Hjt-logi ultimate defender koneella

Manu1985 · Nov 17, 2007

voisko joku viisaampi kattoo ja kiitokset jo etukäteen!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:16:09, on 17.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\SecCenter\scprot4.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ICQPlus\vplus.exe
C:\Program Files\Widcomm\Bluetooth Software\BTTray.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\Widcomm\Bluetooth Software\BTStackServer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {200D0AAD-71B1-51C9-DDB0-092BA4662A54} - C:\Program Files\Rqlnwgpv\mlolknkp.dll
O2 - BHO: (no name) - {2C80EAD3-74CD-4700-83A4-AA878CD1C03C} - C:\WINDOWS\system32\efcbxwv.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [wpyvezcx] rundll32.exe "C:\Program Files\hwpulids\fofyhipa.dll",Init
O4 - HKLM\..\Run: [lebkdchi] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\lebkdchi.dll"
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ Plus] "C:\Program Files\ICQPlus\vplus.exe"
O4 - HKCU\..\Run: [UltimateDefender.install] "C:\WINDOWS\system32\fibagbia\fibagbia2.exe" continue
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - ?p=ZCfox000
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.EXE
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15007/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1098972051182
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712...com/downloads/player/Install2.5/Installer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15008/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - Winlogon Notify: efcbxwv - efcbxwv.dll (file missing)
O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe (file missing)

--
End of file - 11184 bytes

kalminen · Nov 20, 2007

Tarviitko vielä apuja, jos niin:
Lataa VundoFix.exe työpöydällesi.

Tupla-klikkaa VundoFix.exe ajaaksesi sen.

Klikkaa Scan for Vundo valintaa.

Kun skannaus on valmis, klikkaa Remove Vundo valintaa.

Sinulta kysytään haluatko poistaa filut - klikkaa YES.

Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.

Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.

Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

Lähetä:
C:\vundofix.txt ja uusi HJT:n logi

Manu1985 · Nov 21, 2007

täss olis uus hjt-logi ku vundo fix ei löytäny mitään enkä saanu siit mitää logii.. kiitos vaivan näöstä

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:36:44, on 21.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ICQPlus\vplus.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\Widcomm\Bluetooth Software\BTTray.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Widcomm\Bluetooth Software\BTStackServer.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {200D0AAD-71B1-51C9-DDB0-092BA4662A54} - C:\Program Files\Ulawxbzv\ejnjwywg.dll (file missing)
O2 - BHO: (no name) - {2C80EAD3-74CD-4700-83A4-AA878CD1C03C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [wpyvezcx] rundll32.exe "C:\Program Files\hwpulids\fofyhipa.dll",Init
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ Plus] "C:\Program Files\ICQPlus\vplus.exe"
O4 - HKCU\..\Run: [UltimateDefender.install] "C:\WINDOWS\system32\fibagbia\fibagbia2.exe" continue
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.EXE
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15007/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1098972051182
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712...com/downloads/player/Install2.5/Installer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15008/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - Winlogon Notify: efcbxwv - efcbxwv.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe (file missing)

--
End of file - 10613 bytes

kalminen · Nov 21, 2007

Kyllä sieltä lähti Vundo.
Tämä vaihtaa nimeä joka Bootissa
200D0AAD-71B1-51C9-DDB0-092BA4662A54 ei tätä clsidtä.

