaukseesi.
Raportti löytyy paikalliselta levyltäsi, useimmiten C:\rapport.txt.

Varoitus : Ajamalla optio 2:n EI-tarttuneessa tietokoneessa, poistaa sinun työpöytäsi taustakuvan.

==============

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.

Hujo · Aug 20, 2008

Tuo ajoon Malwarebytes' Anti-Malware

De_Nitro · Aug 21, 2008

Ups, noh, tässä on sitten:

Malwarebytes' Anti-Malware 1.25
Tietokantaversio: 1062
Windows 5.1.2600 Service Pack 3

7:24:26 21.8.2008
mbam-log-08-21-2008 (07-24-26).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 258118
Kulunut aika: 2 hour(s), 25 minute(s), 23 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 7
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 10

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CAC (Malware.Trace) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\setup.0xe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\mservice.0xe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matti\setup.0xe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\bot.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphc1rmj0ea25.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphc1rmj0ea25.0xe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phc1rmj0ea25.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Omistaja\Local Settings\Temp\CmdLineExt02.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Omistaja\Local Settings\Temp\CmdLineExt03.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Hujo · Aug 22, 2008

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

De_Nitro · Aug 22, 2008

Tässä combofix:

ComboFix 08-08-21.02 - Matti 2008-08-22 16:36:01.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.162 [GMT 3:00]
Running from: C:\Documents and Settings\Matti\Työpöytä\ComboFix.exe
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\companion wizard
C:\Program Files\Common Files\companion wizard\compwiz.exe
C:\WINDOWS\system32\a.exe
C:\WINDOWS\system32\abklmcia.ini
C:\WINDOWS\system32\agsqwimn.ini
C:\WINDOWS\system32\ajhklnjg.ini
C:\WINDOWS\system32\atjekmqx.ini
C:\WINDOWS\system32\awfinivu.ini
C:\WINDOWS\system32\ayhgmmpq.ini
C:\WINDOWS\system32\ayjptyqc.ini
C:\WINDOWS\system32\bawcfppm.ini
C:\WINDOWS\system32\bftvfjrp.ini
C:\WINDOWS\system32\bfyugduq.ini
C:\WINDOWS\system32\biwprvke.ini
C:\WINDOWS\system32\broknptk.ini
C:\WINDOWS\system32\btcbiwtg.ini
C:\WINDOWS\system32\bunogqmo.ini
C:\WINDOWS\system32\ccswhymw.ini
C:\WINDOWS\system32\ceydwgbk.ini
C:\WINDOWS\system32\chirbpsg.ini
C:\WINDOWS\system32\cqjbwmsc.ini
C:\WINDOWS\system32\cvxscwxm.ini
C:\WINDOWS\system32\cxnewxbx.ini
C:\WINDOWS\system32\cypffklk.ini
C:\WINDOWS\system32\dfdpogyq.ini
C:\WINDOWS\system32\dgdfujvn.ini
C:\WINDOWS\system32\dinkpwmf.ini
C:\WINDOWS\system32\dsrjsemj.ini
C:\WINDOWS\system32\dxmuosps.ini
C:\WINDOWS\system32\dyhagcgf.ini
C:\WINDOWS\system32\ebxatnib.ini
C:\WINDOWS\system32\emndrfyr.ini
C:\WINDOWS\system32\emvluvsk.ini
C:\WINDOWS\system32\enbuodac.ini
C:\WINDOWS\system32\eyggfwff.ini
C:\WINDOWS\system32\eyrtqlns.ini
C:\WINDOWS\system32\eytyladc.ini
C:\WINDOWS\system32\fbpbgxor.ini
C:\WINDOWS\system32\flmnrkfd.ini
C:\WINDOWS\system32\fqaxhkcm.ini
C:\WINDOWS\system32\fupqyxlv.ini
C:\WINDOWS\system32\fvruqdwf.ini
C:\WINDOWS\system32\fyovsrix.ini
C:\WINDOWS\system32\gadrrdqr.ini
C:\WINDOWS\system32\gbfawsfx.ini
C:\WINDOWS\system32\gdcweqls.ini
C:\WINDOWS\system32\gfmanasp.ini
C:\WINDOWS\system32\gfqchmpa.ini
