HJT-logi, kone jumissa

Ofhold · Jul 16, 2007

Maksamaton F-secure huutaa viruksia, eikä näköjää saa niitä päivittämättömänä hoideltua, muutenki kone pahasti jumissa, sekä käynistäminen että sammuttaminen normaalia huomattavasti hitaampaa!

Logfile of HijackThis v1.99.1
Scan saved at 16:23:24, on 16.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\FarStone\RestoreIT_XP\VBPTASK.EXE
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\TEMP\win127.tmp.exe
C:\WINDOWS\mgrs.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1D3E19B3-B337-42E2-A3E9-AE3BBE3E4287} - C:\WINDOWS\system32\ddaya.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {890CFBF0-10D5-43D3-ABFD-206F7C4A2699} - C:\WINDOWS\system32\opnnklm.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\system32\oplypelh.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\FarStone\RestoreIT_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [MRT] "C:\WINDOWS\system32\MRT.exe" /R
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win127.tmp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\luargeuh.dll",forkonce
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: F-Secure 2006.lnk = C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?66cc425caaeb41de963972f02a0238a0
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?66cc425caaeb41de963972f02a0238a0
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ddaya - C:\WINDOWS\system32\ddaya.dll
O20 - Winlogon Notify: opnnklm - C:\WINDOWS\SYSTEM32\opnnklm.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: winjrs32 - winjrs32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\mtjxvcva.exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

Auttaja · Jul 16, 2007

Lataa SDFix by AndyManchesta http://downloads.andymanchesta.com/RemovalTools/SDFix.exe ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi:

* Käynnistä tietokone
* Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa
* Seuraavaksi pitäisi ilmestyä valikko
* Valitse valikosta vikasietotila.

* Tee ohjelmalle oma kansio C:\SDFix ja siirrä se sinne
* Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
* Paina Y käynnistääksesi skriptin.
* Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
* Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
* Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
* Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
* Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
* Lopuksi avaa SDFix kansio ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi

========

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

Ofhold · Jul 16, 2007

Ensimmäinen ohjelma ei toiminut kyllä ohjeitesi mukaan. Painaessa Y-tä ohjelma vain sulkeutui, eikä tapahtunut mitään. Kokeilin, sekä Esiasennetussa, että Järjestelmänvalvojan käyttäjällä, kummallakin sama homma.

Toista ohjelmaa en näin ollen alkanu vielä edes kokeilemaan.

Mistähän kiikastaa?

Auttaja · Jul 16, 2007

Ok, kokeilitko siis ajaa vikasietotilassa? hyppää tohon toiseen ohjelmaan, voi olla että siellä on joku ohjelma joka suojelee (rootkit), tai sitten jotain muuta, manuaalinen poisto käy kuitenkin. Etiäpäin.

Ofhold · Jul 18, 2007

Joo, kokeilin sekä että vikasieto ja normaalitilassa, kummallakin käyttäjistäni (esiasennettu ja järjestelmävalvoja).

Tuossa nyt tuo toinen raportti:

"Esiasennettu" - 2007-07-18 20:38:54 - ComboFix 07-07-13.8 - Service Pack 2 NTFS

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\gamsuldl.dll
C:\WINDOWS\system32\qcrhdcym.dll
C:\WINDOWS\system32\ssqqnll.dll
C:\WINDOWS\system32\vkastsmu.dll
C:\WINDOWS\system32\wvsdaxeq.dll
C:\WINDOWS\system32\ssqqnll.dll
C:\WINDOWS\system32\ayadd.bak1
C:\WINDOWS\system32\ayadd.bak2
C:\WINDOWS\system32\ayadd.ini
C:\WINDOWS\system32\mycdhrcq.ini
C:\WINDOWS\system32\umstsakv.ini
C:\WINDOWS\system32\qexadsvw.ini
C:\WINDOWS\system32\ddaya.dll
C:\WINDOWS\system32\opnnklm.dll
C:\WINDOWS\system32\opnnklm.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\Common Files\{5CD50~1
C:\WINDOWS\avp.exe
C:\WINDOWS\mgrs.exe
C:\WINDOWS\system32\mit.bat
C:\WINDOWS\system32\syswin.exe

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_DOMAINSERVICE
-------\DomainService

((((((((((((((((((((((((( Files Created from 2007-06-18 to 2007-07-18 )))))))))))))))))))))))))))))))

