Mikä on Delf.DSX ?

Yritin poistaa Eset Nod32 viruksenpoisto-ohjelmalla oheisen kohteen. Oheisena ilmoitus yrityksestä:

C:\Windows\System32\ndt2.sys - a variant of Win32/TrojanDownloader.Delf.DSX trojan - error while deleting (Access denied)

Mitä tarkoittaa?

 

Rootkitti taitaa olla elikkäs koitetaan poistaa.

Lataa ja tallenna Blacklight työpöydällesi;

Tupla-klikkaa fsbl.exe, hyväksy sopimus, klikkaa > Scan, sitten > Next

Näet listan kaikesta mitä löytyi. Työpöydällesi myös ilmestyy loki jonka nimi on fsbl.xxxxxxx.log (xxxxxxx;n tilalla on luultavimmin numeroita).

Kopioi ja liitä tämä loki seuraavaan vastaukseesi. Älä valitse "Rename" optiota vielä! Haluamme nähdä login ensin, koska hyviä tiedostoja saattaa olla mukana, kuten "wbemtest.exe".

 

Oheista tuli:

07/10/08 15:58:12 [Info]: BlackLight Engine 1.0.70 initialized
07/10/08 15:58:12 [Info]: OS: 6.0 build 6001 (Service Pack 1)
07/10/08 15:58:12 [Note]: 7019 4
07/10/08 15:58:12 [Note]: 7005 0
07/10/08 15:58:21 [Note]: 7006 0
07/10/08 15:58:21 [Note]: 7027 0
07/10/08 15:58:21 [Note]: 7035 0
07/10/08 15:58:21 [Note]: 7026 0
07/10/08 15:58:21 [Note]: 7026 0
07/10/08 15:58:23 [Note]: FSRAW library version 1.7.1024
07/10/08 15:59:00 [Note]: 4015 4121
07/10/08 15:59:00 [Note]: 4027 4121 1769472
07/10/08 15:59:00 [Note]: 4020 3987 2686976
07/10/08 15:59:00 [Note]: 4022 3987
07/10/08 15:59:32 [Note]: 4015 31541
07/10/08 15:59:32 [Note]: 4027 31541 589824
07/10/08 15:59:32 [Note]: 4020 29995 163184640
07/10/08 15:59:32 [Note]: 4018 29995 163184640
07/10/08 16:05:04 [Note]: 7007 0

 

eipä löytänyt mitään mutta jatketaan.


Lataa Malwarebytes' Anti-Malware työpöydällesi.

* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Suorita täysi tarkistus ja klikkaa Tarkista.
* Kun skanni on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Poista valitut.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.

 

Täsä eka:

Malwarebytes' Anti-Malware 1.20
Tietokantaversio: 938
Windows 6.0.6001 Service Pack 1

16:13:52 11.7.2008
mbam-log-7-11-2008 (16-13-52).txt

Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 133046
Kulunut aika: 26 minute(s), 42 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 1
Saastuneita tiedostoja: 3

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
C:\Program Files\Live_TV (Adware.Agent) -> Quarantined and deleted successfully.

Saastuneita tiedostoja:
C:\Windows\System32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drmgs.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\ndt2.sys (Rootkit.Agent) -> Quarantined and deleted successfully.


Tässä toka:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:15:24, on 11.7.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nero\Nero PhotoShow 4\data\Xtras\mssysmgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\Win2k\TWCU.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mtv3.fi/ks/20080101.shtml
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_S61CE.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\Win2k\TWCU.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Latauslinkki käyttäen Mega Manageria... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O20 - AppInit_DLLs:
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

--
End of file - 6612 bytes

 

Hyvältä näyttää skannataan viellä f-Securen online skannerilla.

