onko kaikki kunnossa? Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 19:27:48, on 29.2.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: J:\WINDOWS\System32\smss.exe J:\WINDOWS\system32\winlogon.exe J:\WINDOWS\system32\services.exe J:\WINDOWS\system32\lsass.exe J:\WINDOWS\system32\svchost.exe J:\WINDOWS\System32\svchost.exe J:\WINDOWS\system32\spoolsv.exe J:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe J:\WINDOWS\system32\CTsvcCDA.exe J:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe J:\Program Files\dna Nettiturva\Anti-Virus\FSGK32.EXE J:\Program Files\dna Nettiturva\Common\FSMA32.EXE J:\WINDOWS\System32\svchost.exe J:\Program Files\dna Nettiturva\Common\FSMB32.EXE J:\WINDOWS\system32\nvsvc32.exe J:\WINDOWS\system32\PnkBstrA.exe J:\WINDOWS\system32\slserv.exe J:\Program Files\dna Nettiturva\Common\FCH32.EXE J:\WINDOWS\system32\svchost.exe J:\Program Files\dna Nettiturva\Common\FAMEH32.EXE J:\Program Files\dna Nettiturva\Anti-Virus\fsqh.exe J:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe J:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe J:\Program Files\dna Nettiturva\Anti-Virus\fssm32.exe J:\Program Files\dna Nettiturva\FSAUA\program\fsus.exe J:\Program Files\dna Nettiturva\Anti-Virus\fsav32.exe J:\WINDOWS\Explorer.EXE J:\Program Files\Java\jre1.6.0_03\bin\jusched.exe J:\WINDOWS\SOUNDMAN.EXE J:\WINDOWS\ALCWZRD.EXE J:\WINDOWS\ALCMTR.EXE J:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE J:\Program Files\dna Nettiturva\Common\FSM32.EXE J:\Program Files\dna Nettiturva\FSGUI\ispnews.exe J:\Program Files\PowerISO\PWRISOVM.EXE J:\Program Files\dna Nettiturva\FSGUI\fsguidll.exe J:\Program Files\Windows Live\Messenger\msnmsgr.exe J:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe J:\Program Files\Logitech\SetPoint\SetPoint.exe J:\Program Files\Last.fm\LastFMHelper.exe J:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE J:\Program Files\Windows Live\Messenger\usnsvc.exe J:\WINDOWS\system32\rundll32.exe J:\WINDOWS\system32\rundll32.exe J:\Program Files\Mozilla Firefox\firefox.exe J:\Documents and Settings\Mauri\Omat tiedostot\Vastaanotetut tiedostot\HiJackThis_v2.exe J:\Program Files\Internet Explorer\iexplore.exe J:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fi/spbasic.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - J:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {36ADA89D-2440-4DC4-820A-3A05E8630935} - J:\Program Files\Video ActiveX Access\iesplg.dll (file missing) O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - J:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll O2 - BHO: (no name) - {7203DFFA-A02A-4977-BA5C-480A3F4E58BA} - J:\WINDOWS\system32\drtjbfum.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - J:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {890CFBF0-10D5-43D3-ABFD-206F7C4A2699} - J:\WINDOWS\system32\vtussqq.dll (file missing) O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - J:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {E26CEADA-67B0-4543-BE8B-307F00265118} - J:\Program Files\Video ActiveX Access\iesplg.dll (file missing) O2 - BHO: {e0f2561d-ef8b-ba59-0be4-0e51174b5ade} - {eda5b471-15e0-4eb0-95ab-b8fed1652f0e} - J:\WINDOWS\system32\juloaspd.dll O4 - HKLM\..\Run: [High Definition Audio -ominaisuussivun pikakuvake] HDAudPropShortcut.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "J:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE J:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] J:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] J:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420" O4 - HKLM\..\Run: [F-Secure Manager] "J:\Program Files\dna Nettiturva\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "J:\Program Files\dna Nettiturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [News Service] "J:\Program Files\dna Nettiturva\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [uga6pcw] "J:\PROGRA~1\COMMON~1\TRUSTE~1\uga6pcw.exe" -start O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [QuickTime Task] "J:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [000000af] rundll32.exe "J:\WINDOWS\system32\cbwowgra.dll",b O4 - HKLM\..\Run: [PWRISOVM.EXE] J:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [BM67cd1cb9] Rundll32.exe "J:\WINDOWS\system32\feyknaiw.dll",s O4 - HKLM\..\Run: [b0e04e95] rundll32.exe "J:\WINDOWS\system32\lejyfofe.dll",b O4 - HKCU\..\Run: [msnmsgr] "J:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [LDM] J:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKLM\..\Policies\Explorer\Run: [rare] J:\Program Files\Video ActiveX Access\imsmain.exe O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] J:\Program Files\Video ActiveX Access\iesmn.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = J:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Last.fm Helper.lnk = J:\Program Files\Last.fm\LastFMHelper.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = J:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = J:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = J:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://J:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://J:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://J:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://J:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - J:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - Winlogon Notify: sstqr - J:\WINDOWS\system32\sstqr.dll (file missing) O20 - Winlogon Notify: vtussqq - vtussqq.dll (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - J:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - J:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: heterandrous - {735e980d-45d2-4777-af82-9923d3c8d3ae} - J:\WINDOWS\system32\kgkdbsk.dll (file missing) O22 - SharedTaskScheduler: discommodiousness - {33b8d257-07f6-4c06-8605-94bc21728635} - J:\WINDOWS\system32\onljweo.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - J:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - J:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - J:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - J:\WINDOWS\System32\dmadmin.exe O23 - Service: DomainService - Unknown owner - J:\WINDOWS\system32\qurngdgg.exe (file missing) O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - J:\WINDOWS\system32\services.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - J:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - J:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - J:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - J:\Program Files\dna Nettiturva\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - J:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - J:\WINDOWS\system32\imapi.exe O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - J:\WINDOWS\system32\mnmsrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - J:\WINDOWS\system32\nvsvc32.exe O23 - Service: Plug and Play (PlugPlay) - Unknown owner - J:\WINDOWS\system32\services.exe O23 - Service: PnkBstrA - Unknown owner - J:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - J:\WINDOWS\system32\sessmgr.exe O23 - Service: Älykortti (SCardSvr) - Unknown owner - J:\WINDOWS\System32\SCardSvr.exe O23 - Service: SmartLinkService (SLService) - - J:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - J:\WINDOWS\system32\smlogsvc.exe O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - J:\WINDOWS\System32\vssvc.exe O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - J:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Windows Media Playerin verkkojakamispalvelu (WMPNetworkSvc) - Unknown owner - J:\Program Files\Windows Media Player\WMPNetwk.exe
Lataa SmitfraudFix (c) S!Ri Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi: Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa). Postita tämän tekstitiedoston sisältö viestiketjuusi. Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää. ============ Lataa VundoFix.exe työpöydällesi. Tupla-klikkaa VundoFix.exe ajaaksesi sen. Klikkaa Scan for Vundo valintaa. Kun skannaus on valmis, klikkaa Remove Vundo valintaa. Sinulta kysytään haluatko poistaa filut - klikkaa YES. Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa. Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK. Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö. Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan. Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.
SmitFraudFix v2.298 Scan done at 19:40:34,10, pe 29.02.2008 Run from J:\Documents and Settings\Mauri\Ty”p”yt„\SmitfraudFix OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process J:\WINDOWS\System32\smss.exe J:\WINDOWS\system32\winlogon.exe J:\WINDOWS\system32\services.exe J:\WINDOWS\system32\lsass.exe J:\WINDOWS\system32\svchost.exe J:\WINDOWS\System32\svchost.exe J:\WINDOWS\system32\spoolsv.exe J:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe J:\WINDOWS\system32\CTsvcCDA.exe J:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe J:\Program Files\dna Nettiturva\Anti-Virus\FSGK32.EXE J:\Program Files\dna Nettiturva\Common\FSMA32.EXE J:\WINDOWS\System32\svchost.exe J:\Program Files\dna Nettiturva\Common\FSMB32.EXE J:\WINDOWS\system32\nvsvc32.exe J:\WINDOWS\system32\PnkBstrA.exe J:\WINDOWS\system32\slserv.exe J:\Program Files\dna Nettiturva\Common\FCH32.EXE J:\WINDOWS\system32\svchost.exe J:\Program Files\dna Nettiturva\Common\FAMEH32.EXE J:\Program Files\dna Nettiturva\Anti-Virus\fsqh.exe J:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe J:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe J:\Program Files\dna Nettiturva\Anti-Virus\fssm32.exe J:\Program Files\dna Nettiturva\FSAUA\program\fsus.exe J:\Program Files\dna Nettiturva\Anti-Virus\fsav32.exe J:\WINDOWS\Explorer.EXE J:\Program Files\Java\jre1.6.0_03\bin\jusched.exe J:\WINDOWS\SOUNDMAN.EXE J:\WINDOWS\ALCWZRD.EXE J:\WINDOWS\ALCMTR.EXE J:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE J:\Program Files\dna Nettiturva\Common\FSM32.EXE J:\Program Files\dna Nettiturva\FSGUI\ispnews.exe J:\Program Files\PowerISO\PWRISOVM.EXE J:\Program Files\dna Nettiturva\FSGUI\fsguidll.exe J:\Program Files\Windows Live\Messenger\msnmsgr.exe J:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe J:\Program Files\Logitech\SetPoint\SetPoint.exe J:\Program Files\Last.fm\LastFMHelper.exe J:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE J:\Program Files\Windows Live\Messenger\usnsvc.exe J:\WINDOWS\system32\rundll32.exe J:\WINDOWS\system32\rundll32.exe J:\Program Files\Mozilla Firefox\firefox.exe J:\Program Files\Internet Explorer\iexplore.exe J:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe J:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» J:\ »»»»»»»»»»»»»»»»»»»»»»»» J:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» J:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» J:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» J:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» J:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» J:\Documents and Settings\Mauri »»»»»»»»»»»»»»»»»»»»»»»» J:\Documents and Settings\Mauri\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» J:\DOCUME~1\Mauri\Suosikit J:\DOCUME~1\Mauri\Suosikit\Online Security Test.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» J:\Program Files J:\Program Files\Video ActiveX Access\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Nykyinen kotisivu" »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, following keys are not inevitably infected!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, following keys are not inevitably infected!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{735e980d-45d2-4777-af82-9923d3c8d3ae}"="heterandrous" [HKEY_CLASSES_ROOT\CLSID\{735e980d-45d2-4777-af82-9923d3c8d3ae}\InProcServer32] @="J:\WINDOWS\system32\kgkdbsk.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{735e980d-45d2-4777-af82-9923d3c8d3ae}\InProcServer32] @="J:\WINDOWS\system32\kgkdbsk.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{33b8d257-07f6-4c06-8605-94bc21728635}"="discommodiousness" [HKEY_CLASSES_ROOT\CLSID\{33b8d257-07f6-4c06-8605-94bc21728635}\InProcServer32] @="J:\WINDOWS\system32\onljweo.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{33b8d257-07f6-4c06-8605-94bc21728635}\InProcServer32] @="J:\WINDOWS\system32\onljweo.dll" »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Paketinajoituksen miniportti DNS Server Search Order: 62.78.102.50 DNS Server Search Order: 62.78.102.10 HKLM\SYSTEM\CCS\Services\Tcpip\..\{BC8FFFDF-9BFE-44EA-ADB7-FC41ABE00E68}: DhcpNameServer=62.78.102.50 62.78.102.10 HKLM\SYSTEM\CS1\Services\Tcpip\..\{BC8FFFDF-9BFE-44EA-ADB7-FC41ABE00E68}: DhcpNameServer=62.78.102.50 62.78.102.10 HKLM\SYSTEM\CS2\Services\Tcpip\..\{BC8FFFDF-9BFE-44EA-ADB7-FC41ABE00E68}: DhcpNameServer=62.78.102.50 62.78.102.10 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=62.78.102.50 62.78.102.10 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=62.78.102.50 62.78.102.10 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=62.78.102.50 62.78.102.10 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End
Printtaa ohjeet ulos Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi. Vikasietotilaan: sammuta ja käynnistä käynnistyksen yhteydessä hakkaa F8 nappia valitse nuolinäppäimellä vikasietotila paina enter ja enter valitse käyttäjätilisi paina kyllä Jossakin koneissa hakataan F8:sin sijasta F5:tä Kun vikasietotilassa, avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd Valitse optio #2 - Clean kirjoittamalla 2 ja painamalla "Enter" poistaaksesi tarttuneet tiedostot. Sinulta kysytään: "Registry cleaning - Do you want to clean the registry ?"; vastaa "Yes" kirjoittamalla Y ja paina "Enter" poistaaksesi työpöydän taustakuvan ja puhdistaaksesi tarttuneet rekisteriavaimet. Työkalu tarkistaa jos wininet.dll on tarttunut. Sinua saatetaan pyytää korvaamaan tarttunut .dll (jos löytyy); vastaa "Yes" kirjoittamalla Y ja painamalla "Enter". Työkalun saattaa tarvita käynnistää kone uudelleen; jos ei tee niin, käynnistä normaaliin Windowsiin. Tekstitiedosto ilmestyy, puhdistusprosessin jäljiltä; kopioi & liitä tämän raportin tulokset vastaukseesi. Raportti löytyy paikalliselta levyltäsi, useimmiten C:\rapport.txt. Varoitus : Ajamalla optio 2:n EI-tarttuneessa tietokoneessa, poistaa sinun työpöytäsi taustakuvan.