2007-07-18 10:40 66,624 --a------ C:\WINDOWS\system32\morlrgud.dll
2007-07-18 10:39 66,112 --a------ C:\WINDOWS\system32\rfqcnibu.exe
2007-07-17 16:06 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-17 10:36 66,624 --a------ C:\WINDOWS\system32\jhrvqjcf.dll
2007-07-17 10:33 66,112 --a------ C:\WINDOWS\system32\gqrbyetg.exe
2007-07-16 10:39 66,624 --a------ C:\WINDOWS\system32\oplypelh.dll
2007-07-16 10:32 66,112 --a------ C:\WINDOWS\system32\mipfmaed.exe
2007-07-15 20:38 9,226 --a------ C:\cc_20070715_2038.reg
2007-07-15 10:32 66,624 --a------ C:\WINDOWS\system32\enrrfrvr.dll
2007-07-15 10:29 66,112 --a------ C:\WINDOWS\system32\wpekprtc.exe
2007-07-14 00:21 66,112 --a------ C:\WINDOWS\system32\vylsirwp.exe
2007-07-14 00:21 66,112 --a------ C:\WINDOWS\system32\txtavcbc.exe
2007-07-11 16:07 66,624 --a------ C:\WINDOWS\system32\xldpumxw.dll
2007-07-11 16:06 66,112 --a------ C:\WINDOWS\system32\vdnoqwjr.exe
2007-07-10 21:58 66,624 --a------ C:\WINDOWS\system32\ggjutgfu.dll
2007-06-30 12:27 <KANSIO> d-------- C:\CloneDVDTemp
2007-06-30 12:00 <KANSIO> d-------- C:\Program Files\UltraISO
2007-06-30 12:00 <KANSIO> d-------- C:\Program Files\Common Files\EZB Systems
2007-06-30 11:56 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Elaborate Bytes
2007-06-30 11:55 <KANSIO> d-------- C:\Program Files\Elaborate Bytes
2007-06-27 23:43 2,980 --a------ C:\cc_20070627_2343.reg
2007-06-21 16:33 <KANSIO> d-------- C:\WINDOWS\Internet Logs
2007-06-21 13:54 <KANSIO> d-------- C:\Program Files\Lavasoft
2007-06-19 21:14 1,083 --a------ C:\cc_20070619_2114.reg

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-18 17:55:02 -------- d-----w C:\Program Files\Steam
2007-07-17 19:13:20 -------- d-----w C:\DOCUME~1\ESIASE~1\APPLIC~1\uTorrent
2007-07-17 19:13:12 -------- d-----w C:\Program Files\RevConnect
2007-07-08 18:45:54 -------- d-----w C:\Program Files\World of Warcraft
2007-07-08 08:16:37 -------- d-----w C:\Program Files\mIRC
2007-07-07 07:05:07 -------- d-----w C:\Program Files\SpywareBlaster
2007-07-04 17:47:53 -------- d-----w C:\Program Files\EA GAMES
2007-06-30 09:25:09 -------- d-----w C:\DOCUME~1\ESIASE~1\APPLIC~1\dvdcss
2007-06-26 14:16:53 -------- d-----w C:\Program Files\AviSynth 2.5
2007-06-21 10:54:20 -------- d-----w C:\DOCUME~1\ESIASE~1\APPLIC~1\Lavasoft
2007-06-21 09:04:23 -------- d-----w C:\Program Files\F-Secure Internet Security
2007-06-21 09:00:34 1,187,840 ----a-w C:\WINDOWS\system32\winsflt.dll
2007-06-19 15:35:54 49,894 ----a-w C:\WINDOWS\system32\perfc00B.dat
2007-06-19 15:35:54 287,860 ----a-w C:\WINDOWS\system32\perfh00B.dat
2007-06-17 16:12:36 9,062 ----a-w C:\cc_20070617_1912.reg
2007-06-16 10:22:10 -------- d-----w C:\Program Files\Microsoft Games
2007-06-10 19:07:23 -------- d-----w C:\Program Files\MSN Messenger
2007-06-10 18:56:11 -------- d-----w C:\Program Files\Messenger
2007-06-10 18:43:34 -------- d-----w C:\Program Files\Windows Live Toolbar
2007-06-09 20:02:16 -------- d-----w C:\Program Files\Winamp
2007-05-19 20:08:25 86,016 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll
2007-05-16 15:14:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-29 11:46:17 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-04-25 14:22:38 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2005-09-23 21:12 63136 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2006-11-09 16:21 440056 --a------ C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-08-31 21:33 322368 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
2006-09-27 17:45 544032 --a------ C:\Program Files\Windows Live Toolbar\msntb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-01-08 21:54 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 08:15]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 20:42]
"RestoreIT!"="C:\Program Files\FarStone\RestoreIT_XP\VBPTASK.exe" [2003-07-18 10:05]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 18:05]
"F-Secure Manager"="C:\Program Files\F-Secure Internet Security\Common\FSM32.exe" [2005-10-26 04:51]
"F-Secure TNB"="C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" [2005-07-18 17:51]
"F-Secure Startup Wizard"="C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.exe" [2005-10-18 11:29]
"News Service"="C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe" [2005-05-31 15:45]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-01-03 16:54]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [2007-02-16 11:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-02 16:24]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"Steam"="c:\program files\steam\steam.exe" [2007-06-30 11:16]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"none"=C:\Program Files\Video ActiveX Object\pmsngr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 17:13]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjrs32]
winjrs32.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bdaac54-758b-11da-b1aa-806d6172696f}]
AutoRun\command- E:\Autorun.exe