Tarkista koneesi F-Securen online skannerilla

Huom, skanneri toimii vain Internet Explorer selaimella

* Lue sivun ohjeet huolella läpi
* Klikkaa Start scanning
* Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
* Klikkaa Accept
* Klikkaa Custom Scan
* Säädä asetukset seuraavasti

o "Virus Scan Option" kohdasta valitse Scan whole system
o "Other Scan Option" kohdasta valitse Scan All Files
o Valitse Scan whole system for rootkits
o Valitse Scan whole system for spyware
o Laita ruksi kohtaan Scan inside archives
o Varmista että Use advanced heuristics on valittuna

* Klikkaa Start
* Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
* Odota kärsivällisesti
* Kun sakannaus on suoritettu, klikkaa Automatic cleaning
* Klikkaa Show Report
* Raportti aukeaa selaimessa, kopioi teksti kokonaan
* Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
* Voit sulkea skannerin
* Lähetä raportti viestiketjuusi

 

Scanning Report
Friday, July 11, 2008 18:39:54 - 21:55:21
Computer name: KOTI-PC
Scanning type: Scan system for malware, rootkits
Target: C:\


--------------------------------------------------------------------------------

Result: 1 malware found
Tracking Cookie (spyware)
System

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 422002
System: 3800
Not scanned: 595
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 1
Submitted: 0
Files not scanned:
�\

 

Puhtaalta näyttää
Mutta skannataan viellä kaspersky online skannerilla.

Skannaa koneesi Kaspersky Online Skannerilla

* Lue läpi vaatimukset ja yksityisyyssäännökset ja klikkaa Accept.
* Skannerin ja virustietokannan lataus alkaa. Sinulta kysytään sallitko Kasperskyltä tulevan ohjelman asentamisen. Klikkaa Aja/Run.
* Kun lataus on valmis, klikkaa Settings.
* Varmistu, että seuraavat kohdat on valittu. Jos ne eivät ole, valitse ne ja klikkaa Save:
Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases
* Klikkaa Oma Tietokone, My Computer Scan-kohdan alapuolelta.
* Kun tarkistus on valmis, tulokset näytetään. Klikkaa View Scan Report.
* Näet listan saastuneista kohteista. Klikkaa Save Report As....
* Tallenna tiedosto työpöydällesi. Muuta Tiedostotyyppi/Files of type muotoon Tekstitiedosto/Text file(.txt) ennen kuin klikkaat Save.
* Kopioi ja liitä tiedoston sisältö seuraavaan vastaukseesi uuden HijackThis-lokin kera

 

Ei laske tätä konetta Kaspersky online skanneriin tai Kasperskyn kotisivulle. Liekkö palomuuri estää?

 

Hmm.. voi olla että estää koitas sammuttaa se palomuuri ja sitten mennä tuonne kaspersky sivuille.

 

Latasin Kaspersky Anti-virus 7.0 trial-version, päivitin tietokannan ja skannasin huomioiden ohjeesi.
Otin Events välilehdeltä oheisen:

12.7.2008 15:15:52 You are advised to perform a full computer scan as soon as possible.
12.7.2008 15:15:52 Database is out of date, leaving your computer at risk of infection. Please update your database.
12.7.2008 15:15:52 Protection of your computer is enabled.
12.7.2008 15:20:44 Database is out of date, leaving your computer at risk of infection. Please update your database.
12.7.2008 15:27:08 Protection of your computer is not running. You are advised to resume protection.
12.7.2008 15:33:16 You are advised to perform a full computer scan as soon as possible.
12.7.2008 15:33:16 Database is out of date, leaving your computer at risk of infection. Please update your database.
12.7.2008 15:33:16 Protection of your computer is enabled.
12.7.2008 15:35:54 Please restart your computer to complete the installation of new or updated protection components.
12.7.2008 15:35:58 Please restart your computer to complete the installation of new or updated protection components.
12.7.2008 15:35:58 Update completed successfully
12.7.2008 15:36:25 Protection of your computer is not running. You are advised to resume protection.
12.7.2008 15:38:11 You are advised to perform a full computer scan as soon as possible.
12.7.2008 15:38:12 Protection of your computer is enabled.
12.7.2008 15:42:16 Protection of your computer is not running. You are advised to resume protection.
12.7.2008 15:43:40 You are advised to perform a full computer scan as soon as possible.
12.7.2008 15:43:40 Protection of your computer is enabled.
12.7.2008 15:51:58 Protection of your computer is not running. You are advised to resume protection.
12.7.2008 15:52:20 You are advised to perform a full computer scan as soon as possible.
12.7.2008 15:52:21 Protection of your computer is enabled.
12.7.2008 16:13:26 File C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts.zip/sbRecovery.reg: is password protected.
12.7.2008 16:13:26 File C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts.zip/sbRecovery.ini: is password protected.
12.7.2008 16:13:26 File C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts1.zip/sbRecovery.reg: is password protected.
12.7.2008 16:13:26 File C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts1.zip/sbRecovery.ini: is password protected.
12.7.2008 16:13:26 File C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts2.zip/sbRecovery.reg: is password protected.
12.7.2008 16:13:26 File C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts2.zip/sbRecovery.ini: is password protected.
12.7.2008 16:13:26 File C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts3.zip/sbRecovery.reg: is password protected.
12.7.2008 16:13:26 File C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts3.zip/sbRecovery.ini: is password protected.
12.7.2008 16:13:26 File C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts4.zip/sbRecovery.reg: is password protected.
12.7.2008 16:13:26 File C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts4.zip/sbRecovery.ini: is password protected.
12.7.2008 16:13:26 File C:\ProgramData\Spybot - Search & Destroy\Recovery\RegistryHelper.zip/sbRecovery.reg: is password protected.
12.7.2008 16:13:26 File C:\ProgramData\Spybot - Search & Destroy\Recovery\RegistryHelper.zip/sbRecovery.ini: is password protected.
12.7.2008 16:13:26 File C:\ProgramData\Spybot - Search & Destroy\Recovery\RegistryHelper1.zip/sbRecovery.reg: is password protected.
12.7.2008 16:13:26 File C:\ProgramData\Spybot - Search & Destroy\Recovery\RegistryHelper1.zip/sbRecovery.ini: is password protected.
12.7.2008 16:13:26 File C:\ProgramData\Spybot - Search & Destroy\Recovery\RegistryHelper2.zip/ProgramData/Spybot - Search & Destroy/Recovery/sbRecovery.ini: is password protected.
12.7.2008 16:13:26 File C:\ProgramData\Spybot - Search & Destroy\Recovery\RegistryHelper3.zip/sbRecovery.reg: is password protected.
12.7.2008 16:13:26 File C:\ProgramData\Spybot - Search & Destroy\Recovery\RegistryHelper3.zip/sbRecovery.ini: is password protected.
12.7.2008 16:13:26 File C:\ProgramData\Spybot - Search & Destroy\Recovery\RegistryHelper4.zip/sbRecovery.reg: is password protected.
12.7.2008 16:13:26 File C:\ProgramData\Spybot - Search & Destroy\Recovery\RegistryHelper4.zip/sbRecovery.ini: is password protected.
12.7.2008 16:13:26 File C:\ProgramData\Spybot - Search & Destroy\Recovery\RegistryHelper5.zip/ProgramData/Spybot - Search & Destroy/Recovery/sbRecovery.ini: is password protected.
12.7.2008 16:13:26 File C:\ProgramData\Spybot - Search & Destroy\Recovery\RegistryHelper6.zip/sbRecovery.reg: is password protected.
12.7.2008 16:13:27 File C:\ProgramData\Spybot - Search & Destroy\Recovery\RegistryHelper6.zip/sbRecovery.ini: is password protected.
12.7.2008 16:13:27 File C:\ProgramData\Spybot - Search & Destroy\Recovery\RegistryHelper7.zip/sbRecovery.reg: is password protected.
12.7.2008 16:13:27 File C:\ProgramData\Spybot - Search & Destroy\Recovery\RegistryHelper7.zip/sbRecovery.ini: is password protected.
12.7.2008 16:13:27 File C:\ProgramData\Spybot - Search & Destroy\Recovery\RegistryHelper8.zip/ProgramData/Spybot - Search & Destroy/Recovery/sbRecovery.ini: is password protected.
12.7.2008 16:13:31 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\FunWebProducts.zip/sbRecovery.reg: is password protected.
12.7.2008 16:13:31 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\FunWebProducts.zip/sbRecovery.ini: is password protected.
12.7.2008 16:13:31 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\FunWebProducts1.zip/sbRecovery.reg: is password protected.