Tässä on vikasietotilan raportti: SmitFraudFix v2.298 Scan done at 20:38:39,26, pe 29.02.2008 Run from J:\Documents and Settings\Mauri\Ty”p”yt„\SmitfraudFix OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{735e980d-45d2-4777-af82-9923d3c8d3ae}"="heterandrous" [HKEY_CLASSES_ROOT\CLSID\{735e980d-45d2-4777-af82-9923d3c8d3ae}\InProcServer32] @="J:\WINDOWS\system32\kgkdbsk.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{735e980d-45d2-4777-af82-9923d3c8d3ae}\InProcServer32] @="J:\WINDOWS\system32\kgkdbsk.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{33b8d257-07f6-4c06-8605-94bc21728635}"="discommodiousness" [HKEY_CLASSES_ROOT\CLSID\{33b8d257-07f6-4c06-8605-94bc21728635}\InProcServer32] @="J:\WINDOWS\system32\onljweo.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{33b8d257-07f6-4c06-8605-94bc21728635}\InProcServer32] @="J:\WINDOWS\system32\onljweo.dll" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files J:\DOCUME~1\Mauri\Suosikit\Online Security Test.url Deleted J:\Program Files\Video ActiveX Access\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{BC8FFFDF-9BFE-44EA-ADB7-FC41ABE00E68}: DhcpNameServer=62.78.102.50 62.78.102.10 HKLM\SYSTEM\CS1\Services\Tcpip\..\{BC8FFFDF-9BFE-44EA-ADB7-FC41ABE00E68}: DhcpNameServer=62.78.102.50 62.78.102.10 HKLM\SYSTEM\CS2\Services\Tcpip\..\{BC8FFFDF-9BFE-44EA-ADB7-FC41ABE00E68}: DhcpNameServer=62.78.102.50 62.78.102.10 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=62.78.102.50 62.78.102.10 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=62.78.102.50 62.78.102.10 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=62.78.102.50 62.78.102.10 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End
Tässä on HJT loki. Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 21:39:22, on 29.2.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: J:\WINDOWS\System32\smss.exe J:\WINDOWS\system32\winlogon.exe J:\WINDOWS\system32\services.exe J:\WINDOWS\system32\lsass.exe J:\WINDOWS\system32\svchost.exe J:\WINDOWS\System32\svchost.exe J:\WINDOWS\system32\spoolsv.exe J:\WINDOWS\Explorer.EXE J:\Program Files\Java\jre1.6.0_03\bin\jusched.exe J:\WINDOWS\SOUNDMAN.EXE J:\WINDOWS\ALCWZRD.EXE J:\WINDOWS\ALCMTR.EXE J:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE J:\Program Files\dna Nettiturva\Common\FSM32.EXE J:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe J:\Program Files\PowerISO\PWRISOVM.EXE J:\Program Files\Windows Live\Messenger\msnmsgr.exe J:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe J:\WINDOWS\system32\CTsvcCDA.exe J:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe J:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe J:\Program Files\dna Nettiturva\Common\FSMA32.EXE J:\Program Files\dna Nettiturva\Anti-Virus\FSGK32.EXE J:\WINDOWS\System32\svchost.exe J:\WINDOWS\system32\nvsvc32.exe J:\Program Files\dna Nettiturva\Common\FSMB32.EXE J:\WINDOWS\system32\PnkBstrA.exe J:\Program Files\Logitech\SetPoint\SetPoint.exe J:\Program Files\Last.fm\LastFMHelper.exe J:\Program Files\dna Nettiturva\Common\FCH32.EXE J:\WINDOWS\system32\slserv.exe J:\WINDOWS\system32\svchost.exe J:\Program Files\dna Nettiturva\Anti-Virus\fsqh.exe J:\Program Files\dna Nettiturva\Common\FAMEH32.EXE J:\Program Files\dna Nettiturva\FSGUI\fsguidll.exe J:\Program Files\dna Nettiturva\Anti-Virus\fssm32.exe J:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe J:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe J:\Program Files\dna Nettiturva\FSAUA\program\fsus.exe J:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE J:\WINDOWS\system32\wuauclt.exe J:\Program Files\dna Nettiturva\Anti-Virus\fsav32.exe J:\Program Files\Mozilla Firefox\firefox.exe J:\Program Files\Windows Live\Messenger\usnsvc.exe J:\WINDOWS\system32\NOTEPAD.EXE J:\Documents and Settings\Mauri\Omat tiedostot\Vastaanotetut tiedostot\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - J:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7203DFFA-A02A-4977-BA5C-480A3F4E58BA} - J:\WINDOWS\system32\drtjbfum.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - J:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - J:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: {e0f2561d-ef8b-ba59-0be4-0e51174b5ade} - {eda5b471-15e0-4eb0-95ab-b8fed1652f0e} - J:\WINDOWS\system32\juloaspd.dll (file missing) O4 - HKLM\..\Run: [High Definition Audio -ominaisuussivun pikakuvake] HDAudPropShortcut.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "J:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE J:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] J:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] J:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420" O4 - HKLM\..\Run: [F-Secure Manager] "J:\Program Files\dna Nettiturva\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "J:\Program Files\dna Nettiturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [News Service] "J:\Program Files\dna Nettiturva\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [uga6pcw] "J:\PROGRA~1\COMMON~1\TRUSTE~1\uga6pcw.exe" -start O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [QuickTime Task] "J:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [000000af] rundll32.exe "J:\WINDOWS\system32\cbwowgra.dll",b O4 - HKLM\..\Run: [PWRISOVM.EXE] J:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [BM67cd1cb9] Rundll32.exe "J:\WINDOWS\system32\feyknaiw.dll",s O4 - HKLM\..\Run: [b0e04e95] rundll32.exe "J:\WINDOWS\system32\lejyfofe.dll",b O4 - HKCU\..\Run: [msnmsgr] "J:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [LDM] J:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = J:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Last.fm Helper.lnk = J:\Program Files\Last.fm\LastFMHelper.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = J:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = J:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = J:\Program Files\Logitech\SetPoint\SetPoint.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - J:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - Winlogon Notify: sstqr - J:\WINDOWS\system32\sstqr.dll (file missing) O20 - Winlogon Notify: vtussqq - vtussqq.dll (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - J:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - J:\WINDOWS\system32\browseui.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - J:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - J:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - J:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - J:\WINDOWS\System32\dmadmin.exe O23 - Service: DomainService - Unknown owner - J:\WINDOWS\system32\qurngdgg.exe (file missing) O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - J:\WINDOWS\system32\services.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - J:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - J:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - J:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - J:\Program Files\dna Nettiturva\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - J:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - J:\WINDOWS\system32\imapi.exe O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - J:\WINDOWS\system32\mnmsrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - J:\WINDOWS\system32\nvsvc32.exe O23 - Service: Plug and Play (PlugPlay) - Unknown owner - J:\WINDOWS\system32\services.exe O23 - Service: PnkBstrA - Unknown owner - J:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - J:\WINDOWS\system32\sessmgr.exe O23 - Service: Älykortti (SCardSvr) - Unknown owner - J:\WINDOWS\System32\SCardSvr.exe O23 - Service: SmartLinkService (SLService) - - J:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - J:\WINDOWS\system32\smlogsvc.exe O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - J:\WINDOWS\System32\vssvc.exe O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - J:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Windows Media Playerin verkkojakamispalvelu (WMPNetworkSvc) - Unknown owner - J:\Program Files\Windows Media Player\WMPNetwk.exe -- End of file - 9960 bytes
scannaa hjt:llä merkkaa paina Fix checked O2 - BHO: (no name) - {7203DFFA-A02A-4977-BA5C-480A3F4E58BA} - J:\WINDOWS\system32\drtjbfum.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: {e0f2561d-ef8b-ba59-0be4-0e51174b5ade} - {eda5b471-15e0-4eb0-95ab-b8fed1652f0e} - J:\WINDOWS\system32\juloaspd.dll (file missing) O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [uga6pcw] "J:\PROGRA~1\COMMON~1\TRUSTE~1\uga6pcw.exe" -start O4 - HKLM\..\Run: [000000af] rundll32.exe "J:\WINDOWS\system32\cbwowgra.dll",b O4 - HKLM\..\Run: [BM67cd1cb9] Rundll32.exe "J:\WINDOWS\system32\feyknaiw.dll",s O4 - HKLM\..\Run: [b0e04e95] rundll32.exe "J:\WINDOWS\system32\lejyfofe.dll",b O20 - Winlogon Notify: sstqr - J:\WINDOWS\system32\sstqr.dll (file missing) O20 - Winlogon Notify: vtussqq - vtussqq.dll (file missing) ============ laita se vundofix loki =========== 1.Lataa combofix.exe työpöydällesi yhdestä linkistä: combofix1 combofix2 2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia. 3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi. Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen. ======== Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi. Käynnistä koneesi vikasietotilaan: sammuta ja käynnistä käynnistyksen yhteydessä hakkaa F8 nappia valitse nuolinäppäimellä vikasietotila paina enter ja enter valitse käyttäjätilisi paina kyllä Jossakin koneissa hakataan F8:sin sijasta F5:tä " Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix. " Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman. " Paina Y käynnistääksesi skriptin. " Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot". " Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen. " Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta. " Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished". " Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle. " Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.