Contents of the 'Scheduled Tasks' folder
2007-07-12 14:19:02 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-18 07:36:12 C:\WINDOWS\tasks\Scheduled scanning task.job
2007-07-18 17:39:09 C:\WINDOWS\tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-18 20:53:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-18 20:58:23 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-18 20:58

--- E O F ---

Hujo · Jul 18, 2007

ja hjt loki myös

Lataa VundoFix.exe työpöydällesi.

Tupla-klikkaa VundoFix.exe ajaaksesi sen.
Klikkaa Scan for Vundo valintaa.
Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
Sinulta kysytään haluatko poistaa filut - klikkaa YES.
Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

================

Javan päivitys ja välimuistin tyhjennys:

1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä:

3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..
5. Käynnistä kone uudelleen asennuksen jälkeen:

http://java.sun.com/javase/downloads/index.jsp

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u2

Paina Download

Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se.

6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).

7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Varmista että kaikki kaksi valintaa ovat rastitettuja:

*Applications and Applets

*Trace and Log Files

Ja paina OK -nappia

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.

10. Klikkaa OK jättääksesi Java asetusikkunasi.

===================

Lataa tuolta http://www.ccleaner.com/download/builds.aspx
CCleaner v1.41.544 - Basic, ÄLÄ aseenna Yahoo toolbaria!

laita asetukset näin:
Valinnat --> Lisäasetukset --> Ota ruksi pois kohdasta Poista vain yli 48 tuntia vanhat tilapäistiedostot.

aja Puhdistaja > tutki nappi > aja ccleaner nappi oikea alakulma
aja Virheet > etsi rekisteri virheitä nappi > Korjaa rekisteri virheet. nappi

Ofhold · Jul 19, 2007

Logfile of HijackThis v1.99.1
Scan saved at 16:58:03, on 19.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\FarStone\RestoreIT_XP\VBPTASK.EXE
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\FarStone\RestoreIT_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: F-Secure 2006.lnk = C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?66cc425caaeb41de963972f02a0238a0
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?66cc425caaeb41de963972f02a0238a0
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: winjrs32 - winjrs32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

**********************************************************************

VundoFix V6.5.6

Checking Java version...

Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 16:19:49 19.7.2007

Listing files found while scanning....

C:\windows\system32\enrrfrvr.dll
C:\windows\system32\ggjutgfu.dll
C:\windows\system32\jhrvqjcf.dll
C:\windows\system32\morlrgud.dll
C:\windows\system32\oplypelh.dll
C:\windows\system32\xldpumxw.dll

Beginning removal...

Attempting to delete C:\windows\system32\enrrfrvr.dll
C:\windows\system32\enrrfrvr.dll Has been deleted!

Attempting to delete C:\windows\system32\ggjutgfu.dll
C:\windows\system32\ggjutgfu.dll Has been deleted!

Attempting to delete C:\windows\system32\jhrvqjcf.dll
C:\windows\system32\jhrvqjcf.dll Has been deleted!

Attempting to delete C:\windows\system32\morlrgud.dll
C:\windows\system32\morlrgud.dll Has been deleted!

Attempting to delete C:\windows\system32\oplypelh.dll
C:\windows\system32\oplypelh.dll Has been deleted!

Attempting to delete C:\windows\system32\xldpumxw.dll
C:\windows\system32\xldpumxw.dll Has been deleted!

Performing Repairs to the registry.
Done!