C:\WINDOWS\system32\gssumbuc.ini
C:\WINDOWS\system32\gtahsala.ini
C:\WINDOWS\system32\gularffs.ini
C:\WINDOWS\system32\gulwgfri.ini
C:\WINDOWS\system32\hasuvrbu.ini
C:\WINDOWS\system32\hbejnbee.ini
C:\WINDOWS\system32\hbwiihqq.ini
C:\WINDOWS\system32\hceaarpo.ini
C:\WINDOWS\system32\hdcdygsr.ini
C:\WINDOWS\system32\hddkltpb.ini
C:\WINDOWS\system32\hnymmftt.ini
C:\WINDOWS\system32\hoydvakb.ini
C:\WINDOWS\system32\hujlscsb.ini
C:\WINDOWS\system32\imporkye.ini
C:\WINDOWS\system32\ioqxhmhk.ini
C:\WINDOWS\system32\iosmechb.ini
C:\WINDOWS\system32\itypswin.ini
C:\WINDOWS\system32\iuuajorv.ini
C:\WINDOWS\system32\jfblpxmh.ini
C:\WINDOWS\system32\jhjsciqh.ini
C:\WINDOWS\system32\jjpmggml.ini
C:\WINDOWS\system32\jodbgpaq.ini
C:\WINDOWS\system32\jpvlbsts.ini
C:\WINDOWS\system32\jshgyfql.ini
C:\WINDOWS\system32\jtiagejh.ini
C:\WINDOWS\system32\kbkbbvho.ini
C:\WINDOWS\system32\kvcyhagw.ini
C:\WINDOWS\system32\lbsfexns.ini
C:\WINDOWS\system32\lgikfoha.ini
C:\WINDOWS\system32\lgpdbomb.ini
C:\WINDOWS\system32\lirxvtad.ini
C:\WINDOWS\system32\lntpyvmv.ini
C:\WINDOWS\system32\lonnejud.ini
C:\WINDOWS\system32\lrtboqsx.ini
C:\WINDOWS\system32\ltcivism.ini
C:\WINDOWS\system32\lwwdlfqx.ini
C:\WINDOWS\system32\lyktwgla.ini
C:\WINDOWS\system32\mgkaxsfi.ini
C:\WINDOWS\system32\nksatfra.ini
C:\WINDOWS\system32\nsisnang.ini
C:\WINDOWS\system32\ntfdcclc.ini
C:\WINDOWS\system32\nxcrscmh.ini
C:\WINDOWS\system32\nyokfism.ini
C:\WINDOWS\system32\oaaypfqe.ini
C:\WINDOWS\system32\ocortiyh.ini
C:\WINDOWS\system32\odxavndd.ini
C:\WINDOWS\system32\ojjrgcmy.ini
C:\WINDOWS\system32\ojwemrrv.ini
C:\WINDOWS\system32\oxcwcbwj.ini
C:\WINDOWS\system32\pdofvqfu.ini
C:\WINDOWS\system32\pglsglko.ini
C:\WINDOWS\system32\pgxlchvy.ini
C:\WINDOWS\system32\pndmbgmq.ini
C:\WINDOWS\system32\posvvggj.ini
C:\WINDOWS\system32\pqktjyyi.ini
C:\WINDOWS\system32\prfublnu.ini
C:\WINDOWS\system32\ptqtraiw.ini
C:\WINDOWS\system32\qnmkqiyu.ini
C:\WINDOWS\system32\qtsshmck.ini
C:\WINDOWS\system32\qvwkslew.ini
C:\WINDOWS\system32\raeqmyml.ini
C:\WINDOWS\system32\rcoyxohd.ini
C:\WINDOWS\system32\rdnodyed.ini
C:\WINDOWS\system32\rgrvimru.ini
C:\WINDOWS\system32\rhvonsty.ini
C:\WINDOWS\system32\ridqdwtx.ini
C:\WINDOWS\system32\rlvsxsjc.ini
C:\WINDOWS\system32\roebrsha.ini
C:\WINDOWS\system32\rpwpnghy.ini
C:\WINDOWS\system32\sdttinua.ini
C:\WINDOWS\system32\skeaukvw.ini
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\tbpxnbod.ini
C:\WINDOWS\system32\tikmcsmn.ini
C:\WINDOWS\system32\tngyvuax.ini
C:\WINDOWS\system32\tpewlxee.ini
C:\WINDOWS\system32\trpdgicg.ini
C:\WINDOWS\system32\txlkhjia.ini
C:\WINDOWS\system32\txxkatpc.ini
C:\WINDOWS\system32\uimuefmt.ini
C:\WINDOWS\system32\uocacnwm.ini
C:\WINDOWS\system32\upmmosgd.ini
C:\WINDOWS\system32\ustakejn.ini
C:\WINDOWS\system32\uuguuigs.ini
C:\WINDOWS\system32\vdxeyatu.ini
C:\WINDOWS\system32\vegsqtwi.ini
C:\WINDOWS\system32\vepvdkou.ini
C:\WINDOWS\system32\wevawkrc.ini
C:\WINDOWS\system32\vfccapjd.ini
C:\WINDOWS\system32\wfrreinw.ini
C:\WINDOWS\system32\vgheirqi.ini
C:\WINDOWS\system32\wgosnwpy.ini
C:\WINDOWS\system32\wmkwnduq.ini
C:\WINDOWS\system32\wudpsfhp.ini
C:\WINDOWS\system32\vushbrxn.ini
C:\WINDOWS\system32\vvapptxy.ini
C:\WINDOWS\system32\wwhdgmhu.ini
C:\WINDOWS\system32\xnhfddla.ini
C:\WINDOWS\system32\xsvgeqen.ini
C:\WINDOWS\system32\yaprwdox.ini
C:\WINDOWS\system32\ydvrpqxx.ini
C:\WINDOWS\system32\ylwkijub.ini
C:\WINDOWS\system32\ywyqgakr.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FOPN