Lataa VirtuMundo Begone: TÄÄLTÄ
Työpöydälle ja aja tuottaa VBG.TXT login.
------------------------
Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {200D0AAD-71B1-51C9-DDB0-092BA4662A54} - C:\Program Files\Ulawxbzv\ejnjwywg.dll (file missing)
O2 - BHO: (no name) - {2C80EAD3-74CD-4700-83A4-AA878CD1C03C} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [wpyvezcx] rundll32.exe "C:\Program Files\hwpulids\fofyhipa.dll",Init
O4 - HKCU\..\Run: [UltimateDefender.install] "C:\WINDOWS\system32\fibagbia\fibagbia2.exe" continue
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b...5/Installer.exe
O20 - Winlogon Notify: efcbxwv - efcbxwv.dll (file missing)

-----------------------------
Mene Windowsin ControlPaneliin (Ohjauspaneli) ja sieltä Lisää / Poista sovellus
Vistassa Ohjelmat ja toiminnot
Etsi ja poista ohjelma jonka nimessä on:

UltimateDefender

jatka löytyi tai ei:

Käynnistä kone vikasietotilaan => OHJE
Laita piilotiedostot näkyviin =>vikasiedossa OHJE
Poista seuraava kansio:
C:\WINDOWS\system32\fibagbia\
Käynnistä kone normaalitilaan.
-----------------------------
Tyhjennä roskakori.

Postita tänne seuraavat lokit:

* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* VBG.TXT login
*

Manu1985 · Nov 21, 2007

Tässä olis nyt nää logit:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:17:27, on 21.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ICQPlus\vplus.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\Widcomm\Bluetooth Software\BTTray.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Widcomm\Bluetooth Software\BTStackServer.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ Plus] "C:\Program Files\ICQPlus\vplus.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.EXE
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15007/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1098972051182
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15008/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe (file missing)

--
End of file - 9367 bytes

ja toinen:

[11/21/2007, 20:57:05] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Miia\Työpöytä\VirtumundoBeGone.exe" )
[11/21/2007, 20:57:19] - Detected System Information:
[11/21/2007, 20:57:19] - Windows Version: 5.1.2600, Service Pack 2
[11/21/2007, 20:57:19] - Current Username: Miia (Admin)
[11/21/2007, 20:57:19] - Windows is in NORMAL mode.
[11/21/2007, 20:57:19] - Searching for Browser Helper Objects:
[11/21/2007, 20:57:19] - BHO 1: {200D0AAD-71B1-51C9-DDB0-092BA4662A54} ()
[11/21/2007, 20:57:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/21/2007, 20:57:19] - Checking for HKLM\...\Winlogon\Notify\ejnjwywg
[11/21/2007, 20:57:19] - Key not found: HKLM\...\Winlogon\Notify\ejnjwywg, continuing.
[11/21/2007, 20:57:19] - BHO 2: {2C80EAD3-74CD-4700-83A4-AA878CD1C03C} ()
[11/21/2007, 20:57:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/21/2007, 20:57:19] - No filename found. Continuing.
[11/21/2007, 20:57:19] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/21/2007, 20:57:19] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/21/2007, 20:57:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/21/2007, 20:57:19] - No filename found. Continuing.
[11/21/2007, 20:57:19] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[11/21/2007, 20:57:19] - Finished Searching Browser Helper Objects
[11/21/2007, 20:57:19] - Finishing up...
[11/21/2007, 20:57:19] - Nothing found! Exiting...

kalminen · Nov 21, 2007

Oikein hienoa se oli VM-Begone (harvinainen)
F-Scure on niin hyvä, että se ei kaipaa kilpailijoita.
Sun pitäis sammuttaa AVG7 (sotkevat toistensa hommia pahasti:
Mene alapalkista KÄYNNISTÄ ==> SUORITA valikkoon ja kirjoita services.msc OK
Klikkaa Avautuva ikkuna suureksi ja ohjelma saraketta levität niin että näkyy kaikki.
Etsi
AVG7 Alert Manager Server
AVG7 Update Service
Klikkaa rivi aktiiviseksi ja
Hiiren oikealla napilla pääset ko. riviltä valikkoon ==> Ominaisuudet/Propertiers
josta muutat Ei käytössä. => Klikkaa käytä => OK Tämän lisäksi klikkaat vasemmalla
puolella olevaa linkkiä Pysäytä palvelu .
Tee molemmille riveille sama.
------------------------
Varmistetaan:
Toimii ainoastaan Explorerilla ==> salli ActiveX
Skannaa koneesi Kaspersky Online Skannerilla

Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.
* Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
* Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
* Klikkaa nyt asetuksia, Scan Settings
* Tarkista asetuksista, että seuraavat ovat valittuina:

o Scan using the following Anti-Virus database:

+ Extended (Jos valittavissa, muuten valitse Standard)

o Scan Options:

+ Scan Archives
+ Scan Mail Bases

* Klikkaa OK
* Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
* Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
* Klikkaa nyt Save as Text-painiketta.
* Tallenna tiedosto työpöydällesi.
* Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi.
-------------------------
Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ICQ Plus] "C:\Program Files\ICQPlus\vplus.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:

* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* Kaperskyn raportti
* Miltä kone tuntuu ???

Manu1985 · Nov 22, 2007

Sain tehtyä noi ja tässä olis nää logit:

KASPERSKY ONLINE SCANNER REPORT
Thursday, November 22, 2007 6:18:26 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 22/11/2007
Kaspersky Anti-Virus database records: 464099
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
Scan Statistics
Total number of scanned objects 49483
Number of viruses found 9
Number of infected objects 19
Number of suspicious objects 0
Duration of the scan process 01:20:11

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Miia\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Miia\DoctorWeb\Quarantine\A0171715.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Documents and Settings\Miia\DoctorWeb\Quarantine\A0171718.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Documents and Settings\Miia\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Miia\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Miia\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Miia\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Miia\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Miia\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Miia\Omat tiedostot\Omat musiikkitiedostot\SEKALAISTA\02 Track 2.wma Infected: Trojan-Downloader.WMA.Wimad.k skipped
C:\Documents and Settings\Miia\Omat tiedostot\Omat musiikkitiedostot\SEKALAISTA\Top of Charts - 2003.wma Infected: Trojan-Downloader.WMA.Wimad.k skipped
C:\Documents and Settings\Miia\Omat tiedostot\Omat musiikkitiedostot\SEKALAISTA\TOTALLY HIP TRACK.wma Infected: Trojan-Downloader.WMA.Wimad.k skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\cache.dat Object is locked skipped
C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\L0000006.FCS Object is locked skipped
C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\storydb.idx Object is locked skipped
C:\Program Files\F-Secure\Common\policy.ipf Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{CFE506D7-9AB2-44E3-A9DA-6441BFD25AD7}\RP482\A0167453.exe/data.rar/crack.exe Infected: Trojan.Win32.Agent.ctk skipped
C:\System Volume Information\_restore{CFE506D7-9AB2-44E3-A9DA-6441BFD25AD7}\RP482\A0167453.exe/data.rar/serial.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{CFE506D7-9AB2-44E3-A9DA-6441BFD25AD7}\RP482\A0167453.exe/data.rar/install.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{CFE506D7-9AB2-44E3-A9DA-6441BFD25AD7}\RP482\A0167453.exe/data.rar Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{CFE506D7-9AB2-44E3-A9DA-6441BFD25AD7}\RP482\A0167453.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{CFE506D7-9AB2-44E3-A9DA-6441BFD25AD7}\RP483\A0168479.exe Infected: Trojan-Downloader.Win32.Agent.eke skipped
C:\System Volume Information\_restore{CFE506D7-9AB2-44E3-A9DA-6441BFD25AD7}\RP483\A0169479.dll Object is locked skipped
C:\System Volume Information\_restore{CFE506D7-9AB2-44E3-A9DA-6441BFD25AD7}\RP483\A0169490.exe Infected: not-a-virus:AdWare.Win32.SafeSurfing.aa skipped
C:\System Volume Information\_restore{CFE506D7-9AB2-44E3-A9DA-6441BFD25AD7}\RP485\A0171637.exe/data.rar/crack.exe Infected: Trojan.Win32.Agent.ctk skipped
C:\System Volume Information\_restore{CFE506D7-9AB2-44E3-A9DA-6441BFD25AD7}\RP485\A0171637.exe/data.rar/serial.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{CFE506D7-9AB2-44E3-A9DA-6441BFD25AD7}\RP485\A0171637.exe/data.rar/install.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{CFE506D7-9AB2-44E3-A9DA-6441BFD25AD7}\RP485\A0171637.exe/data.rar Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{CFE506D7-9AB2-44E3-A9DA-6441BFD25AD7}\RP485\A0171637.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{CFE506D7-9AB2-44E3-A9DA-6441BFD25AD7}\RP485\A0171654.dll Object is locked skipped
C:\System Volume Information\_restore{CFE506D7-9AB2-44E3-A9DA-6441BFD25AD7}\RP487\A0173854.dll Object is locked skipped
C:\System Volume Information\_restore{CFE506D7-9AB2-44E3-A9DA-6441BFD25AD7}\RP487\A0173855.dll Object is locked skipped
C:\System Volume Information\_restore{CFE506D7-9AB2-44E3-A9DA-6441BFD25AD7}\RP487\A0173856.dll Object is locked skipped
C:\System Volume Information\_restore{CFE506D7-9AB2-44E3-A9DA-6441BFD25AD7}\RP487\A0173857.dll Object is locked skipped
C:\System Volume Information\_restore{CFE506D7-9AB2-44E3-A9DA-6441BFD25AD7}\RP487\A0173862.dll Object is locked skipped
C:\System Volume Information\_restore{CFE506D7-9AB2-44E3-A9DA-6441BFD25AD7}\RP487\A0173898.exe Object is locked skipped
C:\System Volume Information\_restore{CFE506D7-9AB2-44E3-A9DA-6441BFD25AD7}\RP488\A0173940.exe Infected: not-a-virus:FraudTool.Win32.UltimateDefender.v skipped
C:\System Volume Information\_restore{CFE506D7-9AB2-44E3-A9DA-6441BFD25AD7}\RP488\A0173941.exe Infected: not-a-virusownloader.Win32.UltimateFix.d skipped
C:\System Volume Information\_restore{CFE506D7-9AB2-44E3-A9DA-6441BFD25AD7}\RP488\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\fsgk32.log Object is locked skipped
C:\WINDOWS\fssm32.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.