Hujo · Jul 19, 2007

scannaa hjt:llä merkkaa paina Fix checked

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: winjrs32 - winjrs32.dll (file missing)

==========================

Poista lisää poista sovelutuksesta nuo java versiot

Java version is 1.5.0.5
Java version is 1.5.0.10

=================

Lataa Dr.Web CureIt työpöydälle:

Tuplaklikkaa drweb-cureit.exe ja anna sen tehdä express scan
Se skannaa käynnissä olevat ohjelmat ja jos jotain löytyy, klikkaa yes kun se kysyy haluatko poistaa sen. Tämä on vain lyhyt scan.
Kun scan on valmis, merkkaa asemat, jotka haluat scannata.
Valitse kaikki asemat. Punainen piste osoittaa, mitkä asemat on valittu.
Klikaa vihreää nuolta oikealla ja scan alkaa.
Klikkaa 'Yes to all', jos kysytään haluatko poistaa/siirtää tiedoston.
Kun scan on valmis, katso voitko klikata next-kuvaketta löytyneiden tiedostojen vieressä:
Jos asia on niin, klikkaa sitä ja sitten klikkaa next-kuvaketta oikealla alhaalla ja valitse Move incurable kuten alla olevalla kuvassa:

Tämä siirtää sen %userprofile%\DoctorWeb\quarantine-hakemistoon.
Tämän jälkeen klikkaa Dr.Web CureIt-valikossa file ja valitse save report list
Tallenna raportti työpöydälle. Raportin nimi on DrWeb.csv
Sulje Dr.Web Cureit.
Käynnistä kone uudelleen !! Tämä siksi, että käytössä olevat tiedostot poistetaan/siirretään käynnistyksen yhteydessä.
Käynnistyksen jälkeen liitä Dr.Web-lokin, jonka tallensit aiemmin, sisältö seuraavaan vastaukseesi.

ZZZorro · Jul 20, 2007

2007-07-18 10:40 66,624 --a------ C:\WINDOWS\system32\morlrgud.dll
2007-07-18 10:39 66,112 --a------ C:\WINDOWS\system32\rfqcnibu.exe
2007-07-17 10:36 66,624 --a------ C:\WINDOWS\system32\jhrvqjcf.dll
2007-07-17 10:33 66,112 --a------ C:\WINDOWS\system32\gqrbyetg.exe
2007-07-16 10:39 66,624 --a------ C:\WINDOWS\system32\oplypelh.dll
2007-07-16 10:32 66,112 --a------ C:\WINDOWS\system32\mipfmaed.exe
2007-07-15 10:32 66,624 --a------ C:\WINDOWS\system32\enrrfrvr.dll
2007-07-15 10:29 66,112 --a------ C:\WINDOWS\system32\wpekprtc.exe
2007-07-14 00:21 66,112 --a------ C:\WINDOWS\system32\vylsirwp.exe
2007-07-14 00:21 66,112 --a------ C:\WINDOWS\system32\txtavcbc.exe
2007-07-11 16:07 66,624 --a------ C:\WINDOWS\system32\xldpumxw.dll
2007-07-11 16:06 66,112 --a------ C:\WINDOWS\system32\vdnoqwjr.exe
2007-07-10 21:58 66,624 --a------ C:\WINDOWS\system32\ggjutgfu.dll

Et ajatellut hujo noita poistatuttaa? (Cfscriptill vaikka)

Ofhold · Jul 21, 2007

Tuomosia JAVOJA ei löydy Lisää Poista Sovelluksesta? ..