((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-07-22 to 2008-08-22 )))))))))))))))))
.

2008-08-20 21:55 . 2008-08-20 21:55 <KANSIO> d-------- C:\WINDOWS\system32\fi
2008-08-20 21:55 . 2008-08-20 21:55 <KANSIO> d-------- C:\WINDOWS\l2schemas
2008-08-20 21:43 . 2008-08-20 22:03 2,675 --a------ C:\WINDOWS\imsins.BAK
2008-08-20 14:41 . 2008-08-20 14:43 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-20 14:41 . 2008-08-20 14:41 <KANSIO> d-------- C:\Documents and Settings\Matti\Application Data\Malwarebytes
2008-08-20 14:41 . 2008-08-20 14:41 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-08-20 14:41 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-20 14:41 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-19 22:02 . 2008-08-20 14:24 1,818 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-19 22:00 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-08-19 22:00 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-08-19 22:00 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-08-19 22:00 . 2008-08-14 21:52 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-08-19 22:00 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-08-19 22:00 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-19 22:00 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-19 21:59 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-08-19 21:55 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-08-19 21:02 . 2008-08-19 21:02 <KANSIO> d-------- C:\Program Files\Lavasoft
2008-08-19 21:02 . 2008-08-19 21:06 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-08-19 20:59 . 2008-08-19 20:59 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-19 20:52 . 2008-08-19 20:52 <KANSIO> d-------- C:\Documents and Settings\Matti\Application Data\IObit
2008-08-19 20:52 . 2008-04-17 16:19 90,668 --a------ C:\WINDOWS\system32\vobis32.dll
2008-08-19 20:00 . 2008-08-19 20:00 30,720 --a------ C:\WINDOWS\system32\a.0xe
2008-08-18 19:43 . 2008-04-14 19:11 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-08-18 19:43 . 2008-04-14 19:11 53,248 --------- C:\WINDOWS\system32\tsgqec.dll
2008-08-18 19:43 . 2008-04-14 19:11 50,688 --------- C:\WINDOWS\system32\tspkg.dll
2008-08-18 19:41 . 2008-04-14 19:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll
2008-08-18 19:41 . 2008-04-14 19:11 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-18 19:41 . 2008-04-14 19:11 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-18 19:41 . 2008-04-14 19:11 61,440 --------- C:\WINDOWS\system32\kmsvc.dll
2008-08-18 19:41 . 2008-04-14 19:11 37,376 --------- C:\WINDOWS\system32\l2gpstore.dll
2008-08-18 19:41 . 2008-04-14 19:12 33,792 --------- C:\WINDOWS\system32\mmcperf.exe
2008-08-18 19:41 . 2008-04-14 19:10 6,144 --------- C:\WINDOWS\system32\kbdpash.dll
2008-08-18 19:41 . 2008-04-14 19:10 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll
2008-08-18 19:41 . 2008-04-14 19:10 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll
2008-08-18 19:41 . 2008-04-14 19:10 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll
2008-08-18 19:39 . 2008-04-14 19:11 233,472 --------- C:\WINDOWS\system32\azroles.dll
2008-08-18 19:39 . 2008-04-14 19:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-08-18 19:39 . 2008-04-14 19:11 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2008-08-15 07:21 . 2008-08-15 07:22 153 --a------ C:\WINDOWS\wininit.ini
2008-08-14 21:20 . 2008-04-11 22:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-07 14:58 . 2008-08-07 14:58 <KANSIO> d-------- C:\WINDOWS\Cache
2008-08-07 00:51 . 2008-08-07 00:51 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Messenger Plus!
2008-08-07 00:08 . 2008-08-07 00:08 <KANSIO> d-------- C:\Program Files\Messenger Plus! Live
2008-08-06 23:31 . 2008-08-06 23:31 <KANSIO> d-------- C:\WINDOWS\9580813D94B14C289426A441E2BB29A5.TMP
2008-08-06 20:03 . 2008-08-06 23:31 <KANSIO> d-------- C:\Fraps
2008-07-27 20:23 . 2008-07-27 20:23 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2008-07-27 20:23 . 2008-07-27 20:31 35,995 --a------ C:\WINDOWS\DIIUnin.dat
2008-07-27 20:23 . 2008-07-27 20:23 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-07-22 03:42 . 2008-07-22 03:42 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-22 13:53 --------- d-----w C:\Program Files\Steam
2008-08-20 19:08 96,384 ----a-w C:\WINDOWS\system32\drivers\sptd0973.sys
2008-08-20 12:12 --------- d-----w C:\Documents and Settings\Matti\Application Data\mIRC
2008-08-20 12:08 --------- d-----w C:\Program Files\mIRC
2008-08-19 17:34 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-08-16 20:00 --------- d-----w C:\Program Files\Incomplete
2008-08-16 18:46 --------- d-----w C:\Program Files\LimeWire
2008-08-16 18:31 --------- d-----w C:\Documents and Settings\Matti\Application Data\LimeWire
2008-08-10 12:56 --------- d-----w C:\Program Files\Diablo II
2008-08-08 07:15 23 ----a-w C:\Documents and Settings\Matti\jagex_runescape_preferences.dat
2008-08-06 20:30 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-08-06 17:48 --------- d-----w C:\Documents and Settings\Matti\Application Data\SystemRequirementsLab
2008-08-04 11:11 --------- d-----w C:\Program Files\Xfire
2008-08-04 10:24 --------- d-----w C:\Documents and Settings\Matti\Application Data\Xfire
2008-07-31 15:50 --------- d-----w C:\Program Files\SpywareBlaster
2008-07-27 17:29 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-07-27 17:29 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-07-27 17:29 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 18:39 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-10 13:12 --------- d-----w C:\Documents and Settings\Matti\Application Data\PC Suite
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-04 08:27 --------- d-----w C:\Documents and Settings\Matti\Application Data\Nokia
2008-07-04 08:27 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Suite
2008-07-04 08:23 --------- d-----w C:\Program Files\Nokia
2008-07-04 08:23 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-07-04 08:23 --------- d-----w C:\Program Files\Common Files\Nokia
2008-07-04 08:22 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-07-04 08:22 --------- d-----w C:\Program Files\DIFX
2008-07-04 08:19 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Installations
2008-07-03 10:15 --------- d-----w C:\Program Files\Soldier of Fortune II - Double Helix GOLD
2008-07-01 11:04 --------- d-----w C:\Program Files\Atari
2008-06-26 18:02 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:47 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-03 04:18 93,184 ----a-w C:\WINDOWS\is154890.exe
2008-05-05 10:38 68,384 -c--a-w C:\Documents and Settings\Matti\Application Data\GDIPFONTCACHEV1.DAT
2006-11-18 12:10 975 ----a-w C:\Program Files\log.txt
2005-12-11 17:24 32 -c--a-r C:\Documents and Settings\All Users\hash.dat
.