12.7.2008 16:13:31 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\FunWebProducts1.zip/sbRecovery.ini: is password protected.
12.7.2008 16:13:31 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\FunWebProducts2.zip/sbRecovery.reg: is password protected.
12.7.2008 16:13:31 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\FunWebProducts2.zip/sbRecovery.ini: is password protected.
12.7.2008 16:13:31 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\FunWebProducts3.zip/sbRecovery.reg: is password protected.
12.7.2008 16:13:31 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\FunWebProducts3.zip/sbRecovery.ini: is password protected.
12.7.2008 16:13:31 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\FunWebProducts4.zip/sbRecovery.reg: is password protected.
12.7.2008 16:13:31 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\FunWebProducts4.zip/sbRecovery.ini: is password protected.
12.7.2008 16:13:31 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\RegistryHelper.zip/sbRecovery.reg: is password protected.
12.7.2008 16:13:31 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\RegistryHelper.zip/sbRecovery.ini: is password protected.
12.7.2008 16:13:31 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\RegistryHelper1.zip/sbRecovery.reg: is password protected.
12.7.2008 16:13:31 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\RegistryHelper1.zip/sbRecovery.ini: is password protected.
12.7.2008 16:13:31 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\RegistryHelper2.zip/ProgramData/Spybot - Search & Destroy/Recovery/sbRecovery.ini: is password protected.
12.7.2008 16:13:31 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\RegistryHelper3.zip/sbRecovery.reg: is password protected.
12.7.2008 16:13:31 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\RegistryHelper3.zip/sbRecovery.ini: is password protected.
12.7.2008 16:13:31 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\RegistryHelper4.zip/sbRecovery.reg: is password protected.
12.7.2008 16:13:31 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\RegistryHelper4.zip/sbRecovery.ini: is password protected.
12.7.2008 16:13:31 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\RegistryHelper5.zip/ProgramData/Spybot - Search & Destroy/Recovery/sbRecovery.ini: is password protected.
12.7.2008 16:13:31 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\RegistryHelper6.zip/sbRecovery.reg: is password protected.
12.7.2008 16:13:31 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\RegistryHelper6.zip/sbRecovery.ini: is password protected.
12.7.2008 16:13:31 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\RegistryHelper7.zip/sbRecovery.reg: is password protected.
12.7.2008 16:13:31 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\RegistryHelper7.zip/sbRecovery.ini: is password protected.
12.7.2008 16:13:31 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\RegistryHelper8.zip/ProgramData/Spybot - Search & Destroy/Recovery/sbRecovery.ini: is password protected.
12.7.2008 16:31:08 Protection of your computer is not running. You are advised to resume protection.
12.7.2008 16:31:33 You are advised to perform a full computer scan as soon as possible.
12.7.2008 16:31:33 Protection of your computer is enabled.
12.7.2008 16:31:44 Protection of your computer is not running. You are advised to resume protection.
12.7.2008 16:35:34 You are advised to perform a full computer scan as soon as possible.
12.7.2008 16:35:34 Protection of your computer is enabled.
12.7.2008 16:38:23 Protection of your computer is not running. You are advised to resume protection.
12.7.2008 16:39:49 You are advised to perform a full computer scan as soon as possible.
12.7.2008 16:39:49 Protection of your computer is enabled.
12.7.2008 16:43:51 File C:\Downloads\SmitfraudFix\Reboot.exe: detected: riskware 'not-a-virus:RiskTool.Win32.Reboot.f'.
12.7.2008 16:43:51 Security threats have been detected. You are advised to neutralize them immediately.
12.7.2008 16:43:51 File C:\Downloads\SmitfraudFix\Reboot.exe: is still infected, postponed.
12.7.2008 16:44:13 File C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts.zip/sbRecovery.reg: is password protected.
12.7.2008 16:44:13 File C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts.zip/sbRecovery.ini: is password protected.
12.7.2008 16:44:13 File C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts1.zip/sbRecovery.reg: is password protected.
12.7.2008 16:44:13 File C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts1.zip/sbRecovery.ini: is password protected.
12.7.2008 16:44:13 File C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts2.zip/sbRecovery.reg: is password protected.
12.7.2008 16:44:13 File C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts2.zip/sbRecovery.ini: is password protected.
12.7.2008 16:44:13 File C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts3.zip/sbRecovery.reg: is password protected.
12.7.2008 16:44:13 File C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts3.zip/sbRecovery.ini: is password protected.
12.7.2008 16:44:13 File C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts4.zip/sbRecovery.reg: is password protected.
12.7.2008 16:44:13 File C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts4.zip/sbRecovery.ini: is password protected.
12.7.2008 16:44:13 File C:\ProgramData\Spybot - Search & Destroy\Recovery\RegistryHelper.zip/sbRecovery.reg: is password protected.
12.7.2008 16:44:13 File C:\ProgramData\Spybot - Search & Destroy\Recovery\RegistryHelper.zip/sbRecovery.ini: is password protected.
