Kone jumittaa ja paljon

Mitenhä tälläsiä vikoja sais korjattuu koneesta:
Troijalaisia on kymmeniä (Ei voi poistaa)
Kone jumashtaa äly herkästi eikä auta muu kuin RESET:in painaminen
Kone on älyttömän hidas

Epäilen että viirukset täyttää puolet 39Gt C: asemasta, koska olen poistanut paljon ohjelmia ja tuntuu kuin asemasta ei olisi poistunut mitään.

ja D: asemakin on lähes täynnä varmaan neljäs osa viiruksien täyttämää.
Kannattaisiko kone formatoida? Jos kyllä, niin kuinka saisin talteen esim. kuvat ja pelien talletukset.
Kaiken muun vois poistaa ja asentaa uudelleen koko XP:n
Mutta kuinka 2 aseman formatointi tapahtuu? Ja XP:n uudelleen asennus?

 

ei konettasi välttämättä tartte formatoida haeppa hijackthis ohjelma ja asenna se C:\hjt

tutki kone ja lähetä logi tänne.

niin katotaan mitä koneesi sisältää.

p.s jos koneesi tarttisi formatoida niin tallennat tarvitsemasi tiedostot ihan vaan cd-levylle.

 

Ja kannattaa varmaan ajaa ihan myös perus AdAware, spybot ym. skannaukset.
Ja jos polttavaa cd-asemaa ei löydy niin kuvat ja peli-tallennukset mahtuvat varmaan korpuille/usb- muistitikulle.

 

aja myös http://koti.mbnet.fi/pattaya1/escanmwav.htm ohjeet on Suomeksi. http://www.windowsecurity.com/trojanscan/ tuo on kanssa kokeelemisen arvoinen. http://www.pandasoftware.com/products/activescan/com/activescan_principal.htm ja toi pandan online scanneri. Aja ensin toi panda ja trojanscan läpi ja sit toi escan. Kannattaa noitten jälkeen pistää tänne hjt logi.

 

Helpoimmalla ja varmimmalla tavalla pääset ongelmasta kun formatoit ja asennat XP:n uudelleen.Käynnistä kone XP:n asennuslevyllä niin se kyselee alussa mitä haluat tehdä. Valitse tuo formatointi/alustus vaihtoehto.Tuon kovon jossa ei ole XP:tä voit formatoida jo ennen XP:n uudelleen asennusta. Mene aseman kohdalle ja paina hiiren oikeaa korvaa ja valitse valikosta format/alustus.

 

Latasin tämän HijackThis:in ja tulos oli:

Logfile of HijackThis v1.99.1
Scan saved at 13:50:07, on 11.5.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\DNANET~1\backweb\4653381\Program\SERVIC~1.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
C:\Program Files\dna Nettiturva\Anti-Virus\FSGK32.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\fssm32.exe
C:\Program Files\dna Nettiturva\backweb\4653381\program\fsbwsys.exe
C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
C:\Program Files\dna Nettiturva\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\dna Nettiturva\Common\FCH32.EXE
C:\Program Files\dna Nettiturva\Common\FAMEH32.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\fsrw.exe
C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
C:\Program Files\dna Nettiturva\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\dna Nettiturva\Common\FSM32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\D-Tools\daemon.exe
D:\MsgPlus.exe
D:\gcasServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\PROGRA~1\DNANET~1\ANTI-S~1\fsaw.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\dna Nettiturva\FSGUI\fsguidll.exe
D:\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\dna Nettiturva\backweb\4653381\Program\dna Nettiturva.exe
D:\gcasDtServ.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\connmngmntbox.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Intuwave\Shared\MROUTE~1\MROUTE~2.EXE
D:\Opera.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qlixhdmcqwjiwtjl.net/cLH...A7ythLvhZSjiF4129d5/RZMXo8aLRVmrJs9EgWX5.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\dna Nettiturva\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\dna Nettiturva\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MessengerPlus3] "D:\\MsgPlus.exe"
O4 - HKLM\..\Run: [Itch Cake Show Bin] C:\Documents and Settings\All Users\Application Data\Eq bolt itch cake\up cdrom.exe
O4 - HKLM\..\Run: [gcasServ] "D:\gcasServ.exe"
O4 - HKLM\..\Run: [ServiceLayer] C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Tsl] C:\PROGRA~1\COMMON~1\tsa\tsl.exe
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\dna Nettiturva\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] D:\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q
O4 - HKCU\..\Run: [test byte] C:\DOCUME~1\Tane\APPLIC~1\AXISRE~1\pure extra frag.exe
O4 - HKCU\..\Run: [MessengerPlus3] "D:\\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Taskmgr] C:\WINDOWS\system32\taskmge.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: dna Nettiturva.lnk = C:\Program Files\dna Nettiturva\backweb\4653381\Program\dna Nettiturva.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Office10\OSA.EXE
O4 - Global Startup: PCSuiteForNokiaN-Gage QD Detect.lnk = ?
O4 - Global Startup: PCSuiteForNokiaN-Gage QD TS.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\dna Nettiturva\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://kc.bar.need2find.com/KC/menusearch.html?p=KC
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://D:\Office10\EXCEL.EXE/3000
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\dna Nettiturva\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\dna Nettiturva\Anti-Spyware\ieshield.dll
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.altavista.fi
O15 - Trusted Zone: www.dna.fi
O15 - Trusted Zone: www.gangstawar.com
O15 - Trusted Zone: www.kiekko.tk
O15 - Trusted Zone: www.mtv3.fi
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/CursorManiaFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {5BDBD95C-1E7F-4FB1-8497-20AF879F8B68} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fi/filesharingctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1096449469078
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install2.5/Installer.exe
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: bw+0 - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E17673F7-0129-4707-AC4C-1B3828132777} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: dna Nettiturva (BackWeb Client - 4653381) - BackWeb Technologies Inc. - C:\PROGRA~1\DNANET~1\backweb\4653381\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\dna Nettiturva\backweb\4653381\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)

