Jälleen ongelmia...

etplayer1 · Feb 22, 2008

Moi,

Nyt olis vähän saman tapainen ongelma kun aikaisemmin. Vanha viestiketju löytyy täältä: http://keskustelu.afterdawn.com/thread_view.cfm/623970

Elikkä C: asemalta häviää vapaata tilaa kovaa vauhtia. Parissa viikossa hävinnyt n. 1 GB, vaikken lataile sinne mitään! Tein kaiken kuten vanhassa viestiketjussa Hujo neuvoi (suurkiitokset hänelle siitä!!). Ongelma hävisi vähäksi aikaa mutta se on taas palannut.

Eli tarvisin jälleen apuanne. Luulen, että koneella on jokin sitkeämpi haittaohjelma, joka latailee koneelleni ylimääräisiä tiedostoja.

Tässä HJT-logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:38:52, on 22.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\NetLimiter\NetLimiter.exe
C:\Program Files\Logitech\Video\LogiTray.exe
F:\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\LVComS.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
F:\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis.exe\skanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?42e34bf2d6574abb80d1d6c4bc7e0366
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?42e34bf2d6574abb80d1d6c4bc7e0366
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1164648388828
O17 - HKLM\System\CCS\Services\Tcpip\..\{451EF1CD-7324-4280-B8E1-813A6094BDF4}: NameServer = 213.139.190.3 212.50.131.153
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - F:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 9673 bytes

etplayer1 · Feb 22, 2008

Olisko ketään joka vois auttaa? Olisin tosi kiitollinen jos etes joku vois.

Hujo · Feb 22, 2008

hmmmm... menin ton jo pariinkertaan alhaalta ylös ylhäältä alas

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

etplayer1 · Feb 22, 2008

Kiitos Hujo,

Tässäpä olisi sitten Combofix logi:

ComboFix 08-02-23 - Mark 2008-02-23 0:00:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.433 [GMT 2:00]
Running from: C:\Documents and Settings\Mark\Desktop\Lataukset\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\acbeg.bak1
C:\WINDOWS\system32\acbeg.ini
C:\WINDOWS\system32\afdfcfkf.ini
C:\WINDOWS\system32\ajlndrib.dll
C:\WINDOWS\system32\awtnqaug.ini
C:\WINDOWS\system32\aybeg.bak2
C:\WINDOWS\system32\aybeg.ini
C:\WINDOWS\system32\bejxbmdy.ini
C:\WINDOWS\system32\bhnpkfop.ini
C:\WINDOWS\system32\bryeawhk.ini
C:\WINDOWS\system32\cdmwtyma.ini
C:\WINDOWS\system32\cfjrqalv.ini
C:\WINDOWS\system32\cvljbmrk.ini
C:\WINDOWS\system32\ddayv.dll
C:\WINDOWS\system32\ddeeg.bak1
C:\WINDOWS\system32\ddeeg.bak2
C:\WINDOWS\system32\ddeeg.ini
C:\WINDOWS\system32\eaksbupx.ini
C:\WINDOWS\system32\ebahgvej.ini
C:\WINDOWS\system32\edqkkvyk.ini
C:\WINDOWS\system32\empujbby.ini
C:\WINDOWS\system32\eribpfue.dll
C:\WINDOWS\system32\escdetua.ini
C:\WINDOWS\system32\eudrrqke.ini
C:\WINDOWS\system32\eufpbire.ini
C:\WINDOWS\system32\fiaqloab.ini
C:\WINDOWS\system32\flemtceq.ini
C:\WINDOWS\system32\flumcwon.ini
C:\WINDOWS\system32\ftclkcjb.ini
C:\WINDOWS\system32\ggwoarhs.ini
C:\WINDOWS\system32\gjkkj.bak1
C:\WINDOWS\system32\gjkkj.ini
C:\WINDOWS\system32\hgsievql.ini
C:\WINDOWS\system32\hgwyqsgj.ini
C:\WINDOWS\system32\hhjkofna.ini
C:\WINDOWS\system32\hjkkj.bak1
C:\WINDOWS\system32\hjkkj.ini
C:\WINDOWS\system32\hkcjnvrf.ini
C:\WINDOWS\system32\hrvqlhkj.dll
C:\WINDOWS\system32\hsmktksc.ini
C:\WINDOWS\system32\hsxmouyn.dll
C:\WINDOWS\system32\hvewqkgw.dll
C:\WINDOWS\system32\icslnpwx.dll
C:\WINDOWS\system32\iixpoeij.ini
C:\WINDOWS\system32\ijkmp.bak1
C:\WINDOWS\system32\ijkmp.bak2
C:\WINDOWS\system32\ijkmp.ini
C:\WINDOWS\system32\jiksqnph.ini
C:\WINDOWS\system32\jjkkj.bak1
C:\WINDOWS\system32\jjkkj.ini
C:\WINDOWS\system32\jyfkfxdl.ini
C:\WINDOWS\system32\kkbjfrrg.ini
C:\WINDOWS\system32\klkkj.bak1
C:\WINDOWS\system32\klkkj.bak2
C:\WINDOWS\system32\klkkj.ini
C:\WINDOWS\system32\knsalucc.ini
C:\WINDOWS\system32\korcwwfl.ini
C:\WINDOWS\system32\kqpmyxid.ini
C:\WINDOWS\system32\krbttukj.dll
C:\WINDOWS\system32\lddnxved.dll
C:\WINDOWS\system32\lpqdhmhx.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\meqwbfpy.ini
C:\WINDOWS\system32\mglbwxyf.ini
C:\WINDOWS\system32\mlljg.dll
C:\WINDOWS\system32\mlnmp.bak1
C:\WINDOWS\system32\mlnmp.ini
C:\WINDOWS\system32\mtcgandj.ini
C:\WINDOWS\system32\mxfbwjyc.dll
C:\WINDOWS\system32\nygojria.ini
C:\WINDOWS\system32\ocubkbaa.ini
C:\WINDOWS\system32\omuwpchk.ini
C:\WINDOWS\system32\ooncpoof.dll
C:\WINDOWS\system32\oqstv.bak1
C:\WINDOWS\system32\oqstv.bak2
C:\WINDOWS\system32\oqstv.ini
C:\WINDOWS\system32\oufkfmpa.ini
C:\WINDOWS\system32\pblcpuvq.ini
C:\WINDOWS\system32\pkbatdlv.ini
C:\WINDOWS\system32\pmnlm.dll
C:\WINDOWS\system32\pypgjhxo.ini
C:\WINDOWS\system32\qhbtehjx.ini
C:\WINDOWS\system32\qrcijfta.ini
C:\WINDOWS\system32\qvwooxnf.dll
C:\WINDOWS\system32\rbhideco.ini
C:\WINDOWS\system32\rdilemxl.dll
C:\WINDOWS\system32\rqrqgsml.dll
C:\WINDOWS\system32\rwovvckl.dll
C:\WINDOWS\system32\slfupihs.ini
C:\WINDOWS\system32\srqss.bak1
C:\WINDOWS\system32\srqss.ini
C:\WINDOWS\system32\sruqnunx.dll
C:\WINDOWS\system32\tmamcksf.ini
C:\WINDOWS\system32\uavnjspt.ini
C:\WINDOWS\system32\ufqcgmfv.ini
C:\WINDOWS\system32\upxnxodq.ini
C:\WINDOWS\system32\wbcjeods.ini
C:\WINDOWS\system32\whectepd.ini
C:\WINDOWS\system32\wkuulrop.ini
C:\WINDOWS\system32\wlieacsh.ini
C:\WINDOWS\system32\vuconybt.dll
C:\WINDOWS\system32\ymvpvrcx.ini
C:\WINDOWS\system32\yyadd.bak1
C:\WINDOWS\system32\yyadd.ini

.
((((((((((((((((((((((((( Files Created from 2008-01-22 to 2008-02-22 )))))))))))))))))))))))))))))))
.