(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 13:58 1271032]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure TNB"="C:\Program Files\dna Nettiturva\FSGUI\TNBUtil.exe" [2007-04-26 20:10 740208]
"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [2006-12-26 10:08 196608]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26 7700480]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]
"SoundMan"="SOUNDMAN.EXE" [2003-06-10 14:12 55296 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 19:12 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll
"VIDC.YV12"= yv12vfw.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"NeroCheck"=C:\WINDOWS\System32\\NeroCheck.exe
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" -lang 1033
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"OM_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
"F-Secure Manager"="C:\Program Files\dna Nettiturva\Common\FSM32.EXE" /splash
"nwiz"=nwiz.exe /install
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"News Service"="C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe"
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Steam\\SteamApps\\juho_vii93\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\juho_vii93\\day of defeat source\\hl2.exe"=
"C:\\Team17\\Worms World Party\\wwp.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Steam\\steam.exe"=
"C:\\Program Files\\Steam\\SteamApps\\juho_vii93\\source dedicated server\\srcds.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-03-17 14:40]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\dna Nettiturva\HIPS\fshs.sys [2008-02-13 22:42]
R2 litsgt;litsgt;C:\WINDOWS\system32\DRIVERS\litsgt.sys [2005-12-04 20:47]
R2 tansgt;tansgt;C:\WINDOWS\system32\DRIVERS\tansgt.sys [2005-12-04 20:47]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\dna Nettiturva\Anti-Virus\minifilter\fsgk.sys [2007-04-26 20:07]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2006-05-09 11:27]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\dna Nettiturva\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 20:08]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\dna Nettiturva\Anti-Virus\Win2K\FSrec.sys [2007-04-26 20:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{928340b2-c3a0-11dc-a50b-000c763d07e6}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{928340b3-c3a0-11dc-a50b-000c763d07e6}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd14355c-c394-11dc-a509-000c763d07e6}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd14355d-c394-11dc-a509-000c763d07e6}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd143560-c394-11dc-a509-000c763d07e6}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd143561-c394-11dc-a509-000c763d07e6}]
\Shell\AutoRun\command - G:\AutoRun.exe
.
'Ajoitetut teht„v„t'-kansion sis„lt”