 

Poista Lisää/Poista sovelluksesta
New.net tai NewDotNet
MessengerPlus3
ClockSync

Merkkaa nuo HjT:ssä, sulje selain ja muut ikkunat, klikkaa FIX
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qlixhdmcqwjiwtjl.net/cLH...A7ythLvhZSjiF4129d5/RZMXo8aLRVmrJs9EgWX5.html
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [MessengerPlus3] "D:\\MsgPlus.exe"
O4 - HKLM\..\Run: [Itch Cake Show Bin] C:\Documents and Settings\All Users\Application Data\Eq bolt itch cake\up cdrom.exe
O4 - HKLM\..\Run: [Tsl] C:\PROGRA~1\COMMON~1\tsa\tsl.exe
O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q
O4 - HKCU\..\Run: [test byte] C:\DOCUME~1\Tane\APPLIC~1\AXISRE~1\pure extra frag.exe
O4 - HKCU\..\Run: [MessengerPlus3] "D:\\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Taskmgr] C:\WINDOWS\system32\taskmge.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net (näita tuskin enää näkyy)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/CursorManiaFWBInitialSetup1.0.0.8-2.cab
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
Ja vielä kaikki 018 rivit

Käynnistä vikasietotilaan ja poista nuo
C:\PROGRAMFILES\===>NEWDOTNET<===
D:\\===>MsgPlus.exe<===(MITEN TÄÄ ON OIKEIN ASENNETTU?? EI MISSÄÄN KANSIOSSA??)
C:\Documents and Settings\All Users\Application Data\===>Eq bolt itch cake<===
C:\PROGRA~1\COMMON~1\===>tsa<===
C:\Program Files\===>ClockSync<===
C:\DOCUME~1\Tane\APPLIC~1\===>AXISRE~1<===
C:\Program Files\Common Files\===>GMT<===

Normaali käynnistys, laita uusi loki.

Mahtaako tuolle GoogleToolbarille olla enää käyttöä kun IE:ssä on oma ja vielä
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\dna Nettiturva\Anti-Spyware\blockpopups.htm
Niinja onko se myös Operassakin?

 

kaikkii ei voinu poistaa (n. 3-6) mutta muut poisti kyllä.
vieläkin C. asema on ihan täynnä, jostuu varmasti ohjelmista joita oon asentanut.

 

Laita uusi logi. Liitä mukaan lista asennetuista ohjelmista.
Avaa hjt. Klikkaa Open the misc tools section -> Open uninstall manager -> Save list. Tallena Uninstall_list.txt ja sen sitten liität logiin.