2008-02-18 21:24 . 2008-02-18 21:24 <DIR> d-------- C:\VundoFix Backups
2008-02-05 21:53 . 2008-02-05 21:53 0 --a------ C:\23990098.$$$
2008-02-05 19:56 . 2008-02-05 20:28 <DIR> d-------- C:\Downloads
2008-02-05 19:53 . 2008-02-05 20:28 <DIR> d-------- C:\Kaspersky
2008-02-05 19:13 . 2008-02-05 19:15 <DIR> d-------- C:\RegSeeker
2008-02-05 18:46 . 2008-02-05 18:46 <DIR> d-------- C:\Program Files\Sun
2008-02-05 18:46 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-05 18:44 . 2008-02-05 18:46 <DIR> d-------- C:\Program Files\Java
2008-02-05 18:44 . 2008-02-05 18:44 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-05 16:12 . 2008-02-05 16:12 90,688 --a------ C:\WINDOWS\system32\aabkbuco.dll
2008-02-03 14:57 . 2008-02-03 14:57 <DIR> d-------- C:\Documents and Settings\Meri\Application Data\Grisoft
2008-02-03 13:54 . 2008-02-03 13:54 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\Grisoft
2008-02-03 13:54 . 2008-02-03 13:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-03 13:54 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-01 17:08 . 2008-02-01 17:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-02-01 16:59 . 2008-02-01 16:59 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-22 21:58 --------- d-----w C:\Documents and Settings\Mark\Application Data\Skype
2008-02-22 18:36 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-21 20:52 --------- d-----w C:\Program Files\Euroword2004
2008-02-17 11:44 --------- d-----w C:\Program Files\Zoom Player
2008-02-05 17:06 --------- d-----w C:\Program Files\Trend Micro
2008-02-01 18:30 --------- d-----w C:\Program Files\SpeedFan
2008-02-01 15:01 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-11 13:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-05 17:51 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2008-01-05 10:44 --------- d-----w C:\Documents and Settings\Mark\Application Data\mIRC
2008-01-05 10:40 --------- d-----w C:\Program Files\mIRC
2008-01-03 17:16 --------- d-----w C:\Documents and Settings\Meri\Application Data\F-Secure
2007-12-25 17:40 --------- d-----w C:\Program Files\Steam
2007-12-22 16:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-11 15:53 22,328 ----a-w C:\Documents and Settings\Mark\Application Data\PnkBstrK.sys
2007-11-10 21:09 312,065 --sh--w C:\WINDOWS\system32\dfhkj.bak1
2007-11-21 13:20 315,345 --sh--w C:\WINDOWS\system32\dfhkj.bak2
2007-10-25 07:48 322,890 --sh--w C:\WINDOWS\system32\efhkj.bak1
2007-11-15 16:27 314,509 --sh--w C:\WINDOWS\system32\efhkj.bak2
2007-11-20 09:53 312,056 --sh--w C:\WINDOWS\system32\lnnmp.bak1
2007-11-19 12:51 312,056 --sh--w C:\WINDOWS\system32\qttss.bak1
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-03-30 12:34 25263144]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-11-30 15:56 1306624]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-12-07 00:04 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2005-10-26 03:51 122929]
"F-Secure TNB"="C:\Program Files\F-Secure\TNB\TNBUtil.exe" [2004-05-27 10:57 684032]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-01-24 12:15 86016]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 03:11 925696]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-09-07 15:35 716800]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 16:57 133016]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-12-16 22:37 188416]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48 479232]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2005-12-13 07:49 217088]
"NetLimiter"="C:\Program Files\NetLimiter\NetLimiter.exe" [2004-03-31 15:23 823296]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-12-16 22:39 77824]
"!AVG Anti-Spyware"="F:\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-24 12:15 7311360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 03:07 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
F-Secure Automatic Update.lnk - C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe [2006-11-27 18:27:17 32807]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-12-17 16:08:04 169472]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\\system32\\sessmgr.exexpsp2res.dll,-22019
"C:\\Program Files\\F-Secure\\BackWeb\\7681197\\program\\F-Secure Automatic Update.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-10-31 12:01]
R2 BackWeb Plug-in - 7681197;F-Secure Automatic Update;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2006-11-27 18:27]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2005-08-19 15:37]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys [2005-10-06 16:30]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2005-08-19 15:37]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-22 12:20:30 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\F-Secure\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\F-Secure\ANTI-V~1\report.txt
"2008-02-22 22:07:01 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"

Hujo · Feb 22, 2008

1) Lataa VirtumundoBegone
2) Tallenna VirtumundoBeGone.exe työpöydällesi.
3) Aja VirtumundoBeGone.exe ja seuraa ohjeita. Älä huoli jos näet sinisen ruudun "Fatal Error" viestin, tämä on normaalia.
4) Kun työkalu on valmis, käynnistä kone uudelleen

etplayer1 · Feb 22, 2008

Tuommone logi tuli:

[02/23/2008, 0:35:47] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Mark\Desktop\VirtumundoBeGone.exe" )
[02/23/2008, 0:35:56] - Detected System Information:
[02/23/2008, 0:35:56] - Windows Version: 5.1.2600, Service Pack 2
[02/23/2008, 0:35:56] - Current Username: Mark (Admin)
[02/23/2008, 0:35:56] - Windows is in NORMAL mode.
[02/23/2008, 0:35:56] - Searching for Browser Helper Objects:
[02/23/2008, 0:35:56] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/23/2008, 0:35:56] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/23/2008, 0:35:56] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/23/2008, 0:35:56] - BHO 4: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[02/23/2008, 0:35:56] - Finished Searching Browser Helper Objects
[02/23/2008, 0:35:56] - Finishing up...
[02/23/2008, 0:35:56] - Nothing found! Exiting...

Hujo · Feb 22, 2008

tässä lisää jyrää

SUPERAntiSpyware

Saakohan F-secure nikottelevan hikan.

etplayer1 · Feb 22, 2008

Asennanko mää ton SUPERantispywaren? Ja mitä tarjoitat tolla "Saakohan F-secure nikottelevan hikan"? Mitä F-sucurelle käy jos asennan ton ohjelman?

Hujo · Feb 22, 2008

Siintä voi joku osa kadota kun tota toista käyttää.
Se on pikkusen herkkä ohjelma tuo F-secure

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

File::
C:\WINDOWS\system32\dfhkj.bak1
C:\WINDOWS\system32\dfhkj.bak2
C:\WINDOWS\system32\efhkj.bak1
C:\WINDOWS\system32\efhkj.bak2
C:\WINDOWS\system32\lnnmp.bak1
C:\WINDOWS\system32\qttss.bak1
C:\WINDOWS\system32\aabkbuco.dll

Click to expand...

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.

Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

etplayer1 · Feb 23, 2008

Tässä olis ComboFIx logi:

ComboFix 08-02-23 - Mark 2008-02-23 11:07:30.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.438 [GMT 2:00]
Running from: C:\Documents and Settings\Mark\Desktop\Lataukset\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mark\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\aabkbuco.dll
C:\WINDOWS\system32\dfhkj.bak1
C:\WINDOWS\system32\dfhkj.bak2
C:\WINDOWS\system32\efhkj.bak1
C:\WINDOWS\system32\efhkj.bak2
C:\WINDOWS\system32\lnnmp.bak1
C:\WINDOWS\system32\qttss.bak1
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\aabkbuco.dll
C:\WINDOWS\system32\dfhkj.bak1
C:\WINDOWS\system32\dfhkj.bak2
C:\WINDOWS\system32\efhkj.bak1
C:\WINDOWS\system32\efhkj.bak2
C:\WINDOWS\system32\lnnmp.bak1
C:\WINDOWS\system32\qttss.bak1

.
((((((((((((((((((((((((( Files Created from 2008-01-23 to 2008-02-23 )))))))))))))))))))))))))))))))
.