Tässä on se vundofix loki. VundoFix V6.7.10 Checking Java version... Java version is 1.4.2.5 Old versions of java are exploitable and should be removed. Java version is 1.5.0.3 Old versions of java are exploitable and should be removed. Scan started at 19:44:43 29.2.2008 Listing files found while scanning.... J:\Program Files\PowerISO\PWRISOSH.DLL ion... Java version is 1.4.2.5 Old versions of java are exploitable and should be removed. Java version is 1.5.0.3 Old versions of java are exploitable and should be removed. Scan started at 20:13:57 29.2.2008 Listing files found while scanning.... J:\WINDOWS\system32\anlnwsqv.dll J:\WINDOWS\system32\artdubgo.dll J:\windows\system32\atyveuth.ini J:\windows\system32\atyveuth.tmp J:\WINDOWS\system32\awgfdhfx.dll J:\WINDOWS\system32\avmjwwis.dll J:\WINDOWS\system32\bhqecfva.dll J:\WINDOWS\system32\bkktqyva.dll J:\WINDOWS\system32\bvjxldsr.dll J:\WINDOWS\system32\bytxqyww.dll J:\WINDOWS\system32\cixvitwa.dll J:\WINDOWS\system32\coedssym.dll J:\WINDOWS\system32\cpdyrvmf.dll J:\WINDOWS\system32\cqescveh.ini J:\windows\system32\cwlaaiiy.ini J:\WINDOWS\system32\dglcxqkl.dll J:\WINDOWS\system32\diymqvsp.dll J:\WINDOWS\system32\drjgawpt.dll J:\WINDOWS\system32\drtjbfum.dll J:\windows\system32\ebkgfhiq.ini J:\WINDOWS\system32\ehohhnvw.dll J:\windows\system32\eregubxj.ini J:\windows\system32\ewfrsugn.ini J:\WINDOWS\system32\felohjlf.dll J:\WINDOWS\system32\feyknaiw.dll J:\WINDOWS\system32\ffvgnkug.dll J:\windows\system32\fkjuufsw.ini J:\WINDOWS\system32\fljholef.ini J:\WINDOWS\system32\futgrmyn.dll J:\WINDOWS\system32\fwfjalps.dll J:\WINDOWS\system32\fvywrciw.dll J:\WINDOWS\system32\fygecihs.dll J:\WINDOWS\system32\gaogcfjv.dll J:\WINDOWS\system32\gjluubpi.dll J:\windows\system32\gquvnkkk.ini J:\WINDOWS\system32\gsqdpgvu.dll J:\WINDOWS\system32\hdofyces.dll J:\WINDOWS\system32\hevcseqc.dll J:\WINDOWS\system32\hmnsjsea.dll J:\WINDOWS\system32\hrnkivqt.dll J:\WINDOWS\system32\hsncpior.dll J:\WINDOWS\system32\htuevyta.dll J:\WINDOWS\system32\iacpwoxu.dll J:\WINDOWS\system32\iatjgcgk.dll J:\WINDOWS\system32\ikcrjhwg.dll J:\windows\system32\iofmhjfx.ini J:\WINDOWS\system32\iudmalfy.dll J:\WINDOWS\system32\jehxlkpr.dll J:\WINDOWS\system32\jlgejwju.dll J:\WINDOWS\system32\joegnnul.dll J:\WINDOWS\system32\juloaspd.dll J:\WINDOWS\system32\jwflgddn.dll J:\WINDOWS\system32\jxbugere.dll J:\WINDOWS\system32\jxqqlcoa.dll J:\WINDOWS\system32\kbbtoibk.dll J:\WINDOWS\system32\kivmspyj.dll J:\WINDOWS\system32\kivxmjpo.dll J:\WINDOWS\system32\kkknvuqg.dll J:\windows\system32\kngfcsoy.ini J:\WINDOWS\system32\krfkyyxv.dll J:\WINDOWS\system32\lejyfofe.dll J:\WINDOWS\system32\ltxlqkbm.dll J:\WINDOWS\system32\lulckuum.dll J:\WINDOWS\system32\lyyhbxgy.dll J:\WINDOWS\system32\mdjyikoj.dll J:\WINDOWS\system32\mekshiuj.dll J:\WINDOWS\system32\mfbucvgf.dll J:\WINDOWS\system32\mhsrqajk.dll J:\WINDOWS\system32\mkvgsyst.dll J:\WINDOWS\system32\mrhmyfdi.dll J:\WINDOWS\system32\mufbjtrd.ini J:\WINDOWS\system32\mufbjtrd.ini2 J:\windows\system32\muukclul.ini J:\WINDOWS\system32\ngusrfwe.dll J:\WINDOWS\system32\nxkibfkc.dll J:\WINDOWS\system32\oattsxop.dll J:\windows\system32\oebokaqu.ini J:\WINDOWS\system32\oeseskgp.dll J:\WINDOWS\system32\osnnqnmm.dll J:\WINDOWS\system32\owrenutu.dll J:\WINDOWS\system32\prtifsvg.dll J:\WINDOWS\system32\psvqmyid.ini J:\WINDOWS\system32\qbgqkevl.dll J:\WINDOWS\system32\qihfgkbe.dll J:\WINDOWS\system32\qofsmycu.dll J:\WINDOWS\system32\qtmusbew.dll J:\WINDOWS\system32\qywodlqd.dll J:\WINDOWS\system32\raogqjpo.dll J:\WINDOWS\system32\rcfaieef.dll J:\WINDOWS\system32\rlctpkax.dll J:\windows\system32\rpklxhej.ini J:\WINDOWS\system32\rppopyvm.dll J:\WINDOWS\system32\rqtfiwyv.dll J:\WINDOWS\system32\rsdlxjvb.ini J:\WINDOWS\system32\rtmojuew.dll J:\WINDOWS\system32\rwnnortd.dll J:\WINDOWS\system32\rxqsppaa.dll J:\WINDOWS\system32\rxvgyxbm.dll J:\WINDOWS\system32\sebxogkw.dll J:\WINDOWS\system32\siwflwus.dll J:\windows\system32\siwwjmva.ini J:\WINDOWS\system32\skclvcqg.dll J:\WINDOWS\system32\sqyrbffh.dll J:\WINDOWS\system32\sstqr.dll J:\WINDOWS\system32\sxngueff.dll J:\WINDOWS\system32\tcylwiul.dll J:\WINDOWS\system32\tdbfwynr.dll J:\windows\system32\tsysgvkm.ini J:\WINDOWS\system32\tuniteow.dll J:\WINDOWS\system32\twpsrroq.dll J:\windows\system32\ucymsfoq.ini J:\WINDOWS\system32\uevwsbdf.dll J:\windows\system32\ujwjeglj.ini J:\WINDOWS\system32\uohplpia.dll J:\WINDOWS\system32\upsislsx.dll J:\WINDOWS\system32\uqakobeo.dll J:\windows\system32\utunerwo.ini J:\WINDOWS\system32\uykqtnky.dll J:\windows\system32\websumtq.ini J:\windows\system32\weujomtr.ini J:\WINDOWS\system32\vfxmwlgx.dll J:\windows\system32\vhthwtpw.ini J:\WINDOWS\system32\wicrwyvf.ini J:\WINDOWS\system32\wlfckcmv.dll J:\windows\system32\vmckcflw.ini J:\WINDOWS\system32\wptwhthv.dll J:\WINDOWS\system32\vqnsvecm.dll J:\WINDOWS\system32\vqswnlna.ini J:\WINDOWS\system32\wrjyolwu.dll J:\WINDOWS\system32\vrlbwhef.dll J:\WINDOWS\system32\wsfuujkf.dll J:\WINDOWS\system32\vtussqq.dll J:\WINDOWS\system32\vuakdshn.dll J:\WINDOWS\system32\vxwktmoj.dll J:\windows\system32\vywiftqr.ini J:\windows\system32\xakptclr.ini J:\WINDOWS\system32\xbqdgruw.dll J:\WINDOWS\system32\xfhdfgwa.ini J:\WINDOWS\system32\xfjhmfoi.dll J:\windows\system32\xglwmxfv.ini J:\WINDOWS\system32\xgsrglnm.dll J:\windows\system32\xslsispu.ini J:\WINDOWS\system32\xsuxihyd.dll J:\WINDOWS\system32\ybnsajrq.dll J:\WINDOWS\system32\yiiaalwc.dll J:\WINDOWS\system32\ymmkuafp.dll J:\WINDOWS\system32\yoscfgnk.dll J:\WINDOWS\system32\yuxvjkqb.dll J:\WINDOWS\system32\yxlmjppm.dll Beginning removal... Attempting to delete J:\Program Files\PowerISO\PWRISOSH.DLL J:\Program Files\PowerISO\PWRISOSH.DLL Has been deleted! Attempting to delete J:\WINDOWS\system32\anlnwsqv.dll J:\WINDOWS\system32\anlnwsqv.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\artdubgo.dll J:\WINDOWS\system32\artdubgo.dll Has been deleted! Attempting to delete J:\windows\system32\atyveuth.ini J:\windows\system32\atyveuth.ini Has been deleted! Attempting to delete J:\windows\system32\atyveuth.tmp J:\windows\system32\atyveuth.tmp Has been deleted! Attempting to delete J:\WINDOWS\system32\awgfdhfx.dll J:\WINDOWS\system32\awgfdhfx.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\avmjwwis.dll J:\WINDOWS\system32\avmjwwis.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\bhqecfva.dll J:\WINDOWS\system32\bhqecfva.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\bkktqyva.dll J:\WINDOWS\system32\bkktqyva.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\bvjxldsr.dll J:\WINDOWS\system32\bvjxldsr.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\bytxqyww.dll J:\WINDOWS\system32\bytxqyww.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\cixvitwa.dll J:\WINDOWS\system32\cixvitwa.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\coedssym.dll J:\WINDOWS\system32\coedssym.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\cpdyrvmf.dll J:\WINDOWS\system32\cpdyrvmf.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\cqescveh.ini J:\WINDOWS\system32\cqescveh.ini Has been deleted! Attempting to delete J:\windows\system32\cwlaaiiy.ini J:\windows\system32\cwlaaiiy.ini Has been deleted! Attempting to delete J:\WINDOWS\system32\dglcxqkl.dll J:\WINDOWS\system32\dglcxqkl.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\diymqvsp.dll J:\WINDOWS\system32\diymqvsp.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\drjgawpt.dll J:\WINDOWS\system32\drjgawpt.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\drtjbfum.dll J:\WINDOWS\system32\drtjbfum.dll Has been deleted! Attempting to delete J:\windows\system32\ebkgfhiq.ini J:\windows\system32\ebkgfhiq.ini Has been deleted! Attempting to delete J:\WINDOWS\system32\ehohhnvw.dll J:\WINDOWS\system32\ehohhnvw.dll Has been deleted! Attempting to delete J:\windows\system32\eregubxj.ini J:\windows\system32\eregubxj.ini Has been deleted! Attempting to delete J:\windows\system32\ewfrsugn.ini J:\windows\system32\ewfrsugn.ini Has been deleted! Attempting to delete J:\WINDOWS\system32\felohjlf.dll J:\WINDOWS\system32\felohjlf.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\feyknaiw.dll J:\WINDOWS\system32\feyknaiw.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\ffvgnkug.dll J:\WINDOWS\system32\ffvgnkug.dll Has been deleted! Attempting to delete J:\windows\system32\fkjuufsw.ini J:\windows\system32\fkjuufsw.ini Has been deleted! Attempting to delete J:\WINDOWS\system32\fljholef.ini J:\WINDOWS\system32\fljholef.ini Has been deleted! Attempting to delete J:\WINDOWS\system32\futgrmyn.dll J:\WINDOWS\system32\futgrmyn.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\fwfjalps.dll J:\WINDOWS\system32\fwfjalps.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\fvywrciw.dll J:\WINDOWS\system32\fvywrciw.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\fygecihs.dll J:\WINDOWS\system32\fygecihs.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\gaogcfjv.dll J:\WINDOWS\system32\gaogcfjv.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\gjluubpi.dll J:\WINDOWS\system32\gjluubpi.dll Has been deleted! Attempting to delete J:\windows\system32\gquvnkkk.ini J:\windows\system32\gquvnkkk.ini Has been deleted! Attempting to delete J:\WINDOWS\system32\gsqdpgvu.dll J:\WINDOWS\system32\gsqdpgvu.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\hdofyces.dll J:\WINDOWS\system32\hdofyces.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\hevcseqc.dll J:\WINDOWS\system32\hevcseqc.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\hrnkivqt.dll J:\WINDOWS\system32\hrnkivqt.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\hsncpior.dll J:\WINDOWS\system32\hsncpior.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\htuevyta.dll J:\WINDOWS\system32\htuevyta.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\iacpwoxu.dll J:\WINDOWS\system32\iacpwoxu.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\iatjgcgk.dll J:\WINDOWS\system32\iatjgcgk.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\ikcrjhwg.dll J:\WINDOWS\system32\ikcrjhwg.dll Has been deleted! Attempting to delete J:\windows\system32\iofmhjfx.ini J:\windows\system32\iofmhjfx.ini Has been deleted! Attempting to delete J:\WINDOWS\system32\iudmalfy.dll J:\WINDOWS\system32\iudmalfy.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\jehxlkpr.dll J:\WINDOWS\system32\jehxlkpr.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\jlgejwju.dll J:\WINDOWS\system32\jlgejwju.