ja hjt:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:29:11, on 22.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Widcomm\Bluetooth Software\BTTray.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\Widcomm\Bluetooth Software\BTStackServer.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.EXE
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15007/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1098972051182
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15008/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe (file missing)

--
End of file - 8644 bytes

ja sitten program files kansiossa outoja kansioita:

-Gwfvzjhd

-Hqwvstsx

-hwpulids

-Ultimate Defender

nimiset kansiot ovat kuitenkin tyhjiä

Manu1985 · Nov 22, 2007

ja unohtu laittaa et kone toimii jo paremmin..
ei enää mee googlesta suoraa minnekkään porno sivuille jne.

kalminen · Nov 22, 2007

Tämä näyttää jo aika hyvältä:

Poista seuraavat kansiot:
C:\Documents and Settings\Miia\DoctorWeb\Quarantine\
C:\Program Files\Gwfvzjhd
C:\Program Files\Hqwvstsx
C:\Program Files\hwpulids
C:\Program Files\Ultimate Defender

Poista nämä WMA tiedostot:
C:\Documents and Settings\Miia\Omat tiedostot\Omat musiikkitiedostot\SEKALAISTA\02 Track 2.wma
C:\Documents and Settings\Miia\Omat tiedostot\Omat musiikkitiedostot\SEKALAISTA\Top of Charts - 2003.wma
C:\Documents and Settings\Miia\Omat tiedostot\Omat musiikkitiedostot\SEKALAISTA\TOTALLY HIP TRACK.wma
----------------------------
Suorita:
Tässä ohjeet kuinka System Restore (Järjestelmän palautuspiste) puhdistetaan. Windows XP:ssä