12.7.2008 16:44:13 File C:\ProgramData\Spybot - Search & Destroy\Recovery\RegistryHelper1.zip/sbRecovery.reg: is password protected.
12.7.2008 16:44:13 File C:\ProgramData\Spybot - Search & Destroy\Recovery\RegistryHelper1.zip/sbRecovery.ini: is password protected.
12.7.2008 16:44:13 File C:\ProgramData\Spybot - Search & Destroy\Recovery\RegistryHelper2.zip/ProgramData/Spybot - Search & Destroy/Recovery/sbRecovery.ini: is password protected.
12.7.2008 16:44:13 File C:\ProgramData\Spybot - Search & Destroy\Recovery\RegistryHelper3.zip/sbRecovery.reg: is password protected.
12.7.2008 16:44:13 File C:\ProgramData\Spybot - Search & Destroy\Recovery\RegistryHelper3.zip/sbRecovery.ini: is password protected.
12.7.2008 16:44:13 File C:\ProgramData\Spybot - Search & Destroy\Recovery\RegistryHelper4.zip/sbRecovery.reg: is password protected.
12.7.2008 16:44:13 File C:\ProgramData\Spybot - Search & Destroy\Recovery\RegistryHelper4.zip/sbRecovery.ini: is password protected.
12.7.2008 16:44:13 File C:\ProgramData\Spybot - Search & Destroy\Recovery\RegistryHelper5.zip/ProgramData/Spybot - Search & Destroy/Recovery/sbRecovery.ini: is password protected.
12.7.2008 16:44:13 File C:\ProgramData\Spybot - Search & Destroy\Recovery\RegistryHelper6.zip/sbRecovery.reg: is password protected.
12.7.2008 16:44:13 File C:\ProgramData\Spybot - Search & Destroy\Recovery\RegistryHelper6.zip/sbRecovery.ini: is password protected.
12.7.2008 16:44:13 File C:\ProgramData\Spybot - Search & Destroy\Recovery\RegistryHelper7.zip/sbRecovery.reg: is password protected.
12.7.2008 16:44:13 File C:\ProgramData\Spybot - Search & Destroy\Recovery\RegistryHelper7.zip/sbRecovery.ini: is password protected.
12.7.2008 16:44:13 File C:\ProgramData\Spybot - Search & Destroy\Recovery\RegistryHelper8.zip/ProgramData/Spybot - Search & Destroy/Recovery/sbRecovery.ini: is password protected.
12.7.2008 16:44:22 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\FunWebProducts.zip/sbRecovery.reg: is password protected.
12.7.2008 16:44:22 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\FunWebProducts.zip/sbRecovery.ini: is password protected.
12.7.2008 16:44:22 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\FunWebProducts1.zip/sbRecovery.reg: is password protected.
12.7.2008 16:44:22 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\FunWebProducts1.zip/sbRecovery.ini: is password protected.
12.7.2008 16:44:22 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\FunWebProducts2.zip/sbRecovery.reg: is password protected.
12.7.2008 16:44:22 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\FunWebProducts2.zip/sbRecovery.ini: is password protected.
12.7.2008 16:44:22 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\FunWebProducts3.zip/sbRecovery.reg: is password protected.
12.7.2008 16:44:22 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\FunWebProducts3.zip/sbRecovery.ini: is password protected.
12.7.2008 16:44:22 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\FunWebProducts4.zip/sbRecovery.reg: is password protected.
12.7.2008 16:44:22 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\FunWebProducts4.zip/sbRecovery.ini: is password protected.
12.7.2008 16:44:22 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\RegistryHelper.zip/sbRecovery.reg: is password protected.
12.7.2008 16:44:22 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\RegistryHelper.zip/sbRecovery.ini: is password protected.
12.7.2008 16:44:22 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\RegistryHelper1.zip/sbRecovery.reg: is password protected.
12.7.2008 16:44:22 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\RegistryHelper1.zip/sbRecovery.ini: is password protected.
12.7.2008 16:44:22 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\RegistryHelper2.zip/ProgramData/Spybot - Search & Destroy/Recovery/sbRecovery.ini: is password protected.
12.7.2008 16:44:22 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\RegistryHelper3.zip/sbRecovery.reg: is password protected.
12.7.2008 16:44:22 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\RegistryHelper3.zip/sbRecovery.ini: is password protected.
12.7.2008 16:44:22 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\RegistryHelper4.zip/sbRecovery.reg: is password protected.
12.7.2008 16:44:22 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\RegistryHelper4.zip/sbRecovery.ini: is password protected.
12.7.2008 16:44:22 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\RegistryHelper5.zip/ProgramData/Spybot - Search & Destroy/Recovery/sbRecovery.ini: is password protected.
12.7.2008 16:44:22 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\RegistryHelper6.zip/sbRecovery.reg: is password protected.
12.7.2008 16:44:22 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\RegistryHelper6.zip/sbRecovery.ini: is password protected.
12.7.2008 16:44:22 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\RegistryHelper7.zip/sbRecovery.reg: is password protected.
12.7.2008 16:44:22 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\RegistryHelper7.zip/sbRecovery.ini: is password protected.
12.7.2008 16:44:22 File C:\Users\All Users\Spybot - Search & Destroy\Recovery\RegistryHelper8.zip/ProgramData/Spybot - Search & Destroy/Recovery/sbRecovery.ini: is password protected.
12.7.2008 17:25:46 File c:\downloads\smitfraudfix\reboot.exe: detected: riskware 'not-a-virus:RiskTool.Win32.Reboot.f'.
12.7.2008 17:40:59 File c:\downloads\smitfraudfix\reboot.exe: deleted.