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\joegnnul.dll J:\WINDOWS\system32\joegnnul.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\juloaspd.dll J:\WINDOWS\system32\juloaspd.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\jwflgddn.dll J:\WINDOWS\system32\jwflgddn.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\jxbugere.dll J:\WINDOWS\system32\jxbugere.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\jxqqlcoa.dll J:\WINDOWS\system32\jxqqlcoa.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\kbbtoibk.dll J:\WINDOWS\system32\kbbtoibk.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\kivmspyj.dll J:\WINDOWS\system32\kivmspyj.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\kivxmjpo.dll J:\WINDOWS\system32\kivxmjpo.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\kkknvuqg.dll J:\WINDOWS\system32\kkknvuqg.dll Has been deleted! Attempting to delete J:\windows\system32\kngfcsoy.ini J:\windows\system32\kngfcsoy.ini Has been deleted! Attempting to delete J:\WINDOWS\system32\krfkyyxv.dll J:\WINDOWS\system32\krfkyyxv.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\lejyfofe.dll J:\WINDOWS\system32\lejyfofe.dll Could not be deleted. Attempting to delete J:\WINDOWS\system32\ltxlqkbm.dll J:\WINDOWS\system32\ltxlqkbm.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\lulckuum.dll J:\WINDOWS\system32\lulckuum.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\lyyhbxgy.dll J:\WINDOWS\system32\lyyhbxgy.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\mdjyikoj.dll J:\WINDOWS\system32\mdjyikoj.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\mekshiuj.dll J:\WINDOWS\system32\mekshiuj.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\mfbucvgf.dll J:\WINDOWS\system32\mfbucvgf.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\mhsrqajk.dll J:\WINDOWS\system32\mhsrqajk.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\mkvgsyst.dll J:\WINDOWS\system32\mkvgsyst.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\mrhmyfdi.dll J:\WINDOWS\system32\mrhmyfdi.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\mufbjtrd.ini J:\WINDOWS\system32\mufbjtrd.ini Has been deleted! Attempting to delete J:\WINDOWS\system32\mufbjtrd.ini2 J:\WINDOWS\system32\mufbjtrd.ini2 Has been deleted! Attempting to delete J:\windows\system32\muukclul.ini J:\windows\system32\muukclul.ini Has been deleted! Attempting to delete J:\WINDOWS\system32\ngusrfwe.dll J:\WINDOWS\system32\ngusrfwe.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\oattsxop.dll J:\WINDOWS\system32\oattsxop.dll Has been deleted! Attempting to delete J:\windows\system32\oebokaqu.ini J:\windows\system32\oebokaqu.ini Has been deleted! Attempting to delete J:\WINDOWS\system32\oeseskgp.dll J:\WINDOWS\system32\oeseskgp.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\osnnqnmm.dll J:\WINDOWS\system32\osnnqnmm.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\owrenutu.dll J:\WINDOWS\system32\owrenutu.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\prtifsvg.dll J:\WINDOWS\system32\prtifsvg.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\psvqmyid.ini J:\WINDOWS\system32\psvqmyid.ini Has been deleted! Attempting to delete J:\WINDOWS\system32\qbgqkevl.dll J:\WINDOWS\system32\qbgqkevl.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\qihfgkbe.dll J:\WINDOWS\system32\qihfgkbe.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\qofsmycu.dll J:\WINDOWS\system32\qofsmycu.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\qtmusbew.dll J:\WINDOWS\system32\qtmusbew.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\qywodlqd.dll J:\WINDOWS\system32\qywodlqd.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\raogqjpo.dll J:\WINDOWS\system32\raogqjpo.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\rcfaieef.dll J:\WINDOWS\system32\rcfaieef.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\rlctpkax.dll J:\WINDOWS\system32\rlctpkax.dll Has been deleted! Attempting to delete J:\windows\system32\rpklxhej.ini J:\windows\system32\rpklxhej.ini Has been deleted! Attempting to delete J:\WINDOWS\system32\rppopyvm.dll J:\WINDOWS\system32\rppopyvm.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\rqtfiwyv.dll J:\WINDOWS\system32\rqtfiwyv.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\rsdlxjvb.ini J:\WINDOWS\system32\rsdlxjvb.ini Has been deleted! Attempting to delete J:\WINDOWS\system32\rtmojuew.dll J:\WINDOWS\system32\rtmojuew.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\rwnnortd.dll J:\WINDOWS\system32\rwnnortd.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\rxqsppaa.dll J:\WINDOWS\system32\rxqsppaa.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\rxvgyxbm.dll J:\WINDOWS\system32\rxvgyxbm.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\sebxogkw.dll J:\WINDOWS\system32\sebxogkw.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\siwflwus.dll J:\WINDOWS\system32\siwflwus.dll Has been deleted! Attempting to delete J:\windows\system32\siwwjmva.ini J:\windows\system32\siwwjmva.ini Has been deleted! Attempting to delete J:\WINDOWS\system32\skclvcqg.dll J:\WINDOWS\system32\skclvcqg.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\sqyrbffh.dll J:\WINDOWS\system32\sqyrbffh.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\sxngueff.dll J:\WINDOWS\system32\sxngueff.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\tcylwiul.dll J:\WINDOWS\system32\tcylwiul.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\tdbfwynr.dll J:\WINDOWS\system32\tdbfwynr.dll Has been deleted! Attempting to delete J:\windows\system32\tsysgvkm.ini J:\windows\system32\tsysgvkm.ini Has been deleted! Attempting to delete J:\WINDOWS\system32\tuniteow.dll J:\WINDOWS\system32\tuniteow.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\twpsrroq.dll J:\WINDOWS\system32\twpsrroq.dll Has been deleted! Attempting to delete J:\windows\system32\ucymsfoq.ini J:\windows\system32\ucymsfoq.ini Has been deleted! Attempting to delete J:\WINDOWS\system32\uevwsbdf.dll J:\WINDOWS\system32\uevwsbdf.dll Has been deleted! Attempting to delete J:\windows\system32\ujwjeglj.ini J:\windows\system32\ujwjeglj.ini Has been deleted! Attempting to delete J:\WINDOWS\system32\uohplpia.dll J:\WINDOWS\system32\uohplpia.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\upsislsx.dll J:\WINDOWS\system32\upsislsx.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\uqakobeo.dll J:\WINDOWS\system32\uqakobeo.dll Has been deleted! Attempting to delete J:\windows\system32\utunerwo.ini J:\windows\system32\utunerwo.ini Has been deleted! Attempting to delete J:\WINDOWS\system32\uykqtnky.dll J:\WINDOWS\system32\uykqtnky.dll Has been deleted! Attempting to delete J:\windows\system32\websumtq.ini J:\windows\system32\websumtq.ini Has been deleted! Attempting to delete J:\windows\system32\weujomtr.ini J:\windows\system32\weujomtr.ini Has been deleted! Attempting to delete J:\WINDOWS\system32\vfxmwlgx.dll J:\WINDOWS\system32\vfxmwlgx.dll Has been deleted! Attempting to delete J:\windows\system32\vhthwtpw.ini J:\windows\system32\vhthwtpw.ini Has been deleted! Attempting to delete J:\WINDOWS\system32\wicrwyvf.ini J:\WINDOWS\system32\wicrwyvf.ini Has been deleted! Attempting to delete J:\WINDOWS\system32\wlfckcmv.dll J:\WINDOWS\system32\wlfckcmv.dll Has been deleted! Attempting to delete J:\windows\system32\vmckcflw.ini J:\windows\system32\vmckcflw.ini Has been deleted! Attempting to delete J:\WINDOWS\system32\wptwhthv.dll J:\WINDOWS\system32\wptwhthv.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\vqnsvecm.dll J:\WINDOWS\system32\vqnsvecm.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\vqswnlna.ini J:\WINDOWS\system32\vqswnlna.ini Has been deleted! Attempting to delete J:\WINDOWS\system32\wrjyolwu.dll J:\WINDOWS\system32\wrjyolwu.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\vrlbwhef.dll J:\WINDOWS\system32\vrlbwhef.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\wsfuujkf.dll J:\WINDOWS\system32\wsfuujkf.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\vuakdshn.dll J:\WINDOWS\system32\vuakdshn.dll Has been deleted! Attempting to delete J:\windows\system32\vywiftqr.ini J:\windows\system32\vywiftqr.ini Has been deleted! Attempting to delete J:\windows\system32\xakptclr.ini J:\windows\system32\xakptclr.ini Has been deleted! Attempting to delete J:\WINDOWS\system32\xbqdgruw.dll J:\WINDOWS\system32\xbqdgruw.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\xfhdfgwa.ini J:\WINDOWS\system32\xfhdfgwa.ini Has been deleted! Attempting to delete J:\WINDOWS\system32\xfjhmfoi.dll J:\WINDOWS\system32\xfjhmfoi.dll Has been deleted! Attempting to delete J:\windows\system32\xglwmxfv.ini J:\windows\system32\xglwmxfv.ini Has been deleted! Attempting to delete J:\WINDOWS\system32\xgsrglnm.dll J:\WINDOWS\system32\xgsrglnm.dll Has been deleted! Attempting to delete J:\windows\system32\xslsispu.ini J:\windows\system32\xslsispu.ini Has been deleted! Attempting to delete J:\WINDOWS\system32\xsuxihyd.dll J:\WINDOWS\system32\xsuxihyd.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\ybnsajrq.dll J:\WINDOWS\system32\ybnsajrq.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\yiiaalwc.dll J:\WINDOWS\system32\yiiaalwc.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\ymmkuafp.dll J:\WINDOWS\system32\ymmkuafp.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\yoscfgnk.dll J:\WINDOWS\system32\yoscfgnk.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\yuxvjkqb.dll J:\WINDOWS\system32\yuxvjkqb.dll Has been deleted! Attempting to delete J:\WINDOWS\system32\yxlmjppm.dll J:\WINDOWS\system32\yxlmjppm.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.7.10 Checking Java version... Java version is 1.4.2.5 Old versions of java are exploitable and should be removed. Java version is 1.5.0.3 Old versions of java are exploitable and should be removed. Scan started at 20:59:41 29.2.2008 Listing files found while scanning.... J:\WINDOWS\system32\efofyjel.ini J:\WINDOWS\system32\lejyfofe.dll J:\WINDOWS\system32\sstqr.dll Beginning removal... Attempting to delete J:\WINDOWS\system32\efofyjel.ini J:\WINDOWS\system32\efofyjel.ini Has been deleted! Attempting to delete J:\WINDOWS\system32\lejyfofe.dll J:\WINDOWS\system32\lejyfofe.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete J:\WINDOWS\system32\lejyfofe.dll J:\WINDOWS\system32\lejyfofe.dll Has been deleted! Performing Repairs to the registry. Done!