*************************************************************

MiniBugTransporter.dll C:\Program Files\Common Files\Real\WeatherBug Adware.Minibug Incurable.Moved.
mirc.exe C:\Program Files\mIRC Program.mIRC.621 Incurable.Moved.
npclntax.dll C:\Program Files\Mozilla Firefox\plugins Adware.Zango Incurable.Moved.
avp.exe.vir C:\QooBox\Quarantine\C\WINDOWS Trojan.DownLoader.25873 Deleted.
mgrs.exe.vir C:\QooBox\Quarantine\C\WINDOWS Trojan.DownLoader.25873 Deleted.
ddaya.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod Deleted.
gamsuldl.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod Deleted.
opnnklm.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod Deleted.
qcrhdcym.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod Deleted.
ssqqnll.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod Deleted.
syswin.exe.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.DownLoader.28163 Incurable.Moved.
vkastsmu.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod Deleted.
wvsdaxeq.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod Deleted.
Process.exe C:\SmitfraudFix\SmitfraudFix Tool.Prockill Incurable.Moved.
restart.exe C:\SmitfraudFix\SmitfraudFix Tool.ShutDown.11 Incurable.Moved.
A0194587.exe C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP548 Trojan.DownLoader.26563 Deleted.
A0194588.exe C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP548 Trojan.Mezzia.68 Deleted.
A0194589.exe C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP548 Trojan.Virtumod Deleted.
A0194619.exe C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP548 Trojan.DownLoader.25873 Deleted.
A0195605.exe C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP548 Trojan.Click.2799 Deleted.
A0195606.exe C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP548 Trojan.DownLoader.26570 Deleted.
A0195659.exe C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP549 Trojan.DownLoader.25873 Deleted.
A0196644.exe C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP549 Trojan.DownLoader.26570 Deleted.
A0196661.exe C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP549 Trojan.DownLoader.25873 Deleted.
A0196754.exe C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP549 Trojan.DownLoader.25873 Deleted.
A0196760.exe C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP549 Trojan.EzulaAd Deleted.
A0197778.dll C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP550 Trojan.Virtumod Deleted.
A0198799.dll C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP550 Trojan.Virtumod Deleted.
A0198800.exe C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP550 Trojan.DownLoader.26570 Deleted.
A0198862.exe C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP551 Trojan.DownLoader.25873 Deleted.
A0199862.exe C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP551 Trojan.DownLoader.26570 Deleted.
A0199863.dll C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP551 Trojan.Virtumod Deleted.
A0199864.exe C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP551 Trojan.DownLoader.25873 Deleted.
A0199865.exe C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP551 Trojan.DownLoader.26570 Deleted.
A0199866.dll C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP551 Trojan.Virtumod Deleted.
A0200892.exe C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP551 Trojan.DownLoader.28163 Incurable.Moved.
A0200893.exe C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP551 Trojan.DownLoader.26570 Deleted.
A0200894.dll C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP551 Trojan.Virtumod Deleted.
A0201957.dll C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP552 Trojan.Virtumod Deleted.
A0201958.exe C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP552 Trojan.DownLoader.26570 Deleted.
A0202084.exe C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP554 Trojan.DownLoader.28163 Incurable.Moved.
A0203069.dll C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP555 Trojan.Virtumod Deleted.
A0203070.exe C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP555 Trojan.DownLoader.26570 Deleted.
A0203110.exe C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP555 Trojan.DownLoader.26570 Deleted.
A0203111.dll C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP555 Trojan.Virtumod Deleted.
A0203134.exe C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP555 Trojan.DownLoader.28163 Incurable.Moved.
A0203184.exe C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP555 Trojan.DownLoader.28163 Incurable.Moved.
A0204169.dll C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP555 Trojan.Virtumod Deleted.
A0204193.exe C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP555 Trojan.DownLoader.28163 Incurable.Moved.
A0204269.exe C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP555 Tool.Prockill Incurable.Moved.
A0204321.exe C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP555 Trojan.DownLoader.28163 Incurable.Moved.
A0204332.exe C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP555 Trojan.DownLoader.26570 Deleted.
A0204333.dll C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP555 Trojan.Virtumod Deleted.
A0204357.exe C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP556 Trojan.DownLoader.28163 Incurable.Moved.
A0205332.exe C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP556 Trojan.Click.2799 Deleted.
A0205376.exe C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP556 Trojan.DownLoader.28163 Incurable.Moved.
A0205382.exe C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP556 Trojan.DownLoader.26570 Deleted.
A0205467.exe C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP557 Trojan.DownLoader.25873 Deleted.
A0205468.exe C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP557 Trojan.DownLoader.25873 Deleted.
A0205469.exe C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP557 Trojan.DownLoader.28163 Incurable.Moved.
A0205470.dll C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP557 Trojan.Virtumod Deleted.
A0205471.dll C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP557 Trojan.Virtumod Deleted.
A0205472.dll C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP557 Trojan.Virtumod Deleted.
A0205473.dll C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP557 Trojan.Virtumod Deleted.
A0205474.dll C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP557 Trojan.Virtumod Deleted.
A0205478.dll C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP557 Trojan.Virtumod Deleted.
A0205479.dll C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP557 Trojan.Virtumod Deleted.
A0205577.dll C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP557 Trojan.Virtumod Deleted.
A0205578.dll C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP557 Trojan.Virtumod Deleted.
A0205579.dll C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP557 Trojan.Virtumod Deleted.
A0205580.dll C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP557 Trojan.Virtumod Deleted.
A0205581.dll C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP557 Trojan.Virtumod Deleted.
A0205582.dll C:\System Volume Information\_restore{FD2D4F41-EBA8-4A31-B9BA-64643198D47D}\RP557 Trojan.Virtumod Deleted.
enrrfrvr.dll.bad C:\VundoFix Backups Trojan.Virtumod Deleted.
ggjutgfu.dll.bad C:\VundoFix Backups Trojan.Virtumod Deleted.
jhrvqjcf.dll.bad C:\VundoFix Backups Trojan.Virtumod Deleted.
morlrgud.dll.bad C:\VundoFix Backups Trojan.Virtumod Deleted.
oplypelh.dll.bad C:\VundoFix Backups Trojan.Virtumod Deleted.
xldpumxw.dll.bad C:\VundoFix Backups Trojan.Virtumod Deleted.
gqrbyetg.exe C:\WINDOWS\system32 Trojan.Virtumod Deleted.
mipfmaed.exe C:\WINDOWS\system32 Trojan.Virtumod Deleted.
rfqcnibu.exe C:\WINDOWS\system32 Trojan.Virtumod Deleted.
txtavcbc.exe C:\WINDOWS\system32 Trojan.Virtumod Deleted.
vdnoqwjr.exe C:\WINDOWS\system32 Trojan.Virtumod Deleted.
vylsirwp.exe C:\WINDOWS\system32 Trojan.Virtumod Deleted.
wpekprtc.exe C:\WINDOWS\system32 Trojan.Virtumod Deleted.