2008-08-22 C:\WINDOWS\Tasks\Scheduled scanning task.job
- C:\PROGRA~1\DNANET~1\ANTI-V~1\fsav.exe [2007-04-26 14:42]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\cs6ldfyd.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.lumonetti.fi/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-22 16:53:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32.exe
C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\dna Nettiturva\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\dna Nettiturva\Common\FCH32.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\dna Nettiturva\Common\FAMEH32.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\fsqh.exe
C:\Program Files\dna Nettiturva\Anti-Virus\fssm32.exe
C:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe
C:\Program Files\dna Nettiturva\FWES\program\fsdfwd.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\dna Nettiturva\FSAUA\program\fsus.exe
.
**************************************************************************
.
Completion time: 2008-08-22 17:06:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-22 14:05:35

Pre-Run: 107,485,126,656 tavua vapaana
Post-Run: 107,264,356,352 tavua vapaana

396 --- E O F --- 2008-08-21 13:45:31

Hujo · Aug 22, 2008

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

File::
C:\WINDOWS\system32\a.0xe

Click to expand...

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.

Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

De_Nitro · Aug 23, 2008

Olkaa hyvät, tässä uusi:

ComboFix 08-08-21.02 - Matti 2008-08-23 13:03:48.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.181 [GMT 3:00]
Running from: C:\Documents and Settings\Matti\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Matti\Työpöytä\CFScript.txt.txt
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\a.0xe
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\a.0xe

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-07-23 to 2008-08-23 )))))))))))))))))
.

2008-08-23 12:28 . 2008-08-23 12:28 <KANSIO> d-------- C:\WINDOWS\LastGood
2008-08-20 21:55 . 2008-08-20 21:55 <KANSIO> d-------- C:\WINDOWS\system32\fi
2008-08-20 21:55 . 2008-08-20 21:55 <KANSIO> d-------- C:\WINDOWS\l2schemas
2008-08-20 21:43 . 2008-08-20 22:03 2,675 --a------ C:\WINDOWS\imsins.BAK
2008-08-20 14:41 . 2008-08-20 14:43 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-20 14:41 . 2008-08-20 14:41 <KANSIO> d-------- C:\Documents and Settings\Matti\Application Data\Malwarebytes
2008-08-20 14:41 . 2008-08-20 14:41 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-08-20 14:41 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-20 14:41 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-19 22:02 . 2008-08-20 14:24 1,818 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-19 22:00 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-08-19 22:00 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-08-19 22:00 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-08-19 22:00 . 2008-08-14 21:52 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-08-19 22:00 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-08-19 22:00 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-19 22:00 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-19 21:59 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-08-19 21:55 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-08-19 21:02 . 2008-08-19 21:02 <KANSIO> d-------- C:\Program Files\Lavasoft
2008-08-19 21:02 . 2008-08-19 21:06 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-08-19 20:59 . 2008-08-19 20:59 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-19 20:52 . 2008-08-19 20:52 <KANSIO> d-------- C:\Documents and Settings\Matti\Application Data\IObit
2008-08-19 20:52 . 2008-04-17 16:19 90,668 --a------ C:\WINDOWS\system32\vobis32.dll
2008-08-18 19:43 . 2008-04-14 19:11 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-08-18 19:43 . 2008-04-14 19:11 53,248 --------- C:\WINDOWS\system32\tsgqec.dll
2008-08-18 19:43 . 2008-04-14 19:11 50,688 --------- C:\WINDOWS\system32\tspkg.dll
2008-08-18 19:41 . 2008-04-14 19:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll
2008-08-18 19:41 . 2008-04-14 19:11 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-18 19:41 . 2008-04-14 19:11 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-18 19:41 . 2008-04-14 19:11 61,440 --------- C:\WINDOWS\system32\kmsvc.dll
2008-08-18 19:41 . 2008-04-14 19:11 37,376 --------- C:\WINDOWS\system32\l2gpstore.dll
2008-08-18 19:41 . 2008-04-14 19:12 33,792 --------- C:\WINDOWS\system32\mmcperf.exe
2008-08-18 19:41 . 2008-04-14 19:10 6,144 --------- C:\WINDOWS\system32\kbdpash.dll
2008-08-18 19:41 . 2008-04-14 19:10 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll
2008-08-18 19:41 . 2008-04-14 19:10 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll
2008-08-18 19:41 . 2008-04-14 19:10 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll
2008-08-18 19:39 . 2008-04-14 19:11 233,472 --------- C:\WINDOWS\system32\azroles.dll
2008-08-18 19:39 . 2008-04-14 19:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-08-18 19:39 . 2008-04-14 19:11 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2008-08-15 07:21 . 2008-08-15 07:22 153 --a------ C:\WINDOWS\wininit.ini
2008-08-14 21:20 . 2008-04-11 22:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-07 14:58 . 2008-08-07 14:58 <KANSIO> d-------- C:\WINDOWS\Cache
2008-08-07 00:51 . 2008-08-07 00:51 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Messenger Plus!
2008-08-07 00:08 . 2008-08-07 00:08 <KANSIO> d-------- C:\Program Files\Messenger Plus! Live
2008-08-06 23:31 . 2008-08-06 23:31 <KANSIO> d-------- C:\WINDOWS\9580813D94B14C289426A441E2BB29A5.TMP
2008-08-06 20:03 . 2008-08-06 23:31 <KANSIO> d-------- C:\Fraps
2008-07-27 20:23 . 2008-07-27 20:23 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2008-07-27 20:23 . 2008-07-27 20:31 35,995 --a------ C:\WINDOWS\DIIUnin.dat
2008-07-27 20:23 . 2008-07-27 20:23 2,829 --a------ C:\WINDOWS\DIIUnin.pif