• Avaa HiJackThis • Klikkaa "Configure" valintaa oikealla alhaalla • Klikkaa "Misc Tools" • Klikkaa boxia joka sanoo "Uninstall Manager" • Klikkaa valintaa "Save list" • Kopioi ja liitä kyseinen lista muistiosta postiisi
Tässä on se SDFix raportti: SDFix: Version 1.149 Run by Mauri on la 01.03.2008 at 22:26 Microsoft Windows XP [versio 5.1.2600] Running From: J:\DOCUME~1\Mauri\TYPYT~1\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-01 22:41:30 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\\xdc\2\xe4] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\\xdc\2\xe4\DirectSound] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\\xdc\2\xe4\DirectSound\Device Presence] "VxD"=dword:00000001 "WDM"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Enum\\xdc\2\xe4] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Enum\\xdc\2\xe4\DirectSound] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Enum\\xdc\2\xe4\DirectSound\Device Presence] "VxD"=dword:00000001 "WDM"=dword:00000001 scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x90\x2022\x20ac|\xff\xff\xff\xff"\x2022\x20ac|\xfe\xbb\xd3w\2] "b049C053C7D38EE4AB9A00CB3B5D2472"="J?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT" scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 4 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "J:\\games\\LucasArts\\Star Wars Battlefront II\\GameData\\BattlefrontII.exe"="J:\\games\\LucasArts\\Star Wars Battlefront II\\GameData\\BattlefrontII.exe:*:Enabled:BattlefrontII" "J:\\games\\Battlefield 2\\BF2.exe"="J:\\games\\Battlefield 2\\BF2.exe:*:Enabled:BF2" "J:\\Program Files\\uTorrent\\utorrent.exe"="J:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent" "J:\\Program Files\\eMule\\emule.exe"="J:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "J:\\Program Files\\Messenger\\msmsgs.exe"="J:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "J:\\Program Files\\The All-Seeing Eye\\eye.exe"="J:\\Program Files\\The All-Seeing Eye\\eye.exe:*:Enabled:Yahoo! All-Seeing Eye" "J:\\games\\Valve\\Steam\\SteamApps\\an_tero\\counter-strike\\hl.exe"="J:\\games\\Valve\\Steam\\SteamApps\\an_tero\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher" "J:\\games\\Valve\\Steam\\SteamApps\\an_tero\\condition zero\\hl.exe"="J:\\games\\Valve\\Steam\\SteamApps\\an_tero\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher" "J:\\games\\Valve\\Steam\\SteamApps\\an_tero\\counter-strike source\\hl2.exe"="J:\\games\\Valve\\Steam\\SteamApps\\an_tero\\counter-strike source\\hl2.exe:*:Enabled:hl2" "J:\\games\\Valve\\Steam\\SteamApps\\an_tero\\day of defeat\\hl.exe"="J:\\games\\Valve\\Steam\\SteamApps\\an_tero\\day of defeat\\hl.exe:*:Enabled:Half-Life Launcher" "J:\\Program Files\\Vietcong MP demo\\vietcong.exe"="J:\\Program Files\\Vietcong MP demo\\vietcong.exe:*:Enabled:vietcong" "J:\\WINDOWS\\system32\\dpnsvr.exe"="J:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server" "J:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"="J:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s" "J:\\Program Files\\VentSrv\\ventrilo_srv.exe"="J:\\Program Files\\VentSrv\\ventrilo_srv.exe:*:Enabled:ventrilo_srv" "C:\\Program Files\\VentriloMIX\\VentriloMIX.exe"="C:\\Program Files\\VentriloMIX\\VentriloMIX.exe:*:Enabled:VentriloMIX" "J:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="J:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "J:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="J:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "J:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="J:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "J:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="J:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "J:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="J:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "J:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="J:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : Files with Hidden Attributes : Thu 19 Jul 2007 951,057 ..SH. --- "J:\WINDOWS\system32\rqtss.tmp" Thu 12 Jul 2007 0 A.SH. --- "J:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Mon 16 Oct 2006 149,830 A..H. --- "J:\games\LucasArts\Star Wars Jedi Knight Jedi Academy\Demo\kur.exe" Fri 13 Oct 2006 367,104 A..H. --- "J:\games\LucasArts\Star Wars Jedi Knight Jedi Academy\Demo\Menu.exe" Fri 13 Oct 2006 367,104 A..H. --- "J:\games\LucasArts\Star Wars Jedi Knight Jedi Academy\Demo\Menub.exe" Sat 9 Dec 2006 2,855 A..H. --- "J:\Documents and Settings\AnterMISTAJA-935159\Ty”p”yt„\Pelit\X-Files\eMule0.47c-Installer.PIF" Sun 15 Oct 2006 24,576 A..H. --- "J:\games\LucasArts\Star Wars Jedi Knight Jedi Academy\Demo\cmds\Anchor.exe" Sun 15 Oct 2006 319,630 A..H. --- "J:\games\LucasArts\Star Wars Jedi Knight Jedi Academy\Demo\cmds\bestjedi.exe" Sun 19 Dec 2004 31,232 A..H. --- "J:\games\LucasArts\Star Wars Jedi Knight Jedi Academy\Demo\cmds\cmdow.exe" Fri 13 Oct 2006 319,630 A..H. --- "J:\games\LucasArts\Star Wars Jedi Knight Jedi Academy\Demo\cmds\Credits.exe" Sun 15 Oct 2006 319,622 A..H. --- "J:\games\LucasArts\Star Wars Jedi Knight Jedi Academy\Demo\cmds\exit.exe" Sun 15 Oct 2006 319,670 A..H. --- "J:\games\LucasArts\Star Wars Jedi Knight Jedi Academy\Demo\cmds\jango.exe" Sun 15 Oct 2006 319,830 A..H. --- "J:\games\LucasArts\Star Wars Jedi Knight Jedi Academy\Demo\cmds\lang_to_Turkish.exe" Sun 15 Oct 2006 319,814 A..H. --- "J:\games\LucasArts\Star Wars Jedi Knight Jedi Academy\Demo\cmds\lang_to_Spanish.exe" Sun 15 Oct 2006 319,750 A..H. --- "J:\games\LucasArts\Star Wars Jedi Knight Jedi Academy\Demo\cmds\languages.exe" Sun 15 Oct 2006 319,814 A..H. --- "J:\games\LucasArts\Star Wars Jedi Knight Jedi Academy\Demo\cmds\lang_to_English.exe" Sun 15 Oct 2006 319,814 A..H. --- "J:\games\LucasArts\Star Wars Jedi Knight Jedi Academy\Demo\cmds\lang_to_french.exe" Sun 15 Oct 2006 319,814 A..H. --- "J:\games\LucasArts\Star Wars Jedi Knight Jedi Academy\Demo\cmds\lang_to_German.exe" Sun 15 Oct 2006 319,830 A..H. --- "J:\games\LucasArts\Star Wars Jedi Knight Jedi Academy\Demo\cmds\lang_to_Portugues.exe" Sun 15 Oct 2006 32,768 A..H. --- "J:\games\LucasArts\Star Wars Jedi Knight Jedi Academy\Demo\cmds\MsgHook.dll" Sun 15 Oct 2006 319,670 A..H. --- "J:\games\LucasArts\Star Wars Jedi Knight Jedi Academy\Demo\cmds\obi.exe" Sun 15 Oct 2006 319,750 A..H. --- "J:\games\LucasArts\Star Wars Jedi Knight Jedi Academy\Demo\cmds\options.exe" Mon 22 Dec 2003 61,440 A..H. --- "J:\games\LucasArts\Star Wars Jedi Knight Jedi Academy\Demo\cmds\pv.exe" Mon 16 Oct 2006 319,670 A..H. --- "J:\games\LucasArts\Star Wars Jedi Knight Jedi Academy\Demo\cmds\setuplang.exe" Fri 13 Oct 2006 319,622 A..H. --- "J:\games\LucasArts\Star Wars Jedi Knight Jedi Academy\Demo\cmds\tips.exe" Sat 14 Oct 2006 319,630 A..H. --- "J:\games\LucasArts\Star Wars Jedi Knight Jedi Academy\Demo\cmds\trailer.exe" Fri 13 Oct 2006 319,630 A..H. --- "J:\games\LucasArts\Star Wars Jedi Knight Jedi Academy\Demo\cmds\update.exe" Sat 2 Mar 2002 32,768 A..H. --- "J:\games\LucasArts\Star Wars Jedi Knight Jedi Academy\Demo\cmds\Wait.exe" Mon 20 Dec 1999 56,832 A..H. --- "J:\games\LucasArts\Star Wars Jedi Knight Jedi Academy\Demo\src\mpeg.dll" Thu 12 Oct 2006 367,104 A..H. --- "J:\games\LucasArts\Star Wars Jedi Knight Jedi Academy\Demo\submenus\lang\Menu3.exe" Thu 12 Oct 2006 367,104 A..H. --- "J:\games\LucasArts\Star Wars Jedi Knight Jedi Academy\Demo\submenus\lang\Menu3b.exe" Thu 12 Oct 2006 367,104 A..H. --- "J:\games\LucasArts\Star Wars Jedi Knight Jedi Academy\Demo\submenus\options\Menu2.exe" Thu 12 Oct 2006 367,104 A..H. --- "J:\games\LucasArts\Star Wars Jedi Knight Jedi Academy\Demo\submenus\options\Menu2b.exe" Mon 20 Dec 1999 56,832 A..H. --- "J:\games\LucasArts\Star Wars Jedi Knight Jedi Academy\Demo\submenus\lang\src\mpeg.dll" Mon 20 Dec 1999 56,832 A..H. --- "J:\games\LucasArts\Star Wars Jedi Knight Jedi Academy\Demo\submenus\options\src\mpeg.dll" Finished!