 

Jeps puhdasta on ei tuo löytänyt kun työkalit joita käytettiin puhdistamiseen.

Seuraavaksi poistamme kaikki käytetyt työkalut.

Lataa OTCleanIt ja tallenna se työpöydällesi.

* Tuplaklikkaa OTCleanIt.exe.
* Klikkaa CleanUp!.
* Valitse Yes kun kysytään "Begin cleanup Process?".
* Jos pyydetään, että saako koneen käynnistää uudelleen, valitse Yes.
* OTCleanIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.


Lataa CCleaner tästä

- Asennuksessa poista merkki/rasti kohdasta "asenna Yahoo! toolbar/työkalupalkki".
- Asennuksen jälkeen aukaise CCleaner.
- Valitse vasemmalta pystyrivistä Options.
- Valitse viereisestä pystyrivistä Settings.
- Language kohtaan valitse Suomi.

- Käynnistä CCleaner.
- Valitse Valinnat.
- Paina Lisäasetukset.
- Ota ruksi pois kohdasta "Poista vain yli 48 tuntia vanhat tiedostot Windowsin tilapäiskansioista".

Puhdistaja

- Valitse vasemmalta pystyrivistä Puhdistaja.
- Paina alhaalta Tutki.
Nyt CCleaner tutkii, mitä voidaan poistaa (tempit, cookiessit jne.).
- Kun tutkiminen on valmis, paina Aja CCleaner.
Nyt CCleaner poistaa löydetyt tempit, cookiessit jne.

Rekisterin virheiden korjaus

- Valitse vasemmalta pystyrivistä Rekisteri.
- Paina alhaalta Etsi rekisterin virheitä.
- Kun etsintä on valmis ja olet varma, että haluat korjata ne rivit jotka ovat merkattuja, niin paina Korjaa valitut rekisterin virheet.
- Sinulta kysytään "haluatko varmuuskopioida muutokset rekisteriin", paina Kyllä. Tallenna varmuuskopio vaikka "Omat tiedostot" -kansioon.
- Klikkaa uudesta aukeavasta ikkunasta Korjaa kaikki valitut virheet.
- Saat vielä varmistus kysymyksen, paina Ok.
- Kun virheet on korjattu, paina Sulje.

Nyt voit suljea CCleanerin painamalla oikealta ylhäältä punaista rastia.

 

Kiitokset perusteellisesta oppitunnista mestarille. Poistin Windowsin(Vista 32-bit.) oman palomuurin käytöstä, koska näyttää haittaavan ohjelmien käyttöä. Mitä ehdotat koneelle palomuuriohjelmaksi ja virustorjuntaan. Ei haittaisi, jos olisivat helppokäyttöisiä eikä juotuisi maksamaan kovinkaan

 

Avast! + Zonealarm free on loistava yhdistelmä itsellä käytössä ja helppokäyttöisiä molemmat