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-23 09:41 --------- d-----w C:\Program Files\Steam
2008-08-22 20:37 --------- d-----w C:\Documents and Settings\Matti\Application Data\mIRC
2008-08-22 20:35 --------- d-----w C:\Program Files\mIRC
2008-08-20 19:08 96,384 ----a-w C:\WINDOWS\system32\drivers\sptd0973.sys
2008-08-19 17:34 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-08-16 20:00 --------- d-----w C:\Program Files\Incomplete
2008-08-16 18:46 --------- d-----w C:\Program Files\LimeWire
2008-08-16 18:31 --------- d-----w C:\Documents and Settings\Matti\Application Data\LimeWire
2008-08-10 12:56 --------- d-----w C:\Program Files\Diablo II
2008-08-08 07:15 23 ----a-w C:\Documents and Settings\Matti\jagex_runescape_preferences.dat
2008-08-06 20:30 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-08-06 17:48 --------- d-----w C:\Documents and Settings\Matti\Application Data\SystemRequirementsLab
2008-08-04 11:11 --------- d-----w C:\Program Files\Xfire
2008-08-04 10:24 --------- d-----w C:\Documents and Settings\Matti\Application Data\Xfire
2008-07-31 15:50 --------- d-----w C:\Program Files\SpywareBlaster
2008-07-27 17:29 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-07-27 17:29 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-07-27 17:29 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-07-22 00:42 42,320 ----a-w C:\WINDOWS\system32\xfcodec.dll
2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 19:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 19:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-10 13:12 --------- d-----w C:\Documents and Settings\Matti\Application Data\PC Suite
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-04 08:27 --------- d-----w C:\Documents and Settings\Matti\Application Data\Nokia
2008-07-04 08:27 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Suite
2008-07-04 08:23 --------- d-----w C:\Program Files\Nokia
2008-07-04 08:23 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-07-04 08:23 --------- d-----w C:\Program Files\Common Files\Nokia
2008-07-04 08:22 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-07-04 08:22 --------- d-----w C:\Program Files\DIFX
2008-07-04 08:19 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Installations
2008-07-03 10:15 --------- d-----w C:\Program Files\Soldier of Fortune II - Double Helix GOLD
2008-07-01 11:04 --------- d-----w C:\Program Files\Atari
2008-06-26 18:02 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:47 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-03 04:18 93,184 ----a-w C:\WINDOWS\is154890.exe
2008-05-05 10:38 68,384 -c--a-w C:\Documents and Settings\Matti\Application Data\GDIPFONTCACHEV1.DAT
2006-11-18 12:10 975 ----a-w C:\Program Files\log.txt
2005-12-11 17:24 32 -c--a-r C:\Documents and Settings\All Users\hash.dat
.