Tässä on se lista: AC3Filter (remove only) Ad-Aware 2007 Adobe Bridge 1.0 Adobe Common File Installer Adobe Flash Player 9 ActiveX Adobe Flash Player Plugin Adobe Help Center 1.0 Adobe Photoshop CS2 Adobe Reader 7.0 - Suomi Adobe Shockwave Player Adobe Stock Photos 1.0 AudibleManager Battlefield 1942 BS.Player FREE powered by AdVantage Call of Duty(R) 2 Counter-Strike(TM) Creative MediaSource 5 Creative MuVo V100 Creative System Information Diablo II Dragonball Z Saiyan Fate eMule eMusic - 50 Free MP3 offer EPSON Scan EPSON-tulostinohjelma ESPRX420 -pikaopas ESPRX420-ohjelmisto-opas FW MapPack IndepenceDay V2 GeoGebra Google Earth Grand Theft Auto Vice City GTA San Andreas Half-Life(R) 2 High Definition Audio Driver Package - KB888111 HijackThis 2.0.0 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix-korjauspäivitys Windows Media Player 11:lle (KB939683) J2SE Runtime Environment 5.0 Update 3 Java 2 Runtime Environment, SE v1.4.2_05 Java(TM) 6 Update 2 Java(TM) 6 Update 3 Java(TM) SE Runtime Environment 6 Update 1 Last.fm 1.4.2.59470 LastChaos LEGO Star Wars Logitech Desktop Messenger Logitech SetPoint Lumo Nettiturva Messenger Plus! Live Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Finnish Language Pack Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Works 7.0 mIRC Mozilla Firefox (2.0.0.12) Nero OEM Nero Suite NeroVision Express 2 NVIDIA Drivers Opera 9.25 Pivot Stickfigure Animator Power Tab Editor 1.7 PowerISO PSP Video 9 2.25 PunkBuster for Battlefield 1942 Päivitys Windows XP:lle (KB894391) Päivitys Windows XP:lle (KB898461) Päivitys Windows XP:lle (KB900485) Päivitys Windows XP:lle (KB908531) Päivitys Windows XP:lle (KB910437) Päivitys Windows XP:lle (KB911280) Päivitys Windows XP:lle (KB916595) Päivitys Windows XP:lle (KB920872) Päivitys Windows XP:lle (KB922582) Päivitys Windows XP:lle (KB927891) Päivitys Windows XP:lle (KB930916) Päivitys Windows XP:lle (KB931836) Päivitys Windows XP:lle (KB933360) Päivitys Windows XP:lle (KB936357) Päivitys Windows XP:lle (KB938828) Päivitys Windows XP:lle (KB942763) Päivitys Windows XP:lle (KB942840) Päivitys Windows XP:lle (KB946627) Smart Link 56K Modem SpicyTools Video Converter 1.0 Star Wars Battlefront II Star Wars Jedi Knight Jedi Academy Steam(TM) Suojauspäivitys ohjelmistolle Windows XP (KB923689) Suojauspäivitys ohjelmistolle Windows XP (KB941569) Suojauspäivitys Windows Media Player 10:lle (KB917734) Suojauspäivitys Windows Media Player 11:lle (KB936782) Suojauspäivitys Windows Media Player 6.4:lle (KB925398) Suojauspäivitys Windows Media Playerille (KB911564) Suojauspäivitys Windows XP:lle (KB893756) Suojauspäivitys Windows XP:lle (KB896358) Suojauspäivitys Windows XP:lle (KB896423) Suojauspäivitys Windows XP:lle (KB896428) Suojauspäivitys Windows XP:lle (KB899587) Suojauspäivitys Windows XP:lle (KB899591) Suojauspäivitys Windows XP:lle (KB900725) Suojauspäivitys Windows XP:lle (KB901017) Suojauspäivitys Windows XP:lle (KB901214) Suojauspäivitys Windows XP:lle (KB902400) Suojauspäivitys Windows XP:lle (KB904706) Suojauspäivitys Windows XP:lle (KB905414) Suojauspäivitys Windows XP:lle (KB905749) Suojauspäivitys Windows XP:lle (KB908519) Suojauspäivitys Windows XP:lle (KB911562) Suojauspäivitys Windows XP:lle (KB911927) Suojauspäivitys Windows XP:lle (KB913580) Suojauspäivitys Windows XP:lle (KB914388) Suojauspäivitys Windows XP:lle (KB914389) Suojauspäivitys Windows XP:lle (KB917344) Suojauspäivitys Windows XP:lle (KB917422) Suojauspäivitys Windows XP:lle (KB917953) Suojauspäivitys Windows XP:lle (KB918118) Suojauspäivitys Windows XP:lle (KB918439) Suojauspäivitys Windows XP:lle (KB919007) Suojauspäivitys Windows XP:lle (KB920213) Suojauspäivitys Windows XP:lle (KB920670) Suojauspäivitys Windows XP:lle (KB920683) Suojauspäivitys Windows XP:lle (KB920685) Suojauspäivitys Windows XP:lle (KB921503) Suojauspäivitys Windows XP:lle (KB922819) Suojauspäivitys Windows XP:lle (KB923191) Suojauspäivitys Windows XP:lle (KB923414) Suojauspäivitys Windows XP:lle (KB923694) Suojauspäivitys Windows XP:lle (KB923789) Suojauspäivitys Windows XP:lle (KB923980) Suojauspäivitys Windows XP:lle (KB924191) Suojauspäivitys Windows XP:lle (KB924270) Suojauspäivitys Windows XP:lle (KB924496) Suojauspäivitys Windows XP:lle (KB924667) Suojauspäivitys Windows XP:lle (KB925902) Suojauspäivitys Windows XP:lle (KB926255) Suojauspäivitys Windows XP:lle (KB926436) Suojauspäivitys Windows XP:lle (KB927779) Suojauspäivitys Windows XP:lle (KB927802) Suojauspäivitys Windows XP:lle (KB928090) Suojauspäivitys Windows XP:lle (KB928255) Suojauspäivitys Windows XP:lle (KB928843) Suojauspäivitys Windows XP:lle (KB929123) Suojauspäivitys Windows XP:lle (KB929969) Suojauspäivitys Windows XP:lle (KB930178) Suojauspäivitys Windows XP:lle (KB931261) Suojauspäivitys Windows XP:lle (KB931768) Suojauspäivitys Windows XP:lle (KB931784) Suojauspäivitys Windows XP:lle (KB932168) Suojauspäivitys Windows XP:lle (KB933566) Suojauspäivitys Windows XP:lle (KB933729) Suojauspäivitys Windows XP:lle (KB935839) Suojauspäivitys Windows XP:lle (KB935840) Suojauspäivitys Windows XP:lle (KB936021) Suojauspäivitys Windows XP:lle (KB937143) Suojauspäivitys Windows XP:lle (KB938127) Suojauspäivitys Windows XP:lle (KB938829) Suojauspäivitys Windows XP:lle (KB939653) Suojauspäivitys Windows XP:lle (KB941202) Suojauspäivitys Windows XP:lle (KB941568) Suojauspäivitys Windows XP:lle (KB941644) Suojauspäivitys Windows XP:lle (KB942615) Suojauspäivitys Windows XP:lle (KB943055) Suojauspäivitys Windows XP:lle (KB943460) Suojauspäivitys Windows XP:lle (KB943485) Suojauspäivitys Windows XP:lle (KB944533) Suojauspäivitys Windows XP:lle (KB944653) Suojauspäivitys Windows XP:lle (KB946026) TeamSpeak 2 RC2 TeamSpeak 2 Server RC2 TI Connect 1.6 Tzar Tzar: The Burden of the Crown Demo Ventrilo Client Ventrilo Server VentriloMIX Vietcong Multiplayer demo Winamp Windows Installer 3.1 (KB893803) Windows Live installer Windows Live Messenger Windows Live OneCare safety scanner Windows Liven kirjautumisavustaja Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 10:n Hotfix-korjauspäivitys KB895316 Windows Media Player 11 Windows Media Player 11 Windows XP Hotfix - KB834707 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB883667 Windows XP Hotfix - KB884020 Windows XP Hotfix - KB884575 Windows XP Hotfix - KB885523 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885894 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB886677 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB887797 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 WinRAR archiver
Poista lisää poista sovelutuksesta J2SE Runtime Environment 5.0 Update 3 Java 2 Runtime Environment, SE v1.4.2_05 Java(TM) 6 Update 2 Java(TM) SE Runtime Environment 6 Update 1 Logitech Desktop Messenger
Otas tuo 1.Lataa combofix.exe työpöydällesi yhdestä linkistä: combofix1 combofix2 2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia. 3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi. Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen. ========= Laita se combofix loki ja scannaa uusi hjt:n loki viimisenä
HJT:n loki. Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 23:38:34, on 1.3.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: J:\WINDOWS\System32\smss.exe J:\WINDOWS\system32\winlogon.exe J:\WINDOWS\system32\services.exe J:\WINDOWS\system32\lsass.exe J:\WINDOWS\system32\svchost.exe J:\WINDOWS\System32\svchost.exe J:\WINDOWS\system32\spoolsv.exe J:\WINDOWS\Explorer.EXE J:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe J:\WINDOWS\system32\CTsvcCDA.exe J:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe J:\Program Files\dna Nettiturva\Common\FSMA32.EXE J:\Program Files\dna Nettiturva\Anti-Virus\FSGK32.EXE J:\WINDOWS\System32\svchost.exe J:\Program Files\dna Nettiturva\Common\FSMB32.EXE J:\WINDOWS\system32\nvsvc32.exe J:\WINDOWS\system32\PnkBstrA.exe J:\WINDOWS\system32\slserv.exe J:\WINDOWS\system32\svchost.exe J:\Program Files\dna Nettiturva\Common\FCH32.EXE J:\Program Files\dna Nettiturva\Anti-Virus\fssm32.exe J:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe J:\Program Files\dna Nettiturva\Common\FAMEH32.EXE J:\Program Files\dna Nettiturva\Anti-Virus\fsqh.exe J:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe J:\Program Files\dna Nettiturva\FSAUA\program\fsus.exe J:\Program Files\dna Nettiturva\Anti-Virus\fsav32.exe J:\WINDOWS\SOUNDMAN.EXE J:\WINDOWS\ALCWZRD.EXE J:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE J:\Program Files\dna Nettiturva\Common\FSM32.EXE J:\Program Files\dna Nettiturva\FSGUI\ispnews.exe J:\Program Files\dna Nettiturva\FSGUI\fsguidll.exe J:\Program Files\PowerISO\PWRISOVM.EXE J:\Program Files\Windows Live\Messenger\msnmsgr.exe J:\WINDOWS\system32\wuauclt.exe J:\Program Files\Logitech\SetPoint\SetPoint.exe J:\Program Files\Last.fm\LastFMHelper.exe J:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE J:\Program Files\Mozilla Firefox\firefox.exe J:\Program Files\Windows Live\Messenger\usnsvc.exe J:\Program Files\Winamp\winamp.exe J:\Program Files\Last.fm\LastFM.exe J:\Program Files\Java\jre1.6.0_03\bin\jusched.exe J:\Documents and Settings\Mauri\Omat tiedostot\Vastaanotetut tiedostot\HiJackThis_v2.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - J:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - J:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - J:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [High Definition Audio -ominaisuussivun pikakuvake] HDAudPropShortcut.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE J:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] J:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] J:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420" O4 - HKLM\..