**************************************************************

Logfile of HijackThis v1.99.1
Scan saved at 11:39:58, on 21.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\FarStone\RestoreIT_XP\VBPTASK.EXE
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Winamp\Winamp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\FarStone\RestoreIT_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: F-Secure 2006.lnk = C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?66cc425caaeb41de963972f02a0238a0
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?66cc425caaeb41de963972f02a0238a0
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

Hujo · Jul 24, 2007

Lataa tuolta http://www.ccleaner.com/download/builds.aspx
CCleaner v1.41.544 - Basic, ÄLÄ aseenna Yahoo toolbaria!

laita asetukset näin:
Valinnat --> Lisäasetukset --> Ota ruksi pois kohdasta Poista vain yli 48 tuntia vanhat tilapäistiedostot.

aja Puhdistaja > tutki nappi > aja ccleaner nappi oikea alakulma
aja Virheet > etsi rekisteri virheitä nappi > Korjaa rekisteri virheet. nappi

===============

1. Klikkaa käynnistä > Oma tietokone oikean puoleisella hiiren napilla
2. Valitse ominaisuudet
3. Valitse järjestelmän palauttaminen välilehti
4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa
5. Paina Käytä
6. Paina ok
7. Sammuta ja käynnistä
8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa
9. Käytä ja OK

=================

Ofhold · Jul 27, 2007

Ohjeittein mukaan toimittu!

"Detecting IDE drives warning! Some changes in chipset or clock settings caused boot failure. Defaults for these settings have been loaded.....

PRESS F1 to contiunue ...."

Mitäs tämä meinaa, kun joskus kone ei suostu käynistymään ennnen F1 - painallusta.. ?

Kiitoksia taasen paljon! Taian olla joululahjan velkaa!

Hujo · Jul 28, 2007

Mitäs tämä meinaa, kun joskus kone ei suostu käynistymään ennnen F1 - painallusta.. ?
Click to expand...

Onkos sitä käyty muutelemassa jotain biosin puolelta ?

Ofhold · Jul 28, 2007

Pahoittelen, en ymmärtänyt?

Hujo · Jul 28, 2007

Some changes in chipset or clock settings caused boot failure.
Click to expand...

Tuo kertois vähän semoista että olis biosia muuteltu

chipset tuo taas on biosissa tai
clock kello onkos se oikeassa ajassa

Log in or Sign up

HJT-logi, kone jumissa

Ofhold Member

Auttaja Guest

Ofhold Member

Auttaja Guest

Ofhold Member

Hujo Guest

Ofhold Member

Hujo Guest

ZZZorro Guest

Ofhold Member

Hujo Guest

Ofhold Member

Hujo Guest

Ofhold Member

Hujo Guest

Share This Page

Log in or Sign up

HJT-logi, kone jumissa

Ofhold Member

Auttaja Guest

Ofhold Member

Auttaja Guest

Ofhold Member

Hujo Guest

Ofhold Member

Hujo Guest

ZZZorro Guest

Ofhold Member

Hujo Guest

Ofhold Member

Hujo Guest

Ofhold Member

Hujo Guest

Share This Page

Useful Searches