((((((((((((((((((((((((((((( snapshot@2008-08-22_17.04.44.84 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-30 16:19:10 271,224 ----a-w C:\WINDOWS\LastGood\system32\mucltui.dll
+ 2007-07-30 16:19:04 207,736 ----a-w C:\WINDOWS\LastGood\system32\muweb.dll
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 13:58 1271032]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure TNB"="C:\Program Files\dna Nettiturva\FSGUI\TNBUtil.exe" [2007-04-26 20:10 740208]
"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [2006-12-26 10:08 196608]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26 7700480]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]
"SoundMan"="SOUNDMAN.EXE" [2003-06-10 14:12 55296 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 19:12 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll
"VIDC.YV12"= yv12vfw.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"NeroCheck"=C:\WINDOWS\System32\\NeroCheck.exe
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" -lang 1033
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"OM_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
"F-Secure Manager"="C:\Program Files\dna Nettiturva\Common\FSM32.EXE" /splash
"nwiz"=nwiz.exe /install
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"News Service"="C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe"
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Steam\\SteamApps\\juho_vii93\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\juho_vii93\\day of defeat source\\hl2.exe"=
"C:\\Team17\\Worms World Party\\wwp.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Steam\\steam.exe"=
"C:\\Program Files\\Steam\\SteamApps\\juho_vii93\\source dedicated server\\srcds.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-03-17 14:40]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\dna Nettiturva\HIPS\fshs.sys [2008-02-13 22:42]
R2 litsgt;litsgt;C:\WINDOWS\system32\DRIVERS\litsgt.sys [2005-12-04 20:47]
R2 tansgt;tansgt;C:\WINDOWS\system32\DRIVERS\tansgt.sys [2005-12-04 20:47]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\dna Nettiturva\Anti-Virus\minifilter\fsgk.sys [2007-04-26 20:07]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2006-05-09 11:27]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\dna Nettiturva\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 20:08]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\dna Nettiturva\Anti-Virus\Win2K\FSrec.sys [2007-04-26 20:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{928340b2-c3a0-11dc-a50b-000c763d07e6}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{928340b3-c3a0-11dc-a50b-000c763d07e6}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd14355c-c394-11dc-a509-000c763d07e6}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd14355d-c394-11dc-a509-000c763d07e6}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd143560-c394-11dc-a509-000c763d07e6}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd143561-c394-11dc-a509-000c763d07e6}]
\Shell\AutoRun\command - G:\AutoRun.exe

*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö

2008-08-23 C:\WINDOWS\Tasks\Scheduled scanning task.job
- C:\PROGRA~1\DNANET~1\ANTI-V~1\fsav.exe [2007-04-26 14:42]

2008-08-23 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-23 13:15:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\TEMP\AVP4A1.tmp 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2008-08-23 13:26:08
ComboFix-quarantined-files.txt 2008-08-23 10:25:43
ComboFix2.txt 2008-08-22 14:06:22

Pre-Run: 107,184,091,136 tavua vapaana
Post-Run: 107,170,852,864 tavua vapaana

229 --- E O F --- 2008-08-21 13:45:31

Hujo · Aug 25, 2008

Päivitä Malwarebytes' Anti-Malware ja aja

Laita uusi hjt:n loki

De_Nitro · Aug 27, 2008

Tässä taasen HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49:32, on 26.8.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\FSGK32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\dna Nettiturva\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\dna Nettiturva\Common\FCH32.EXE
C:\Program Files\dna Nettiturva\Common\FAMEH32.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\fsqh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe
C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
C:\Program Files\dna Nettiturva\Anti-Virus\fssm32.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\dna Nettiturva\FSAUA\program\fsus.exe
C:\Program Files\dna Nettiturva\Anti-Virus\fsav32.exe
C:\pelejä\ohjelmia\Winamp\winamp.exe
C:\pelejä\ohjelmia\nää jokku virus jutut\hijackthis_v2.0.2\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\dna Nettiturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PELEJ~1\ohjelmia\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PELEJ~1\ohjelmia\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.suomi24.fi/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127132756512
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1142344915265
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9.5/ticker.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8705 bytes

Hujo · Aug 27, 2008

Javan päivitys ja välimuistin tyhjennys:

Lataa JavaRa ja pura se työpöydällesi.

***Sulje kaikki päällä olevat Internet Explorerin ikkunat ennen jatkamista!***

* Tuplaklikkaa JavaRa.exeä käynnistääksesi ohjelma.
* Valitse English pudotusvalikosta valitaksesi kieleksi englannin ja klikkaa Select.
* Klikkaa Remove Older Versions poistaaksesi vanhat Java-versiot koneeltasi.
* Klikkaa Yes kun pyydetään. Kun JavaRa on valmis, se ilmoittaa, että lokitiedosto on luotu. Klikkaa OK.
* Lokitiedosto avautuu. Lähetä sen sisältö seuraavassa viestissäsi.
4. Asenna uusin Java päivitys seuraavasta linkistä..

http://java.sun.com/javase/downloads/index.jsp

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6 Update 7
Paina Download
Laita Platform -kohtaan Windows
Ruksaa I agree to the Java SE Runtime Environment 6 License Agreement ja paina Continue
Paina Windows Offline Installationin alapuolella jre-6u4-windows-i586-p.exe

Tallenna tiedosto vaikka työpöydälle ja asenna se.