\Run: [F-Secure Manager] "J:\Program Files\dna Nettiturva\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "J:\Program Files\dna Nettiturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [News Service] "J:\Program Files\dna Nettiturva\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [QuickTime Task] "J:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PWRISOVM.EXE] J:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "J:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [msnmsgr] "J:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = J:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Last.fm Helper.lnk = J:\Program Files\Last.fm\LastFMHelper.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = J:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = J:\Program Files\Logitech\SetPoint\SetPoint.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - J:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - J:\WINDOWS\system32\browseui.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - J:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - J:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - J:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - J:\WINDOWS\System32\dmadmin.exe O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - J:\WINDOWS\system32\services.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - J:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - J:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - J:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - J:\Program Files\dna Nettiturva\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - J:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - J:\WINDOWS\system32\imapi.exe O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - J:\WINDOWS\system32\mnmsrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - J:\WINDOWS\system32\nvsvc32.exe O23 - Service: Plug and Play (PlugPlay) - Unknown owner - J:\WINDOWS\system32\services.exe O23 - Service: PnkBstrA - Unknown owner - J:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - J:\WINDOWS\system32\sessmgr.exe O23 - Service: Älykortti (SCardSvr) - Unknown owner - J:\WINDOWS\System32\SCardSvr.exe O23 - Service: SmartLinkService (SLService) - - J:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - J:\WINDOWS\system32\smlogsvc.exe O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - J:\WINDOWS\System32\vssvc.exe O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - J:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Windows Media Playerin verkkojakamispalvelu (WMPNetworkSvc) - Unknown owner - J:\Program Files\Windows Media Player\WMPNetwk.exe -- End of file - 8902 bytes Combofix loki: ComboFix 08-03-01 - Mauri 2008-02-29 21:58:02.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.552 [GMT 2:00] Running from: J:\Documents and Settings\Mauri\Omat tiedostot\Vastaanotetut tiedostot\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . (((((((((((((((((((((((((((((((((((((( Muut poistot )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . J:\UGA6P J:\WINDOWS\cookies.ini J:\WINDOWS\Fonts\acrsecB.fon J:\WINDOWS\Fonts\acrsecI.fon J:\WINDOWS\smdat32a.sys J:\WINDOWS\smdat32m.sys J:\WINDOWS\system32\aqjebych.ini J:\WINDOWS\system32\bbjauaek.ini J:\WINDOWS\system32\bgwgrwvy.dll J:\WINDOWS\system32\caanxgin.ini J:\WINDOWS\system32\cigxpyvs.ini J:\WINDOWS\system32\ekoovqvw.ini J:\WINDOWS\system32\fdbswveu.ini J:\WINDOWS\system32\fgrwagof.ini J:\WINDOWS\system32\fhfhuelv.ini J:\WINDOWS\system32\figsxypo.ini J:\WINDOWS\system32\fpsaontb.ini J:\WINDOWS\system32\gabbwnxt.ini J:\WINDOWS\system32\gacdbwfa.ini J:\WINDOWS\system32\gewwetbd.ini J:\WINDOWS\system32\gycqckff.ini J:\WINDOWS\system32\hiriobtc.ini J:\WINDOWS\system32\hwwgypix.ini J:\WINDOWS\system32\iculoglf.dll J:\WINDOWS\system32\ilgwswbu.ini J:\WINDOWS\system32\inglyxgs.dll J:\WINDOWS\system32\jdxairkg.ini J:\WINDOWS\system32\jokiyjdm.ini J:\WINDOWS\system32\lgjihhbj.ini J:\WINDOWS\system32\mbpnlyma.ini J:\WINDOWS\system32\mbxygvxr.ini J:\WINDOWS\system32\mcrh.tmp J:\WINDOWS\system32\mppjmlxy.ini J:\WINDOWS\system32\nqcktfyg.ini J:\WINDOWS\system32\nxryjrbw.ini J:\WINDOWS\system32\ofurctkj.ini J:\WINDOWS\system32\pigbiaaq.ini J:\WINDOWS\system32\pypwsujt.ini J:\WINDOWS\system32\qkextolu.ini J:\WINDOWS\system32\rcsncbkv.ini J:\WINDOWS\system32\rsudmghv.ini J:\WINDOWS\system32\sptyrrlx.ini J:\WINDOWS\system32\subossvb.ini J:\WINDOWS\system32\upgrvrcx.ini J:\WINDOWS\system32\urrexhmi.dll J:\WINDOWS\system32\usufkbrc.ini J:\WINDOWS\system32\usxdetlp.ini J:\WINDOWS\system32\vlgqwusd.ini J:\WINDOWS\system32\wmfmlphx.ini J:\WINDOWS\system32\vmsdgwbb.ini J:\WINDOWS\system32\wqejuuei.ini J:\WINDOWS\system32\vsamprqb.ini J:\WINDOWS\system32\wtaigcrp.ini J:\WINDOWS\system32\vxyykfrk.ini J:\WINDOWS\system32\vymcqpdm.ini J:\WINDOWS\system32\xbtgkxgw.ini J:\WINDOWS\system32\xiggspfw.ini J:\WINDOWS\system32\xpptrlag.ini J:\WINDOWS\system32\ylliimlu.ini J:\WINDOWS\system32\yubosyiw.ini J:\WINDOWS\system32\yvhtmeds.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE -------\DomainService ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-02-01 to 2008-03-01 ))))))))))))))))) . 2008-02-29 19:44 . 2008-02-29 21:32 <KANSIO> d-------- J:\VundoFix Backups 2008-02-29 19:40 . 2008-02-29 20:38 2,828 --a------ J:\WINDOWS\system32\tmp.reg 2008-02-29 19:39 . 2007-09-05 23:22 289,144 --a------ J:\WINDOWS\system32\VCCLSID.exe 2008-02-29 19:39 . 2006-04-27 16:49 288,417 --a------ J:\WINDOWS\system32\SrchSTS.exe 2008-02-29 19:39 . 2008-02-28 11:37 86,016 --a------ J:\WINDOWS\system32\VACFix.exe 2008-02-29 19:39 . 2008-02-08 10:37 82,432 --a------ J:\WINDOWS\system32\IEDFix.exe 2008-02-29 19:39 . 2003-06-05 20:13 53,248 --a------ J:\WINDOWS\system32\Process.exe 2008-02-29 19:39 . 2004-07-31 17:50 51,200 --a------ J:\WINDOWS\system32\dumphive.exe 2008-02-29 19:39 . 2007-10-03 23:36 25,600 --a------ J:\WINDOWS\system32\WS2Fix.exe 2008-02-28 17:46 . 2007-07-30 19:19 271,224 --a------ J:\WINDOWS\system32\mucltui.dll 2008-02-28 17:46 . 2007-07-30 19:19 207,736 --a------ J:\WINDOWS\system32\muweb.dll 2008-02-28 17:46 . 2007-07-30 19:18 30,072 --a------ J:\WINDOWS\system32\mucltui.dll.mui 2008-02-27 18:43 . 2008-02-27 18:43 <KANSIO> d--hsc--- J:\Program Files\Common Files\WindowsLiveInstaller 2008-02-27 18:41 . 2008-02-27 18:41 <KANSIO> d-------- J:\Documents and Settings\All Users\Application Data\WLInstaller 2008-02-26 16:31 . 2008-02-29 20:09 99,435 --a------ J:\WINDOWS\BM67cd1cb9.xml 2008-02-26 16:31 . 2008-02-29 18:42 22 --a------ J:\WINDOWS\pskt.ini 2008-02-23 21:03 . 2008-02-23 21:03 1,553,686 ---hs---- J:\WINDOWS\system32\ynjreadb.ini 2008-02-22 20:58 . 2008-02-23 20:59 1,556,064 ---hs---- J:\WINDOWS\system32\gkvoqbnm.ini 2008-02-21 20:12 . 2008-02-22 20:58 1,566,869 ---hs---- J:\WINDOWS\system32\nsueujie.ini 2008-02-20 18:49 . 2008-02-21 20:11 1,321,541 ---hs---- J:\WINDOWS\system32\ewuwioyx.ini 2008-02-11 20:02 . 2008-02-16 14:48 <KANSIO> d-------- J:\Program Files\Guitar Pro 5 2008-02-09 22:12 . 2008-02-09 22:12 <KANSIO> d-------- J:\Program Files\SpicyTools 2008-02-09 22:11 . 2008-02-09 22:12 <KANSIO> d-------- J:\Program Files\SpicyTools Video Converter 1.0 2008-02-04 10:35 . 1998-10-29 16:45 306,688 --a------ J:\WINDOWS\IsUninst.exe . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-29 18:21 --------- d-----w J:\Program Files\BitComet 2008-02-29 18:19 --------- d-----w J:\Program Files\PowerISO 2008-02-29 16:51 --------- d-----w J:\Program Files\AdVantage 2008-02-27 19:47 --------- d--h--w J:\Program Files\InstallShield Installation Information 2008-02-27 19:45 --------- d-----w J:\Program Files\Illusion Softworks 2008-02-27 16:47 --------- d-----w J:\Program Files\MSN Messenger 2008-02-27 16:42 --------- d-----w J:\Program Files\Windows Live 2008-02-26 14:37 --------- d-----w J:\Documents and Settings\Mauri\Application Data\uTorrent 2008-02-26 14:37 --------- d-----w J:\Documents and Settings\Mauri\Application Data\mIRC 2008-02-26 14:12 --------- d-----w J:\Program Files\mIRC 2008-02-17 15:07 --------- d-----w J:\Documents and Settings\AnterMISTAJA-935159\Application Data\uTorrent 2008-02-16 14:47 22,328 ----a-w J:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-02-13 15:18 --------- d-----w J:\Program Files\dna Nettiturva 2008-02-13 15:12 30,016 ----a-w J:\WINDOWS\system32\drivers\fsndis5.sys 2008-02-01 16:42 --------- d-----w J:\Program Files\Pivot Stickfigure Animator 2008-01-29 12:06 --------- d-----w J:\Program Files\Red Kawa 2008-01-27 12:08 --------- d-----w J:\Documents and Settings\All Users\Application Data\Last.fm 2008-01-27 12:03 --------- d-----w J:\Program Files\Last.fm 2008-01-26 19:20 --------- d-----w J:\Program Files\uTorrent 2008-01-26 19:09 --------- d-----w J:\Program Files\Windows Live Safety Center 2008-01-14 17:24 --------- d--h--w J:\Program Files\Zero G Registry 2008-01-14 17:24 --------- d-----w J:\Program Files\GeoGebra 2008-01-13 15:48 --------- d-----w J:\Program Files\Opera 2008-01-12 13:53 --------- d-----w J:\Program Files\Winamp 2008-01-11 18:51 --------- d-----w J:\Program Files\AC3Filter 2008-01-08 14:26 --------- d-----w J:\Documents and Settings\Janne\Application Data\uTorrent 2007-07-08 13:03 15,984,155 ----a-w J:\Program Files\ad-aware_v7.0.1.5.zip 2007-06-01 10:49 1,557,352 ------w J:\Program Files\Paint.NET 3.08 - BetaNews.exe 2007-05-18 06:38 3,858,985 ----a-w J:\Program Files\eMule0.48a-Installer.exe . (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="J:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] "LDM"="J:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-09-04 18:47 67128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "High Definition Audio -ominaisuussivun pikakuvake"="HDAudPropShortcut.exe" [2004-03-17 15:10 61952 J:\WINDOWS\system32\Hdaudpropshortcut.exe] "SunJavaUpdateSched"="J:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "SoundMan"="SOUNDMAN.EXE" [2004-11-02 15:53 77824 J:\WINDOWS\SOUNDMAN.EXE] "AlcWzrd"="ALCWZRD.EXE" [2004-11-29 15:00 2748928 J:\WINDOWS\ALCWZRD.EXE] "NvCplDaemon"="J:\WINDOWS\system32\NvCpl.dll" [2004-09-20 15:09 4583424] "nwiz"="nwiz.exe" [2004-09-20 15:09 921600 J:\WINDOWS\system32\nwiz.exe] "NeroFilterCheck"="J:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "EPSON Stylus Photo RX420 