2008-02-18 21:24 . 2008-02-18 21:24 <DIR> d-------- C:\VundoFix Backups
2008-02-05 21:53 . 2008-02-05 21:53 0 --a------ C:\23990098.$$$
2008-02-05 19:56 . 2008-02-05 20:28 <DIR> d-------- C:\Downloads
2008-02-05 19:53 . 2008-02-05 20:28 <DIR> d-------- C:\Kaspersky
2008-02-05 19:13 . 2008-02-05 19:15 <DIR> d-------- C:\RegSeeker
2008-02-05 18:46 . 2008-02-05 18:46 <DIR> d-------- C:\Program Files\Sun
2008-02-05 18:46 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-05 18:44 . 2008-02-05 18:46 <DIR> d-------- C:\Program Files\Java
2008-02-05 18:44 . 2008-02-05 18:44 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-03 14:57 . 2008-02-03 14:57 <DIR> d-------- C:\Documents and Settings\Meri\Application Data\Grisoft
2008-02-03 13:54 . 2008-02-03 13:54 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\Grisoft
2008-02-03 13:54 . 2008-02-03 13:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-03 13:54 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-01 17:08 . 2008-02-01 17:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-02-01 16:59 . 2008-02-01 16:59 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-23 09:05 --------- d-----w C:\Documents and Settings\Mark\Application Data\Skype
2008-02-22 18:36 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-22 18:36 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-02-21 20:52 --------- d-----w C:\Program Files\Euroword2004
2008-02-17 11:44 --------- d-----w C:\Program Files\Zoom Player
2008-02-05 17:06 --------- d-----w C:\Program Files\Trend Micro
2008-02-01 18:30 --------- d-----w C:\Program Files\SpeedFan
2008-02-01 15:01 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-11 13:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-11 12:59 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-05 17:51 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2008-01-05 10:44 --------- d-----w C:\Documents and Settings\Mark\Application Data\mIRC
2008-01-05 10:40 --------- d-----w C:\Program Files\mIRC
2008-01-03 17:16 --------- d-----w C:\Documents and Settings\Meri\Application Data\F-Secure
2007-12-30 10:14 122,432 ----a-w C:\WINDOWS\system32\hfrhxmcr.dll
2007-12-29 13:19 122,432 ----a-w C:\WINDOWS\system32\eljfvyge.dll
2007-12-25 17:40 --------- d-----w C:\Program Files\Steam
2007-11-11 15:53 22,328 ----a-w C:\Documents and Settings\Mark\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-03-30 12:34 25263144]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-11-30 15:56 1306624]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-12-07 00:04 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2005-10-26 03:51 122929]
"F-Secure TNB"="C:\Program Files\F-Secure\TNB\TNBUtil.exe" [2004-05-27 10:57 684032]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-01-24 12:15 86016]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 03:11 925696]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-09-07 15:35 716800]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 16:57 133016]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-12-16 22:37 188416]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48 479232]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2005-12-13 07:49 217088]
"NetLimiter"="C:\Program Files\NetLimiter\NetLimiter.exe" [2004-03-31 15:23 823296]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-12-16 22:39 77824]
"!AVG Anti-Spyware"="F:\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-24 12:15 7311360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 03:07 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
F-Secure Automatic Update.lnk - C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe [2006-11-27 18:27:17 32807]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-12-17 16:08:04 169472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\\system32\\sessmgr.exexpsp2res.dll,-22019
"C:\\Program Files\\F-Secure\\BackWeb\\7681197\\program\\F-Secure Automatic Update.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-10-31 12:01]
R2 BackWeb Plug-in - 7681197;F-Secure Automatic Update;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2006-11-27 18:27]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2005-08-19 15:37]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys [2005-10-06 16:30]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2005-08-19 15:37]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-23 09:00:24 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\F-Secure\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\F-Secure\ANTI-V~1\report.txt
"2008-02-23 09:07:00 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-23 11:08:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\NetLimiter\nl_lsp.dll
-> C:\WINDOWS\system32\nl_msgc.dll
.
Completion time: 2008-02-23 11:09:27
ComboFix-quarantined-files.txt 2008-02-23 09:09:18
ComboFix2.txt 2008-02-22 22:33:20
.
2007-08-05 00:01:31 --- E O F ---

Hujo · Feb 23, 2008

Käynnistä - suorita laita siihen alla oleva ja paina ok

Combofix /u

========

ajas vundofix

etplayer1 · Feb 23, 2008

-ComboFix uninstallattu.

-VundoFix ei löytäny mitään.

-C: -asemaan tullut 0,7 GB lisää vapaata tilaa

Hujo · Feb 23, 2008

Poista koneelta vundofix

===============

Lataa Atribunen ATF Cleaner

Ohjeet;

Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.
Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Jos käytät Operaa selaimenasiKlikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)

etplayer1 · Feb 23, 2008

-Vundofix poistettu

-Kone ajettu ATF -ohjelmalla

Hujo · Feb 23, 2008

• Avaa HiJackThis
• Klikkaa "Configure" valintaa oikealla alhaalla
• Klikkaa "Misc Tools"
• Klikkaa boxia joka sanoo "Uninstall Manager"
• Klikkaa valintaa "Save list"
• Kopioi ja liitä kyseinen lista muistiosta postiisi

etplayer1 · Feb 23, 2008

Jep tuossa olis se lista:

Ad-Aware 2007
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.1.1
Adobe Shockwave Player
Adobe Stock Photos 1.0
Athlon 64 Processor Driver
AudibleManager
Automaattiset valikot (Windows Live Toolbar)
AVG Anti-Spyware 7.5
CCleaner (remove only)
Creative Mass Storage Drivers
Creative MediaSource
Creative System Information
Creative Zen Nano Plus
Euroword 2004 Pro
ffdshow [rev 1357] [2007-07-17]
F-Secure Anti-Virus Client Security - automaattinen päivitysagentti
F-Secure Anti-Virus Client Security - Internet-suojaus
F-Secure Anti-Virus Client Security - sähköpostitarkistus
F-Secure Anti-Virus Client Security - Web-liikenteen tarkistus
F-Secure Anti-Virus Client Security - virus- ja vakoilusuojaus
Google Gmail Notifier
GTA San Andreas
High Definition Audio Driver Package - KB888111
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB926239)
Java DB 10.3.1.4
Java(TM) 6 Update 4
Java(TM) SE Development Kit 6 Update 4
LimeWire 4.14.10
Logitech Desktop Messenger
Logitech Print Service
Logitech QuickCam
Logitech® Camera -ohjain
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
mIRC
Mozilla Firefox (2.0.0.12)
MSXML 4.0 SP2 (KB927978)
Music Manager
Nero 6 Ultra Edition
NetLimiter 1.30 (remove only)
Nokia Connectivity Cable Driver
Nokia PC Suite
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
Ohjattu henkilökohtaisten käyttöoikeuksien päivittäminen
OneCare Advisor (Windows Live Toolbar)
Outlook-työkalurivi (Windows Live Toolbar)
Ponnahdusikkunoiden esto (Windows Live Toolbar)
PowerArchiver 2004 v9.20
PunkBuster Services
Sanakirjan puhesynteesi
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Selaus välilehtiä käyttäen (Windows Live Toolbar)
Skype 3.1
SoundMAX
SpeedFan (remove only)
Syötteen tunnistus (Windows Live Toolbar)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbarin laajennus (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
Wolfenstein - Enemy Territory
Xilisoft Video Converter
Zoom Player (remove only)

Hujo · Feb 23, 2008

Poista lisää poista sovelutuksesta

LimeWire 4.14.10

Logitech Desktop Messenger == tämä tuo vain mainoksia voi poistaa

Poista vikasiedossa kansio

C:\\Program Files\\LimeWire

etplayer1 · Feb 23, 2008

-Limewire poistettu

-Logitech Desktop Messenger poistettu

Hujo · Feb 23, 2008

Mites kone nyt kerääkö se vielä.
limewire oli pulman aiheuttaja varmaan haittaohjelma.

etplayer1 · Feb 23, 2008

Tarkkailen tässä muutaman viikon tämän koneen käyttäytymistä ja että keräileekö se vielä noita haittaohjelmia. Aloin jo vähän itsekin epäillä että se LimeWire on se joka sitä roskaa kerää tälle koneelle.

Suurkiitokset jälleen kerran Hujolle!!!

Log in or Sign up

Jälleen ongelmia...

etplayer1 Member

etplayer1 Member

Hujo Guest

etplayer1 Member

Hujo Guest

etplayer1 Member

Hujo Guest

etplayer1 Member

Hujo Guest

etplayer1 Member

Hujo Guest

etplayer1 Member

Hujo Guest

etplayer1 Member

Hujo Guest

etplayer1 Member

Hujo Guest

etplayer1 Member

Hujo Guest

etplayer1 Member

Share This Page

Log in or Sign up

Jälleen ongelmia...

etplayer1 Member

etplayer1 Member

Hujo Guest

etplayer1 Member

Hujo Guest

etplayer1 Member

Hujo Guest

etplayer1 Member

Hujo Guest

etplayer1 Member

Hujo Guest

etplayer1 Member

Hujo Guest

etplayer1 Member

Hujo Guest

etplayer1 Member

Hujo Guest

etplayer1 Member

Hujo Guest

etplayer1 Member

Share This Page

Useful Searches