* Klikkaa hiiren oikealla napilla käynnistävalikon My Computer- tai oma tietokone-kuvaketta
* Valitse Properties/ominaisuudet (Järjestelmä)
* Valitse System Restore/järjestelmän palauttaminen välilehti
* Laita ruxi "Turn off System Restore"/poista järjestelmän palauttaminen kaikissa asemissa
* Paina Apply/käytä
* Paina OK
* Käynnistä Tietokoneesi uudelleen

* Laita System Restore taas päälle Kohdassa 4 ruxsi pois ruudusta.=> käytä => OK.

* Mene Käynnistä => Suorita ja kopioi laatikkoon %SystemRoot%\system32\restore\rstrui.exe => OK
Laita täppi kohtaan Luo palautuspiste => Seuraava
toimi ohjeiden mukaan.
----------------------------------
Serviisit pysätyi (hyvä) nämä unohdin SRI
Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Paikallinen palve')

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:

* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* Miltä nyt kone tuntuu ???

kalminen · Nov 22, 2007

PS.
Muistuta että laitetaan HOSTS ja SW-Blaster.

Manu1985 · Nov 22, 2007

Moikka tässä olis nyt uus hjt-logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:21:36, on 23.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\Widcomm\Bluetooth Software\BTTray.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\Widcomm\Bluetooth Software\BTStackServer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.EXE
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15007/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1098972051182
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15008/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe (file missing)

--
End of file - 8478 bytes

ja sitten olis vielä tällanen, ku spybotti löysi tällasii örkkei:

Microsoft.WindowsSecurityCenter.AntiVirusOverride
(SBI $3604910C) Asetukset
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride

Virtumonde
(SBI $0FB400C8)Asetukset
HKEY_USERS\S-1-5-21-448539723-1897051121-725345543-1003\Software\wkey

Virtumonde
(SBI $3BE84E58)Asetukset
HKEY_USERS\S-1-5-21-448539723-1897051121-725345543-1003\Software\mwc

aattelin laittaa ku toi antivirusoverride oli varsinainen syy siihen et oli toi avg ton f-securen kanssa ku security center ilmotti et ei virusohjelmaa tai sitä ei löydy ja sit joku varoitus backweb ja muuta en sit muista mut ei kai ihan normaalii?
kiitos kuitenkin vaivan näöstäsi on ollut paljon apua tähän asti!

kalminen · Nov 23, 2007

Rekisteri merkintöjä ovat (2 alinta luultavasti vanhoja)

Ota ensin rekisteristä näin varmuuskopio:

Alapalkista > Käynnistä > Suorita -> regedit -> ok.
Klikkaa hiirellä omatietokone rivi aktiiviseksi.
Sitten Tiedosto välilehti -> Vie. Kirjoita sille Manu1985 Tiedoston nimi ja
Tallennus Kohde sarakkeeseen valitset (C juureen. Vientialueeseen "täppi" kohtaan kaikki.(tallenna)
Poistu Regeditistä.

Sitten tallenna tämä alla oleva tekstinpätkä nimellä fix.reg Notepad muistiossa
työpöydälle (tallennusmuoto kaikki tiedostot)
Code:
Windows Registry Editor Version 5.00 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride"=dword:00000001

[-HKEY_USERS\S-1-5-21-448539723-1897051121-725345543-1003\Software\wkey]

[-HKEY_USERS\S-1-5-21-448539723-1897051121-725345543-1003\Software\mwc] 
Tuplaklikkaa työpöydällä fix.reg ja paina kyllä ja ok.
----------------------
Lataa: RegSeeker.zip työpöydälle:

Pura zip C:\RegSeeker\ kansioon. Sieltä käynnistät RegSeeker.exe ohjelman.
Oikeasa yläkulmassa on Languages.... linkki, josta valitset Suomenkielen.
Vasemmasta alakulmasta ruksit Luo vrmuuskopio ja sitten linkki Puhdista rekisteri
Ruksit kaikkiin muihin kohtiin paitsi "Käyttökelvottomat.." sitten "OK" (odotat hetken).
Ruutuun ilmestyy lista epäkelvoista rekisterimerkinnöistä, jotka alapalkista Valitse kohdasta
klikkaat Valitse kaikki jolloin valitut saavat keltaisen pohjavärin.
Alapalkin Toiminnot linkistä klikkaat Poista valitut kohteet
Ponnahdusikkunaan "Kaikki valitut kohteet poistetaan ? vastaat "OK".
Seuraavaan Ponnahdusikkunaan "Varmuuskopiot" vastaat "OK".
Klikaa vasemmalta Lopeta RegSeeker.
------------------------
Asenna hosts-tiedosto!
Hosts-tiedosto estää haitalliset internet-osoitteet.
Hosts-tiedoston lautauslinkki!
Hosts-tiedoston opas!
--------------------
Asenna SpywareBlaster!
SpywareBlaster estää haittaohjelmien asentumista koneelle.
SpywareBlasterin latauslinkki!
SpywareBlaster opas!
----------------------------

Käynnistä kone uudelleen.

Testaa herjaako vielä ???

Manu1985 · Nov 23, 2007

Kone toimii muuten kuin uus mutta herjaa vieläkin sitä f-securee..
pitäisköhän sitä harkita jos vaihtais toiseen ohjelmaan?
security center sanoo ettei virustorjuntaa löydy?

kalminen · Nov 23, 2007

F-Secure on hyvä turva, jos lisenssissä virta piisaa.
Vois olla viisainta asentaa se uusiksi.

Uuden ohjelman asentaminen edellyttää vanhan täydellistä
poistoa erikoistyökalulla.

Mieti !!!

Manu1985 · Nov 23, 2007

Joo morjesta vaa!!!
aattelin asentaa sen ohjelman uusiks ja kattoo josko toimis sillai..
Tuhannet Kiitokset Welho vaivan näöstä ja hyvistä vinkeistä!!!
Olis vielä yks kysymys liittyen tohon Hjt:en. onko mitää sivustoa tai
jotain vastaavaa mistä vois opiskella noita mitä pitää poistaa jos on saastuneita ja ylimääräsii filui, ku mulla on kolme konetta hoidettavana ja niitä saa aikasta usein fixailla..
aattelin vaa jos osais itse ei tarttis vaivata muita ja vois vaikka joskus alkaa itsekkin neuvoa muita ku tarpeeks tietäs noista..?
ei muuta kun hyvät talven jatkot ja vielä kerran thx man!!!
-Manu-

kalminen · Nov 23, 2007

Eipä kestä.
Tieto jota voit käyttää saat virustorjuntanetin kurssilta.
Hiukan tietoa:
http://www.virustorjunta.net/module...ack+This+-apuohjelman+logien+tulkitseminen#33

Log in or Sign up

Hjt-logi ultimate defender koneella

Manu1985 Guest

kalminen Regular member

Manu1985 Guest

kalminen Regular member

Manu1985 Guest

kalminen Regular member

Manu1985 Guest

Manu1985 Guest

kalminen Regular member

kalminen Regular member

Manu1985 Guest

kalminen Regular member

Manu1985 Guest

kalminen Regular member

Manu1985 Guest

kalminen Regular member

Share This Page

Log in or Sign up

Hjt-logi ultimate defender koneella

Manu1985 Guest

kalminen Regular member

Manu1985 Guest

kalminen Regular member

Manu1985 Guest

kalminen Regular member

Manu1985 Guest

Manu1985 Guest

kalminen Regular member

kalminen Regular member

Manu1985 Guest

kalminen Regular member

Manu1985 Guest

kalminen Regular member

Manu1985 Guest

kalminen Regular member

Share This Page

Useful Searches