Series"="J:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.exe" [2004-04-09 05:00 98304] "F-Secure Manager"="J:\Program Files\dna Nettiturva\Common\FSM32.exe" [2007-04-26 19:12 183208] "F-Secure TNB"="J:\Program Files\dna Nettiturva\FSGUI\TNBUtil.exe" [2007-04-26 19:10 740208] "News Service"="J:\Program Files\dna Nettiturva\FSGUI\ispnews.exe" [2005-05-31 14:45 356352] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 11:45 49152 J:\WINDOWS\KHALMNPR.Exe] "QuickTime Task"="J:\Program Files\QuickTime\qttask.exe" [2007-09-08 16:17 286720] "PWRISOVM.EXE"="J:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 02:05 200704] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="J:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 14:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "AllowLegacyWebView"= 1 (0x1) "AllowUnhashedWebView"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "J:\\games\\LucasArts\\Star Wars Battlefront II\\GameData\\BattlefrontII.exe"= "J:\\games\\Battlefield 2\\BF2.exe"= "J:\\Program Files\\uTorrent\\utorrent.exe"= "J:\\Program Files\\eMule\\emule.exe"= "J:\\Program Files\\Messenger\\msmsgs.exe"= "J:\\Program Files\\The All-Seeing Eye\\eye.exe"= "J:\\games\\Valve\\Steam\\SteamApps\\an_tero\\counter-strike\\hl.exe"= "J:\\games\\Valve\\Steam\\SteamApps\\an_tero\\condition zero\\hl.exe"= "J:\\games\\Valve\\Steam\\SteamApps\\an_tero\\counter-strike source\\hl2.exe"= "J:\\games\\Valve\\Steam\\SteamApps\\an_tero\\day of defeat\\hl.exe"= "J:\\Program Files\\Vietcong MP demo\\vietcong.exe"= "J:\\WINDOWS\\system32\\dpnsvr.exe"= "J:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"= "J:\\Program Files\\VentSrv\\ventrilo_srv.exe"= "C:\\Program Files\\VentriloMIX\\VentriloMIX.exe"= "J:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "J:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "J:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCPxpsp2res.dll,-22009 "26575:TCP"= 26575:TCP:BitComet 26575 TCP "26575:UDP"= 26575:UDP:BitComet 26575 UDP R0 FSFW;F-Secure Firewall Driver;J:\WINDOWS\system32\drivers\fsdfw.sys [2007-04-26 19:09] R1 F-Secure HIPS;F-Secure HIPS;J:\Program Files\dna Nettiturva\HIPS\fshs.sys [2008-02-13 17:11] R2 nvcap;nVidia WDM Video Capture (universal);J:\WINDOWS\system32\DRIVERS\nvcap.sys [2004-09-20 08:59] R2 NVXBAR;nVidia WDM A/V Crossbar;J:\WINDOWS\system32\DRIVERS\NVxbar.sys [2004-09-20 08:59] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;J:\Program Files\dna Nettiturva\Anti-Virus\minifilter\fsgk.sys [2007-04-26 19:07] S4 F-Secure Filter;F-Secure File System Filter;J:\Program Files\dna Nettiturva\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 19:08] S4 F-Secure Recognizer;F-Secure File System Recognizer;J:\Program Files\dna Nettiturva\Anti-Virus\Win2K\FSrec.sys [2007-04-26 19:08] . 'Ajoitetut tehtävät'-kansion sisältö "2008-03-01 20:01:20 J:\WINDOWS\Tasks\Scheduled scanning task.job" - J:\PROGRA~1\DNANET~1\ANTI-V~1\fsav.exeQ /HARD /POLICY /SCHED /NOBREAK /REPORT=J:\PROGRA~1\DNANET~1\ANTI-V~1\report.txt . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-01 22:05:43 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: J:\WINDOWS\explorer.exe [6.00.2900.3156] -> J:\Program Files\Logitech\SetPoint\GameHook.dll . ------------------------ Other Running Processes ------------------------ . J:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe J:\WINDOWS\system32\CTsvcCDA.exe J:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe J:\Program Files\dna Nettiturva\Common\FSMA32.EXE J:\Program Files\dna Nettiturva\Anti-Virus\FSGK32.EXE J:\Program Files\dna Nettiturva\Common\FSMB32.EXE J:\WINDOWS\system32\nvsvc32.exe J:\WINDOWS\system32\PnkBstrA.exe J:\Program Files\dna Nettiturva\Common\FCH32.EXE J:\Program Files\Windows Media Player\WMPNetwk.exe J:\Program Files\dna Nettiturva\Anti-Virus\fsqh.exe J:\Program Files\dna Nettiturva\Common\FAMEH32.EXE J:\Program Files\dna Nettiturva\FSGUI\fsguidll.exe J:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe J:\Program Files\Logitech\SetPoint\SetPoint.exe J:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE J:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe J:\Program Files\Last.fm\LastFMHelper.exe J:\Program Files\dna Nettiturva\Anti-Virus\fssm32.exe J:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe J:\Program Files\dna Nettiturva\FSAUA\program\fsus.exe J:\Program Files\dna Nettiturva\Anti-Virus\fsav32.exe . ************************************************************************** . Completion time: 2008-03-01 22:10:21 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-01 20:10:15 . 2008-02-13 14:00:01 --- E O F ---
Poista toi versio Trend Micro HijackThis v2.0.0 (BETA) Ota uusi versio Lataa TÄSTÄ HJTInstall.exe * Tallenna HJTInstall.exe työpöydällesi. * Tuplaklikkaa HJTInstall.exe-kuvaketta työpöydälläsi. * Oletuksena se asentaa itsensä hakemistoon C:\Program Files\Trend Micro\HijackThis. * Klikkaa Install. * Asennusohjelma luo HijackThis-kuvakkeen työpöydälle. * Kun asennus on valmis, se käynnistää HijackThisin. * Klikkaa Do a system scan and save a logfile-painiketta. Ohjelma aloittaa skannauksen ja lokin pitäisi avautua Muistioon. * Klikkaa ensin "Muokkaa > Valitse kaikki" sitten "Muokkaa > Kopioi" kopioidaksesi koko lokin sisällön. * Liitä lokin sisältö seuraavaan vastaukseesi. * ÄLÄ käytä Analyse This-nappulaa, sen löydöt ovat vaarallisia väärinymmärrettyinä. * ÄLÄ fixaa HijackThis-ohjelmalla vielä mitään. Suurin osa sen löydöistä ovat joko harmittomia tai jopa tarpeellisia. ============ Uudelleen nimeäminen 1. Klikkaa hiiren oikealla painikkeella HijackThis ikonia. 2. Valitse Uudelleennineä/ Rename. 3. Kirjoita scanner.exe
Tässäpä tämä on. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 0:19:51, on 2.3.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: J:\WINDOWS\System32\smss.exe J:\WINDOWS\system32\winlogon.exe J:\WINDOWS\system32\services.exe J:\WINDOWS\system32\lsass.exe J:\WINDOWS\system32\svchost.exe J:\WINDOWS\System32\svchost.exe J:\WINDOWS\system32\spoolsv.exe J:\WINDOWS\Explorer.EXE J:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe J:\WINDOWS\system32\CTsvcCDA.exe J:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe J:\Program Files\dna Nettiturva\Common\FSMA32.EXE J:\Program Files\dna Nettiturva\Anti-Virus\FSGK32.EXE J:\WINDOWS\System32\svchost.exe J:\Program Files\dna Nettiturva\Common\FSMB32.EXE J:\WINDOWS\system32\nvsvc32.exe J:\WINDOWS\system32\PnkBstrA.exe J:\WINDOWS\system32\slserv.exe J:\WINDOWS\system32\svchost.exe J:\Program Files\dna Nettiturva\Common\FCH32.EXE J:\Program Files\dna Nettiturva\Anti-Virus\fssm32.exe J:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe J:\Program Files\dna Nettiturva\Common\FAMEH32.EXE J:\Program Files\dna Nettiturva\Anti-Virus\fsqh.exe J:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe J:\Program Files\dna Nettiturva\FSAUA\program\fsus.exe J:\Program Files\dna Nettiturva\Anti-Virus\fsav32.exe J:\WINDOWS\SOUNDMAN.EXE J:\WINDOWS\ALCWZRD.EXE J:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE J:\Program Files\dna Nettiturva\Common\FSM32.EXE J:\Program Files\dna Nettiturva\FSGUI\ispnews.exe J:\Program Files\dna Nettiturva\FSGUI\fsguidll.exe J:\Program Files\PowerISO\PWRISOVM.EXE J:\Program Files\Windows Live\Messenger\msnmsgr.exe J:\WINDOWS\system32\wuauclt.exe J:\Program Files\Logitech\SetPoint\SetPoint.exe J:\Program Files\Last.fm\LastFMHelper.exe J:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE J:\Program Files\Windows Live\Messenger\usnsvc.exe J:\Program Files\Last.fm\LastFM.exe J:\Program Files\Java\jre1.6.0_03\bin\jusched.exe J:\Program Files\Mozilla Firefox\firefox.exe J:\WINDOWS\system32\NOTEPAD.EXE J:\WINDOWS\system32\NOTEPAD.EXE J:\Program Files\Trend Micro\HijackThis\scanner.exe.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - J:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - J:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - J:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [High Definition Audio -ominaisuussivun pikakuvake] HDAudPropShortcut.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE J:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] J:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] J:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420" O4 - HKLM\..\Run: [F-Secure Manager] "J:\Program Files\dna Nettiturva\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "J:\Program Files\dna Nettiturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [News Service] "J:\Program Files\dna Nettiturva\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [QuickTime Task] "J:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PWRISOVM.EXE] J:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "J:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [msnmsgr] "J:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = J:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Last.fm Helper.lnk = J:\Program Files\Last.fm\LastFMHelper.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = J:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = J:\Program Files\Logitech\SetPoint\SetPoint.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - J:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - J:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - J:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - J:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - J:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - J:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - J:\Program Files\dna Nettiturva\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - J:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - J:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - J:\WINDOWS\system32\PnkBstrA.exe O23 - Service: SmartLinkService (SLService) - - J:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 7489 bytes
Joo, nyt netti toimii moitteettomasti, ei tule mitään mainos ikkunoita ja jokaiselle sivulle pääsee hyvin. Konekkaan ei "jäätyile" nyt niin paljoa kuin ennen. Kiitos avusta!