5. Käynnistä kone uudelleen asennuksen jälkeen.
6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).
7. General-välilehdellä klikkaa Settings. Vedä liukusäädintä (Disk Space) pienemmälle.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Klikkaa Delete Files -nappia. Varmista että kaikki kaksi valintaa ovat rastitettuja:
* Applications and Applets
* Trace and Log Files

Ja paina OK -nappia
Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA.

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.
10. Välilehti Update: ota ruksi pois kohdasta Check for Updates automatically
Valitse Never check
11. Klikkaa Apply ja OK jättääksesi Java asetusikkunasi.

De_Nitro · Aug 27, 2008

Tässä lisää:

JavaRa 1.11 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Wed Aug 27 15:22:25 2008

Found and removed: C:\Program Files\Java\j2re1.4.2

Found and removed: C:\Program Files\Java\jre1.5.0_06

Found and removed: C:\Program Files\Java\jre1.5.0_09

Found and removed: C:\Program Files\Java\jre1.5.0_10

Found and removed: C:\Program Files\Java\jre1.5.0_11

Found and removed: C:\Program Files\Java\jre1.6.0_01

Found and removed: C:\Program Files\Java\jre1.6.0_02

Found and removed: C:\Program Files\Common Files\Java\Update\Base Images\j2re1.4.2-b28

Found and removed: C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64

Found and removed: C:\Windows\Installer\{7148F0A8-6813-11D6-A77B-00B0D0142000}

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4

Found and removed: Software\JavaSoft\Java2D\1.5.0_03

Found and removed: Software\JavaSoft\Java2D\1.5.0_06

Found and removed: Software\JavaSoft\Java2D\1.5.0_09

Found and removed: Software\JavaSoft\Java2D\1.5.0_10

Found and removed: Software\JavaSoft\Java2D\1.5.0_11

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\JavaPlugin.150_06

Found and removed: SOFTWARE\Classes\JavaPlugin.150_09

Found and removed: SOFTWARE\Classes\JavaPlugin.150_10

Found and removed: SOFTWARE\Classes\JavaPlugin.150_11

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_09

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_10

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_11

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_09

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_10

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_11

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510009

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150090}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150100}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150110}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\JavaPlugin.160_01

Found and removed: SOFTWARE\Classes\JavaPlugin.160_02

Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_01

Hujo · Aug 27, 2008

scannaa uusi hjt:n loki

============

Mites kone toimii

De_Nitro · Aug 27, 2008

Ensin logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:37:30, on 27.8.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\program files\steam\steam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\dna Nettiturva\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\dna Nettiturva\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\dna Nettiturva\Common\FAMEH32.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\fsqh.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\dna Nettiturva\Anti-Virus\fssm32.exe
C:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe
C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
C:\Program Files\dna Nettiturva\FSAUA\program\fsus.exe
C:\Program Files\dna Nettiturva\Anti-Virus\fsav32.exe
C:\pelejä\ohjelmia\Winamp\winamp.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\pelejä\ohjelmia\nää jokku virus jutut\hijackthis_v2.0.2\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\dna Nettiturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PELEJ~1\ohjelmia\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PELEJ~1\ohjelmia\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.suomi24.fi/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127132756512
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1142344915265
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9.5/ticker.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8903 bytes

Ja sitten suoraan mesestä:
Juho sanoo:
ja laita vistin perää että iha hyvin kone pelaa
Että näin.

Hujo · Aug 27, 2008

Lataa OTMoveIt
OTMoveIt ja tallenna se työpöydällesi.

Tuplaklikkaa OTMoveIt.exe.
Klikkaa CleanUp!.
Valitse Yes kun kysytään "Begin cleanup Process?".
Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.

HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.

De_Nitro · Aug 30, 2008

Sanoi tehneesnä noin. Mitään seuraavaksi?

Log in or Sign up

Toisen Kaverin HJT-logi - lisää tarkastettavaa

De_Nitro Regular member

Hujo Guest

De_Nitro Regular member

Hujo Guest

Hujo Guest

De_Nitro Regular member

Hujo Guest

De_Nitro Regular member

Hujo Guest

De_Nitro Regular member

Hujo Guest

De_Nitro Regular member

Hujo Guest

De_Nitro Regular member

Hujo Guest

De_Nitro Regular member

Hujo Guest

De_Nitro Regular member

Share This Page

Log in or Sign up

Toisen Kaverin HJT-logi - lisää tarkastettavaa

De_Nitro Regular member

Hujo Guest

De_Nitro Regular member

Hujo Guest

Hujo Guest

De_Nitro Regular member

Hujo Guest

De_Nitro Regular member

Hujo Guest

De_Nitro Regular member

Hujo Guest

De_Nitro Regular member

Hujo Guest

De_Nitro Regular member

Hujo Guest

De_Nitro Regular member

Hujo Guest

De_Nitro Regular member

Share This Page

Useful Searches