 

ATI Control Panel
ATI Display Driver
ATI HydraVision
ATI-ohjelmiston poisto-ohjelma
Canon MP Drivers
Canon MP Toolbox 4.1.1.0.mp10
D:
DFX for Windows Media Player
dna Nettiturva
eMule Plus 1.1e
HijackThis 1.99.1
InstaFinderK
Java 2 Runtime Environment, SE v1.4.0_01
Java Web Start
Little Fighter 2 v1.9
Macromedia Shockwave Player
Max Payne 2
Messenger Plus! 3
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Finnish Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft AntiSpyware
Microsoft Data Access Components KB870669
Microsoft Office XP Standard
Microsoft Windows Journal Viewer
Microsoft Windows XP -käyttöjärjestelmän ohjatun CD-levylle tallentamisen HighMAT-laajennus
MSN Messenger 7.0
MSN Työkalupalkki
Napster
Napster Burn Engine
Need2Find Bar
Nero - Burning Rom
Nokia PC Connectivity SDK 3.0
PC Suite N-Gage QD -puhelimelle
PhotoImpression
PowerDVD
Päivitys Windows XP:lle (KB898461)
Realtek AC'97 Audio
Screensavers Installer
Shockwave
Shopper Reports
Suojauspäivitys Windows XP:lle (KB883939)
Suojauspäivitys Windows XP:lle (KB890046)
Suojauspäivitys Windows XP:lle (KB896358)
Suojauspäivitys Windows XP:lle (KB896422)
Suojauspäivitys Windows XP:lle (KB896428)
Suojauspäivitys Windows XP:lle (KB901214)
Suojauspäivitys Windows XP:lle (KB903235)
VIA Rhine-Family Fast Ethernet Adapter
Viewpoint Media Player (Remove Only)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
WinZip
WOW XT Plug-In for Windows Media Player (Trial)

 

Miksi tapella noiden viruksien kanssa? Itse asentaisin kaikki uusiksi ja ottaisin opikseni, F-securesta virustorjunta korkeimmalle tasolle jatkossa. Palomuuri normaaliin tilaan. Jos pystyt tallentamaan sellaiset tiedostot jotka on ainutkertaisia niin hyvä. Muut saa uudelleen netistä.

 

Poista nuo

InstaFinderK
Messenger Plus! 3 <<<???
Need2Find Bar
Screensavers Installer
Shopper Reports


On näköjään jäänyt edellisestä ohjeesta pois, eli poista tuo mutta ole tarkkana ETTET poista Taskmgr.exeä
C:\WINDOWS\system32\===>taskmge.exe<===


V-kos jatka sinä, minä lähden mokille

 

Juu-u. päätin alustaa D: ja C: aseman koska koko kone on muutenkii ihan täynna kaikkia ohjelmia. Voiko D: aseman alustaa kun painaa sitä ja valitsee "alusta"? Mutta kuinka C: asema alustetaan?

 

Eiköhan se alustu kun asennat windowsin uudestaan? ...ainakin Xp:n asennuksen alussa tapahtuu alustus, joko pikana tai perusteellinen.

 

Lainattu tuolta nimimerkki Turskan ohjeista: http://keskustelu.afterdawn.com/thread_view.cfm/205708

 

Miksi pitää edes virustorjuntaa kun ainahan voi formatoida. F-secure korkeimmalla tasolla hidastaa konetta aika mukavasti.

 

Nyt on kone formatoitu ja hyvin toimii! latasin ensimmäiseksi Zonealaramin, microsoft antiSpyvare ja Antivir- virus ohjelman. Pitäisikö koneen toimia näillä ihan hyvin?

 

[bold] Päivitä Windows. [/bold]

Asenna vielä SpywareBlaster.
http://www.javacoolsoftware.com/spywareblaster.html

Päivitä se ja klikkaa enable all protection. Kannattaa sitten tuo SpywareBlaster päivittää aina vaikka parin viikon välein, niin pysyy kone puhtaana.

Käytä selaimena Firefoxia.

Noilla pitäis pysyä kone suht puhtaana.

 

firefox? siinähän oli paljastunut tietoturva aukko?

 

Ääh. Oli ja oli, vaan ei ole enään. Montakohan aukkoa siitä IE:stä on löytynyt? Kymmenistä puhutaan, eikä se ole vieläkään mikään aukoton. IE:n suurin ongelma on juuri sitä vastaan suunnitellut virukset, ja niitä on paljon. Asenna vaan se Firefox.

http://fin.dawnload.net/verkko_ohjelmat/selaimet/firefox.cfm